| |
| |||||||
Log-Analyse und Auswertung: Avira findet Schadsoftware "SystemkService.exe", die aber nicht korrekt entfernt wirdWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.06.2014, 00:33
| #1 |
| |  Avira findet Schadsoftware "SystemkService.exe", die aber nicht korrekt entfernt wird Hallo liebe Helfer, die folgende Schadsoftware wird von meinem Virenprogramm erkannt, scheint aber von diesem nicht korrekt entfernt werden zu können. Darüber hinaus wäre ich selbstverständlich dankbar zu Hinweisen bei etwaigen weiteren Auffälligkeiten auf meinem System. Schon mal vielen Dank im Voraus für die Hilfe. Hier zunächst mal ausführliche Information aus Avira zu dem entsprechenden "Virus": Code:
ATTFilter Typ: Datei
Quelle: C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe
Status: Infiziert
Quarantäne-Objekt: 57313a45.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.18.36
Virendefinitionsdatei: 7.11.152.90
Gefunden: ADWARE/SearchSuite.c
Datum/Uhrzeit: 02.06.2014, 00:44
defogger_disable: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 01:03 on 02/06/2014 (Michel1899)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014 01
Ran by Michel1899 (administrator) on MICHEL on 02-06-2014 01:05:37
Running from C:\Users\Michel1899\Downloads
Platform: Windows 8.1 (Update 1) (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe
(Dropbox, Inc.) C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-12] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-06-03] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7830328 2013-05-21] (Motorola Solutions, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-05-05] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger]
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2013 Schnellstart.lnk
ShortcutTarget: SolidWorks 2013 Schnellstart.lnk -> C:\Windows\Installer\{B6B5EA7E-B91F-443D-A958-B0062FB53804}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\Michel1899\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll [490000 2014-05-18] ()
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll [664592 2014-05-18] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.default-search.net?sid=476&aid=122&itype=a&ver=12692&tm=295&src=hmp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM - DefaultScope {58064229-5711-4E4D-8944-2B3587376579} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {58064229-5711-4E4D-8944-2B3587376579} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=295&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {58064229-5711-4E4D-8944-2B3587376579} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {58064229-5711-4E4D-8944-2B3587376579} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=295&src=ds&p={searchTerms}
SearchScopes: HKCU - DefaultScope {58064229-5711-4E4D-8944-2B3587376579} URL =
SearchScopes: HKCU - {58064229-5711-4E4D-8944-2B3587376579} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=295&src=ds&p={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{32C9AFD3-EC4E-42BB-B031-675C2DE9F8AC}: [NameServer]193.174.193.231
FireFox:
========
FF ProfilePath: C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default
FF SearchEngineOrder.1: default-search.net
FF Homepage: hxxp://www.default-search.net?sid=476&aid=122&itype=a&ver=12692&tm=295&src=hmp
FF Keyword.URL: hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=295&src=ds&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Settings Manager - C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0} [2014-05-18]
FF Extension: PAYBACK Toolbar - C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\toolbar-ff@payback.de.xpi [2014-05-07]
FF Extension: Adblock Plus - C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-15]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-03-19]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ []
Chrome:
=======
CHR HomePage: hxxp://www.default-search.net?sid=476&aid=122&itype=a&ver=12692&tm=295&src=hmp
CHR StartupUrls: "hxxp://www.default-search.net?sid=476&aid=122&itype=a&ver=12692&tm=295&src=hmp"
CHR DefaultSearchKeyword: ask.com
CHR DefaultSearchProvider: default-search.net
CHR DefaultSearchURL: hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=295&src=ds&p={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Freemake Video Converter) - C:\Users\Michel1899\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2014-05-19]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-05-04]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [124496 2014-05-05] (Avira Operations GmbH & Co. KG)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [1127736 2013-07-01] ()
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-09-05] (Intel Corporation)
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [810808 2013-07-01] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-28] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-08-23] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2138936 2014-03-20] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3667696 2013-08-23] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2014-02-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 F06DEFF2-5B9C-490D-910F-35D3A91196222; C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg [36240 2014-05-18] (Aztec Media Inc)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [117192 2013-08-29] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-28] (Intel Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-12] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-08-12] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-02-10] (TuneUp Software)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-02 01:05 - 2014-06-02 01:05 - 00024314 _____ () C:\Users\Michel1899\Downloads\FRST.txt
2014-06-02 01:05 - 2014-06-02 01:05 - 00000000 ____D () C:\FRST
2014-06-02 01:04 - 2014-06-02 01:04 - 02067456 _____ (Farbar) C:\Users\Michel1899\Downloads\FRST64.exe
2014-06-02 01:03 - 2014-06-02 01:03 - 00000482 _____ () C:\Users\Michel1899\Downloads\defogger_disable.log
2014-06-02 01:03 - 2014-06-02 01:03 - 00000000 _____ () C:\Users\Michel1899\defogger_reenable
2014-06-02 01:02 - 2014-06-02 01:02 - 00050477 _____ () C:\Users\Michel1899\Downloads\Defogger.exe
2014-05-26 11:09 - 2014-05-26 11:09 - 00000000 ____D () C:\Poker
2014-05-26 11:06 - 2014-05-26 11:06 - 00392032 _____ (Playtech) C:\Users\Michel1899\Downloads\SetupPoker.exe
2014-05-26 08:46 - 2014-05-26 08:46 - 00000165 ____H () C:\Users\Michel1899\Desktop\~$Wetten.xlsx
2014-05-23 10:29 - 2014-05-23 10:29 - 03746544 _____ () C:\Users\Michel1899\Downloads\3540798536_.KLrechnung.zip
2014-05-23 10:24 - 2014-05-23 10:24 - 02591163 _____ () C:\Users\Michel1899\Downloads\3642118232_.Kostenmanage.zip
2014-05-21 14:29 - 2014-05-21 14:29 - 00279851 _____ () C:\Users\Michel1899\Downloads\hondekop_und_01_1075_mp3.zip
2014-05-20 10:19 - 2014-05-20 10:19 - 00000000 __SHD () C:\Users\Michel1899\AppData\Local\EmieUserList
2014-05-20 10:19 - 2014-05-20 10:19 - 00000000 __SHD () C:\Users\Michel1899\AppData\Local\EmieSiteList
2014-05-18 19:55 - 2014-06-02 00:45 - 00000000 ____D () C:\ProgramData\systemk
2014-05-17 11:28 - 2014-05-17 11:28 - 00038894 _____ () C:\Users\Michel1899\Desktop\Werte.xlsx
2014-05-16 09:33 - 2014-05-01 22:30 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-16 09:33 - 2014-05-01 22:30 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 14:29 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-05-15 14:29 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-05-15 14:28 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 14:28 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 14:28 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 14:28 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 14:28 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-05-15 14:28 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-05-15 14:28 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2014-05-15 14:28 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-05-15 14:28 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-05-15 14:28 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-05-15 14:28 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-05-15 14:28 - 2014-04-11 05:36 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-05-15 14:28 - 2014-04-11 05:24 - 13288960 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-05-15 14:28 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-05-15 14:28 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-15 14:28 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-05-15 14:28 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-15 14:28 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-05-15 14:28 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-05-15 14:28 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-05-15 14:28 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-05-15 14:28 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-05-15 14:28 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-05-15 14:28 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-05-15 14:28 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-05-15 14:28 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-05-15 14:28 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-05-15 14:28 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-05-15 14:28 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-15 14:28 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-05-15 14:28 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-05-15 14:28 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\Windows\system32\mrt_map.dll
2014-05-15 14:28 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\Windows\system32\mrt100.dll
2014-05-15 14:28 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt_map.dll
2014-05-15 14:28 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt100.dll
2014-05-15 14:28 - 2014-03-27 11:12 - 21225584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 14:28 - 2014-03-27 09:48 - 18679728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 14:28 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-15 14:28 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-05-15 14:28 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-15 12:03 - 2014-05-15 12:04 - 06030166 _____ () C:\Users\Michel1899\Downloads\ZZ_Meine Wetten_Wettforum_Neu_3_0_2.xlsx
2014-05-15 08:53 - 2014-05-24 11:14 - 00002948 _____ () C:\Windows\PFRO.log
2014-05-14 18:05 - 2014-05-26 10:54 - 05707684 _____ () C:\Users\Michel1899\Desktop\Wetten.xlsx
2014-05-13 18:06 - 2014-05-13 18:06 - 00287061 _____ () C:\Users\Michel1899\Desktop\1547151_860143427332429_1604073925_n.mp4
2014-05-12 10:42 - 2014-05-12 10:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 20:51 - 2014-05-10 20:52 - 35250808 _____ () C:\Users\Michel1899\Downloads\skylevsvw.avi
2014-05-08 19:57 - 2014-05-08 19:58 - 00827594 _____ () C:\Users\Michel1899\Desktop\10302495_1385777135001339_812349112_n.mp4
2014-05-05 22:34 - 2014-06-02 00:57 - 01653978 _____ () C:\Windows\WindowsUpdate.log
2014-05-05 17:11 - 2014-05-05 17:24 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-05 17:11 - 2014-05-05 17:11 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-05 17:11 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-05 17:11 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-05 17:11 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-05 17:07 - 2014-05-05 17:08 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Michel1899\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-05 17:05 - 2014-05-05 17:05 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-05 17:05 - 2014-05-05 17:05 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-05 17:05 - 2014-05-05 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-05 17:05 - 2014-05-05 17:05 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-05 17:04 - 2014-05-05 17:04 - 03671432 _____ (Piriform Ltd) C:\Users\Michel1899\Downloads\ccsetup413_slim.exe
2014-05-04 20:45 - 2014-05-19 19:56 - 00029696 ___SH () C:\Users\Michel1899\Downloads\Thumbs.db
2014-05-04 20:43 - 2014-05-04 20:44 - 00000004 _____ () C:\end
2014-05-04 20:43 - 2014-05-04 20:44 - 00000000 ____D () C:\Users\Michel1899\Documents\Freemake
2014-05-04 20:43 - 2014-05-04 20:44 - 00000000 ____D () C:\ProgramData\Freemake
2014-05-04 20:43 - 2014-05-04 20:43 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\OpenCandy
2014-05-04 20:43 - 2014-05-04 20:43 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2014-05-04 20:43 - 2014-05-04 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2014-05-04 20:43 - 2014-05-04 20:43 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-05-04 20:41 - 2014-05-04 20:41 - 01308144 _____ (Ellora Assets Corporation ) C:\Users\Michel1899\Downloads\FreemakeVideoConverterSetup.exe
2014-05-04 20:28 - 2014-05-04 20:28 - 20673204 _____ () C:\Users\Michel1899\Downloads\WWW.DOWNVIDS.NET-Lachyoga-Übungen.mp4
2014-05-04 18:21 - 2014-05-04 18:21 - 00471691 _____ () C:\Users\Michel1899\Downloads\zug
2014-05-04 11:46 - 2014-05-04 11:46 - 00002770 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
==================== One Month Modified Files and Folders =======
2014-06-02 01:05 - 2014-06-02 01:05 - 00024314 _____ () C:\Users\Michel1899\Downloads\FRST.txt
2014-06-02 01:05 - 2014-06-02 01:05 - 00000000 ____D () C:\FRST
2014-06-02 01:05 - 2014-02-26 08:34 - 00000000 ____D () C:\Users\Michel1899\AppData\Local\Temp
2014-06-02 01:04 - 2014-06-02 01:04 - 02067456 _____ (Farbar) C:\Users\Michel1899\Downloads\FRST64.exe
2014-06-02 01:03 - 2014-06-02 01:03 - 00000482 _____ () C:\Users\Michel1899\Downloads\defogger_disable.log
2014-06-02 01:03 - 2014-06-02 01:03 - 00000000 _____ () C:\Users\Michel1899\defogger_reenable
2014-06-02 01:03 - 2014-02-26 08:41 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1873882003-3979479213-967090690-1001
2014-06-02 01:03 - 2014-02-26 08:34 - 00000000 ____D () C:\Users\Michel1899
2014-06-02 01:02 - 2014-06-02 01:02 - 00050477 _____ () C:\Users\Michel1899\Downloads\Defogger.exe
2014-06-02 01:01 - 2014-04-13 11:32 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-02 01:00 - 2014-02-26 11:12 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\Dropbox
2014-06-02 01:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-06-02 00:59 - 2014-03-25 15:27 - 00000000 ___RD () C:\Users\Michel1899\SkyDrive
2014-06-02 00:59 - 2014-02-26 11:17 - 00000000 ___RD () C:\Users\Michel1899\Dropbox
2014-06-02 00:59 - 2014-02-26 11:16 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\DropboxMaster
2014-06-02 00:58 - 2014-04-13 11:32 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-02 00:58 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-02 00:57 - 2014-05-05 22:34 - 01653978 _____ () C:\Windows\WindowsUpdate.log
2014-06-02 00:57 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-06-02 00:47 - 2014-04-13 11:32 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-02 00:45 - 2014-05-18 19:55 - 00000000 ____D () C:\ProgramData\systemk
2014-06-02 00:17 - 2014-02-26 11:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-01 22:39 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-05-27 09:58 - 2014-03-03 16:31 - 00667648 ___SH () C:\Users\Michel1899\Desktop\Thumbs.db
2014-05-26 20:58 - 2014-04-14 15:25 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\HpUpdate
2014-05-26 11:09 - 2014-05-26 11:09 - 00000000 ____D () C:\Poker
2014-05-26 11:06 - 2014-05-26 11:06 - 00392032 _____ (Playtech) C:\Users\Michel1899\Downloads\SetupPoker.exe
2014-05-26 10:54 - 2014-05-14 18:05 - 05707684 _____ () C:\Users\Michel1899\Desktop\Wetten.xlsx
2014-05-26 08:46 - 2014-05-26 08:46 - 00000165 ____H () C:\Users\Michel1899\Desktop\~$Wetten.xlsx
2014-05-24 12:17 - 2014-03-21 10:41 - 00001084 _____ () C:\Users\Michel1899\Desktop\Dropbox.lnk
2014-05-24 12:17 - 2014-02-26 11:16 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-24 12:17 - 2014-02-26 08:35 - 00000000 ___RD () C:\Users\Michel1899\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-24 11:14 - 2014-05-15 08:53 - 00002948 _____ () C:\Windows\PFRO.log
2014-05-23 10:29 - 2014-05-23 10:29 - 03746544 _____ () C:\Users\Michel1899\Downloads\3540798536_.KLrechnung.zip
2014-05-23 10:24 - 2014-05-23 10:24 - 02591163 _____ () C:\Users\Michel1899\Downloads\3642118232_.Kostenmanage.zip
2014-05-21 14:29 - 2014-05-21 14:29 - 00279851 _____ () C:\Users\Michel1899\Downloads\hondekop_und_01_1075_mp3.zip
2014-05-20 10:19 - 2014-05-20 10:19 - 00000000 __SHD () C:\Users\Michel1899\AppData\Local\EmieUserList
2014-05-20 10:19 - 2014-05-20 10:19 - 00000000 __SHD () C:\Users\Michel1899\AppData\Local\EmieSiteList
2014-05-19 20:01 - 2014-02-26 08:35 - 00000000 ____D () C:\Users\Michel1899\AppData\Local\Packages
2014-05-19 19:56 - 2014-05-04 20:45 - 00029696 ___SH () C:\Users\Michel1899\Downloads\Thumbs.db
2014-05-18 10:26 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-05-17 11:36 - 2014-03-03 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-05-17 11:36 - 2014-03-03 19:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-17 11:28 - 2014-05-17 11:28 - 00038894 _____ () C:\Users\Michel1899\Desktop\Werte.xlsx
2014-05-16 09:34 - 2014-02-26 08:35 - 00000000 ___RD () C:\Users\Michel1899\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-15 20:39 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-05-15 20:35 - 2014-02-26 11:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 20:34 - 2014-02-26 11:18 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 20:34 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-15 19:12 - 2013-12-11 11:24 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-15 19:12 - 2013-08-23 01:24 - 00766620 _____ () C:\Windows\system32\perfh007.dat
2014-05-15 19:12 - 2013-08-23 01:24 - 00159902 _____ () C:\Windows\system32\perfc007.dat
2014-05-15 14:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-15 12:04 - 2014-05-15 12:03 - 06030166 _____ () C:\Users\Michel1899\Downloads\ZZ_Meine Wetten_Wettforum_Neu_3_0_2.xlsx
2014-05-13 20:22 - 2014-02-26 11:51 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 18:06 - 2014-05-13 18:06 - 00287061 _____ () C:\Users\Michel1899\Desktop\1547151_860143427332429_1604073925_n.mp4
2014-05-13 18:03 - 2014-02-26 11:10 - 00001155 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-05-13 18:03 - 2014-02-26 11:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-13 18:03 - 2014-02-26 11:10 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-13 18:03 - 2013-12-11 11:31 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-13 17:57 - 2014-02-26 11:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-12 10:42 - 2014-05-12 10:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 20:57 - 2014-03-29 23:59 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\vlc
2014-05-10 20:52 - 2014-05-10 20:51 - 35250808 _____ () C:\Users\Michel1899\Downloads\skylevsvw.avi
2014-05-09 00:42 - 2014-04-13 11:32 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 00:42 - 2014-04-13 11:32 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-08 19:58 - 2014-05-08 19:57 - 00827594 _____ () C:\Users\Michel1899\Desktop\10302495_1385777135001339_812349112_n.mp4
2014-05-07 15:29 - 2014-03-26 21:19 - 00000000 ____D () C:\Users\Michel1899\AppData\Local\TempSWSicherungsverzeichnis
2014-05-07 14:14 - 2014-03-26 20:21 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\SolidWorks
2014-05-06 06:40 - 2014-05-15 14:28 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:25 - 2014-05-15 14:28 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:00 - 2014-05-15 14:28 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 14:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 17:24 - 2014-05-05 17:11 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-05 17:11 - 2014-05-05 17:11 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-05 17:08 - 2014-05-05 17:07 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Michel1899\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-05 17:06 - 2014-03-19 18:40 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-05-05 17:05 - 2014-05-05 17:05 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-05 17:05 - 2014-05-05 17:05 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-05 17:05 - 2014-05-05 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-05 17:05 - 2014-05-05 17:05 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-05 17:04 - 2014-05-05 17:04 - 03671432 _____ (Piriform Ltd) C:\Users\Michel1899\Downloads\ccsetup413_slim.exe
2014-05-04 20:44 - 2014-05-04 20:43 - 00000004 _____ () C:\end
2014-05-04 20:44 - 2014-05-04 20:43 - 00000000 ____D () C:\Users\Michel1899\Documents\Freemake
2014-05-04 20:44 - 2014-05-04 20:43 - 00000000 ____D () C:\ProgramData\Freemake
2014-05-04 20:43 - 2014-05-04 20:43 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\OpenCandy
2014-05-04 20:43 - 2014-05-04 20:43 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2014-05-04 20:43 - 2014-05-04 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2014-05-04 20:43 - 2014-05-04 20:43 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-05-04 20:41 - 2014-05-04 20:41 - 01308144 _____ (Ellora Assets Corporation ) C:\Users\Michel1899\Downloads\FreemakeVideoConverterSetup.exe
2014-05-04 20:28 - 2014-05-04 20:28 - 20673204 _____ () C:\Users\Michel1899\Downloads\WWW.DOWNVIDS.NET-Lachyoga-Übungen.mp4
2014-05-04 18:21 - 2014-05-04 18:21 - 00471691 _____ () C:\Users\Michel1899\Downloads\zug
2014-05-04 11:46 - 2014-05-04 11:46 - 00002770 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2014-05-03 18:16 - 2014-02-26 08:35 - 00000000 ____D () C:\Users\Michel1899\AppData\Local\VirtualStore
Some content of TEMP:
====================
C:\Users\Michel1899\AppData\Local\Temp\avgnt.exe
C:\Users\Michel1899\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphuprej.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-19 08:54
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-06-2014 01
Ran by Michel1899 at 2014-06-02 01:06:14
Running from C:\Users\Michel1899\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{70a79d1f-686d-4d5c-962b-07aa1294eae0}) (Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.12.20002 - Avira Operations GmbH & Co. KG) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5A06C25A-366E-46CC-880E-3F904B634E9E}) (Version: - Microsoft)
Dell Custom Help (Version: 16.05.1000.0264 - Intel Corporation) Hidden
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.1 - Synaptics Incorporated)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden
Expekt Poker (HKCU\...\Expekt Poker) (Version: - )
Freemake Video Converter Version 4.1.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{9C57D227-1FE7-4F40-BD49-2BCA7761B083}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
Intel(R) PRO/Wireless Driver (Version: 16.05.1000.0574 - Intel Corporation) Hidden
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 16.5.0.0096 - Intel Corporation) Hidden
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1335.5) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® PROSet/Wireless WiFi Software (Version: 16.05.1000.0264 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft Access MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft DCF MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual Basic for Applications 7.1 (x64) (Version: 7.1.00.00 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x64) English (Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x64) German (Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: 8.0.52572 - Microsoft Corporation) Hidden
Microsoft Word MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.021 - Dell Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version: - )
SolidWorks 2013 x64 Edition SP03 (Version: 21.130.60 - SolidWorks) Hidden
SolidWorks 2013 x64 German Resources (Version: 21.130.60 - SolidWorks Corporation) Hidden
SolidWorks eDrawings 2013 x64 Edition SP03 (Version: 13.3.111 - Dassault Systèmes SolidWorks Corp) Hidden
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.275 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
Update for Microsoft Excel 2013 (KB2880475) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{4BC9BBF4-A2FB-4DBA-ABEA-5526E62E3B4D}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2880475) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUS_{4BC9BBF4-A2FB-4DBA-ABEA-5526E62E3B4D}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2880475) 64-Bit Edition (HKLM\...\{90150000-0018-0407-1000-0000000FF1CE}_Office15.PROPLUS_{4BC9BBF4-A2FB-4DBA-ABEA-5526E62E3B4D}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2880475) 64-Bit Edition (HKLM\...\{90150000-001B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{4BC9BBF4-A2FB-4DBA-ABEA-5526E62E3B4D}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2880475) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUS_{4BC9BBF4-A2FB-4DBA-ABEA-5526E62E3B4D}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{237834D6-FA98-44E1-8739-ABD56DDADC59}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2880980) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E5ADC5AD-C469-4A96-A3F7-0D4644CF54FC}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2880980) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E5ADC5AD-C469-4A96-A3F7-0D4644CF54FC}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2880980) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{E5ADC5AD-C469-4A96-A3F7-0D4644CF54FC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C4AEA56A-0759-4D08-9FAB-31A92137D0B8}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D692E9FF-84BF-4F44-A0EA-D58ECE0D538E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863825) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{327EABFD-EDD3-44E7-AB47-7592DF33B719}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863844) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{50F31E04-D56A-4159-BF36-CF3CE27DB30C}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880464) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{88B29AA5-71EE-4692-91E2-E89407F0B783}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880476) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D3FC5B59-0F86-4B9A-94DF-FC213DF4FA63}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880476) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D3FC5B59-0F86-4B9A-94DF-FC213DF4FA63}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880482) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{FB1E57CA-A425-48F5-B882-CFC0793823AE}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880482) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUS_{FB1E57CA-A425-48F5-B882-CFC0793823AE}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880482) 64-Bit Edition (HKLM\...\{90150000-0090-0407-1000-0000000FF1CE}_Office15.PROPLUS_{FB1E57CA-A425-48F5-B882-CFC0793823AE}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2880480) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{663B7CD7-32AE-4AB5-8E20-12C0FA6963D4}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2880480) 64-Bit Edition (HKLM\...\{90150000-00BA-0407-1000-0000000FF1CE}_Office15.PROPLUS_{663B7CD7-32AE-4AB5-8E20-12C0FA6963D4}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2880480) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{663B7CD7-32AE-4AB5-8E20-12C0FA6963D4}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2880480) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUS_{663B7CD7-32AE-4AB5-8E20-12C0FA6963D4}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2817628) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9367C385-2EF9-4BE3-8351-7D2AB0798A57}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2817628) 64-Bit Edition (HKLM\...\{90150000-00A1-0407-1000-0000000FF1CE}_Office15.PROPLUS_{9367C385-2EF9-4BE3-8351-7D2AB0798A57}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2817628) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9367C385-2EF9-4BE3-8351-7D2AB0798A57}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2878315) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{95F0CF54-BC3E-4C6F-B11D-89D6D8C6452E}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2878315) 64-Bit Edition (HKLM\...\{90150000-0018-0407-1000-0000000FF1CE}_Office15.PROPLUS_{95F0CF54-BC3E-4C6F-B11D-89D6D8C6452E}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2726952) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{03B2C707-503D-4979-8322-CA92C45AD6B4}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2726952) 64-Bit Edition (HKLM\...\{90150000-0019-0407-1000-0000000FF1CE}_Office15.PROPLUS_{03B2C707-503D-4979-8322-CA92C45AD6B4}) (Version: - Microsoft)
Update for Microsoft Visio 2013 (KB2837632) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{97183E08-6B06-40F1-80A9-585C4AEF98F1}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2880455) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{302A5BF1-9DB4-4204-988C-53073C15EF67}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2880455) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.PROPLUS_{302A5BF1-9DB4-4204-988C-53073C15EF67}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2880455) 64-Bit Edition (HKLM\...\{90150000-001B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{302A5BF1-9DB4-4204-988C-53073C15EF67}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2880455) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{302A5BF1-9DB4-4204-988C-53073C15EF67}) (Version: - Microsoft)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
==================== Restore Points =========================
15-05-2014 14:25:17 Windows Update
23-05-2014 13:28:37 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {00301658-0096-49F6-89F1-ADA74362C075} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {00CC6EA4-216F-4CFB-9802-051087EA2B3A} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {09F74B83-F510-4D66-A4C4-1852988C74FC} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-03-20] (TuneUp Software)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {19CED202-216F-45D2-805F-27B3C8BBBEC7} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2F5D4DA4-65B9-4740-A8C7-5E6043ADBDDE} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {35C86106-9313-41AE-B844-64C27E6D41F1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {3A372697-B083-4A27-B2A4-4C97E1A01888} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3CB9C012-69D2-4B3D-9AA8-24F51CA35214} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-13] (Google Inc.)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4A1AD8C7-B21E-47CB-9188-FE3F3C4721A8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {520C78B0-FEDA-4CD4-AE40-12E113CBCFE6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-13] (Google Inc.)
Task: {68AF5DBF-11CA-4453-AD63-933EF79FEA8C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6C88BAAB-DB4A-4712-B15E-A1E12F2E5F23} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {716C0586-2BFC-41F5-8FB5-693DB012165E} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {735F6A19-D3E4-425C-B9C1-5B63BA8C19A8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-05-15] (Microsoft Corporation)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {843648AC-DA72-4C39-8AA4-D8A09F75452F} - System32\Tasks\Auto Re-Aktivierung => C:\Windows\Re-Aktivierung\TriggerKMS.exe [2013-01-23] ()
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8C6AE141-7852-4756-B8D2-0CE95CC99F21} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {93093FA1-8575-4C7C-AAE4-9F28B4D6863A} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2010-06-09] (Hewlett-Packard)
Task: {949B7CF3-361E-44FA-8B61-C184645FBB25} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-12-21] (Adobe Systems Incorporated)
Task: {C76D663D-5781-4EDB-BAB3-5257B4D705EC} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {CB7BE466-563E-46B1-A791-EE8C7C5617AF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DB5ABAC6-228D-4DFE-9F9E-73194C03C4AE} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F1B5E62F-A439-402B-838D-8FD9FAE03E92} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {F4B5346E-5617-4673-ABCA-4AD0B536215F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-03-23 22:41 - 2014-05-18 11:50 - 00664592 _____ () C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll
2013-07-01 10:21 - 2013-07-01 10:21 - 01127736 _____ () C:\Program Files\ShrewSoft\VPN Client\iked.exe
2013-07-01 01:16 - 2013-07-01 01:16 - 00628224 _____ () C:\Program Files\ShrewSoft\VPN Client\libike.dll
2013-07-01 01:16 - 2013-07-01 01:16 - 00039936 _____ () C:\Program Files\ShrewSoft\VPN Client\libvnet.dll
2013-07-01 01:15 - 2013-07-01 01:15 - 00018432 _____ () C:\Program Files\ShrewSoft\VPN Client\libith.dll
2013-07-01 01:17 - 2013-07-01 01:17 - 00029184 _____ () C:\Program Files\ShrewSoft\VPN Client\libpfk.dll
2013-07-01 01:17 - 2013-07-01 01:17 - 00017920 _____ () C:\Program Files\ShrewSoft\VPN Client\libdtp.dll
2013-07-01 01:17 - 2013-07-01 01:17 - 00035840 _____ () C:\Program Files\ShrewSoft\VPN Client\libvflt.dll
2013-07-01 01:16 - 2013-07-01 01:16 - 00013312 _____ () C:\Program Files\ShrewSoft\VPN Client\liblog.dll
2013-07-01 01:16 - 2013-07-01 01:16 - 00116736 _____ () C:\Program Files\ShrewSoft\VPN Client\libip.dll
2013-07-01 01:15 - 2013-07-01 01:15 - 00022016 _____ () C:\Program Files\ShrewSoft\VPN Client\libidb.dll
2013-07-01 10:21 - 2013-07-01 10:21 - 00810808 _____ () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
2014-03-20 14:44 - 2014-03-20 14:44 - 00675640 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2013-12-11 11:43 - 2013-08-19 11:21 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2013-12-11 11:43 - 2013-08-19 11:21 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2013-03-28 22:34 - 2013-03-28 22:34 - 00276008 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\sldBodyDiffu.dll
2014-02-26 11:12 - 2014-02-14 12:00 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-03-23 22:41 - 2014-05-18 11:50 - 00490000 _____ () C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll
2014-05-05 10:37 - 2014-05-05 10:37 - 00138320 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-05-05 10:37 - 2014-05-05 10:37 - 00065616 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-05-24 11:15 - 2014-05-05 10:37 - 00049744 _____ () C:\Users\Michel1899\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-06-02 00:59 - 2014-06-02 00:59 - 00043008 _____ () C:\Users\Michel1899\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphuprej.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\libcef.dll
2013-12-11 11:35 - 2013-03-05 05:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 12:41 - 2013-03-05 12:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-03-23 22:41 - 2014-05-18 11:50 - 00020496 _____ () C:\Program Files (x86)\Settings Manager\systemk\syskldr.dll
2014-05-12 10:42 - 2014-05-12 10:42 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-01-14 00:03 - 2014-01-14 00:03 - 00110088 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2013-12-11 11:30 - 2013-08-28 12:02 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Michel1899\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Michel1899\SkyDrive.old:ms-properties
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Officejet 6500 E709n
Description: Officejet 6500 E709n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Officejet 6500 E709n
Description: Officejet 6500 E709n
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/28/2014 11:18:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_13_0_0_214.exe, Version: 13.0.0.214, Zeitstempel: 0x5359c61d
Name des fehlerhaften Moduls: NPSWF32_13_0_0_214.dll, Version: 13.0.0.214, Zeitstempel: 0x5359c6c6
Ausnahmecode: 0xc000041d
Fehleroffset: 0x000019b4
ID des fehlerhaften Prozesses: 0x1ae8
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_13_0_0_214.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_13_0_0_214.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_13_0_0_214.exe2
Berichtskennung: FlashPlayerPlugin_13_0_0_214.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_13_0_0_214.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_13_0_0_214.exe5
Error: (05/26/2014 08:54:13 PM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (05/26/2014 08:49:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ZeroConfigService.exe, Version: 16.5.0.0, Zeitstempel: 0x52179ea0
Name des fehlerhaften Moduls: MurocApi.dll, Version: 16.5.0.0, Zeitstempel: 0x52179d03
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002bcd8
ID des fehlerhaften Prozesses: 0x90c
Startzeit der fehlerhaften Anwendung: 0xZeroConfigService.exe0
Pfad der fehlerhaften Anwendung: ZeroConfigService.exe1
Pfad des fehlerhaften Moduls: ZeroConfigService.exe2
Berichtskennung: ZeroConfigService.exe3
Vollständiger Name des fehlerhaften Pakets: ZeroConfigService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ZeroConfigService.exe5
Error: (05/23/2014 10:30:39 AM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (05/23/2014 09:52:36 AM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (05/20/2014 09:54:10 AM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (05/20/2014 09:29:16 AM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (05/19/2014 07:48:48 PM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (05/19/2014 06:48:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_Net Driver HPZ12, Version: 6.3.9600.16384, Zeitstempel: 0x5215dfe3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17031, Zeitstempel: 0x530895af
Ausnahmecode: 0xc0000008
Fehleroffset: 0x000000000009ca6a
ID des fehlerhaften Prozesses: 0x788
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_Net Driver HPZ120
Pfad der fehlerhaften Anwendung: svchost.exe_Net Driver HPZ121
Pfad des fehlerhaften Moduls: svchost.exe_Net Driver HPZ122
Berichtskennung: svchost.exe_Net Driver HPZ123
Vollständiger Name des fehlerhaften Pakets: svchost.exe_Net Driver HPZ124
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_Net Driver HPZ125
Error: (05/19/2014 11:48:30 AM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
System errors:
=============
Error: (06/02/2014 00:59:06 AM) (Source: DCOM) (EventID: 10016) (User: MICHEL)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MichelMichel1899S-1-5-21-1873882003-3979479213-967090690-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (06/02/2014 00:57:35 AM) (Source: DCOM) (EventID: 10010) (User: MICHEL)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (06/02/2014 00:46:47 AM) (Source: DCOM) (EventID: 10016) (User: MICHEL)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MichelMichel1899S-1-5-21-1873882003-3979479213-967090690-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (06/01/2014 10:35:32 PM) (Source: DCOM) (EventID: 10016) (User: MICHEL)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MichelMichel1899S-1-5-21-1873882003-3979479213-967090690-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (05/30/2014 10:08:52 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 29.05.2014 um 18:16:06 unerwartet heruntergefahren.
Error: (05/28/2014 04:09:15 PM) (Source: DCOM) (EventID: 10016) (User: MICHEL)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MichelMichel1899S-1-5-21-1873882003-3979479213-967090690-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (05/28/2014 10:07:42 AM) (Source: DCOM) (EventID: 10016) (User: MICHEL)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MichelMichel1899S-1-5-21-1873882003-3979479213-967090690-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (05/26/2014 08:49:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) PROSet/Wireless Zero Configuration Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/26/2014 08:47:16 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (05/25/2014 01:24:20 PM) (Source: DCOM) (EventID: 10010) (User: MICHEL)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Microsoft Office Sessions:
=========================
Error: (05/28/2014 11:18:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_13_0_0_214.exe13.0.0.2145359c61dNPSWF32_13_0_0_214.dll13.0.0.2145359c6c6c000041d000019b41ae801cf7a4c283b0037C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exeC:\Windows\SYSTEM32\Macromed\Flash\NPSWF32_13_0_0_214.dll0e500807-e649-11e3-82aa-fcf8ae222099
Error: (05/26/2014 08:54:13 PM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)
Error: (05/26/2014 08:49:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ZeroConfigService.exe16.5.0.052179ea0MurocApi.dll16.5.0.052179d03c0000005000000000002bcd890c01cf7912fde16420C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dll6e440b94-e506-11e3-82a8-fcf8ae222099
Error: (05/23/2014 10:30:39 AM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)
Error: (05/23/2014 09:52:36 AM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)
Error: (05/20/2014 09:54:10 AM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)
Error: (05/20/2014 09:29:16 AM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)
Error: (05/19/2014 07:48:48 PM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)
Error: (05/19/2014 06:48:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_Net Driver HPZ126.3.9600.163845215dfe3ntdll.dll6.3.9600.17031530895afc0000008000000000009ca6a78801cf73739a985ca0C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll5d0f11f8-df75-11e3-8296-fcf8ae222099
Error: (05/19/2014 11:48:30 AM) (Source: MsiInstaller) (EventID: 1024) (User: MICHEL)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)
CodeIntegrity Errors:
===================================
Date: 2014-06-02 00:58:17.635
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-06-02 00:58:17.573
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-06-02 00:45:57.274
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-06-02 00:45:57.220
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-06-01 22:34:44.601
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-06-01 22:34:44.554
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-05-30 16:21:24.539
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-05-30 16:21:24.476
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-05-30 10:08:51.696
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.
Date: 2014-05-30 10:08:51.634
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
Percentage of memory in use: 24%
Total physical RAM: 8072.96 MB
Available physical RAM: 6066.84 MB
Total Pagefile: 9352.96 MB
Available Pagefile: 7363.82 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:922.96 GB) (Free:852.04 GB) NTFS
Drive e: (GAENSEPRINZESSIN) (CDROM) (Total:3.85 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 2F088ABB)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-02 01:11:47
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002d WDC_WD10JPVX-75JC3T0 rev.01.01A01 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\MICHEL~1\AppData\Local\Temp\uwldypow.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff25bb169a 4 bytes [BB, 25, FF, 7F]
.text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff25bb16a2 4 bytes [BB, 25, FF, 7F]
.text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff25bb181a 4 bytes [BB, 25, FF, 7F]
.text C:\Windows\system32\WLANExt.exe[1192] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff25bb1832 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1628] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff25bb169a 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1628] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff25bb16a2 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1628] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff25bb181a 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1628] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff25bb1832 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1628] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007fff1b601f6a 4 bytes [60, 1B, FF, 7F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1628] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007fff1b601f82 4 bytes [60, 1B, FF, 7F]
.text C:\Windows\System32\svchost.exe[1992] c:\windows\system32\WSOCK32.dll!setsockopt + 194 00007fff1b601f6a 4 bytes [60, 1B, FF, 7F]
.text C:\Windows\System32\svchost.exe[1992] c:\windows\system32\WSOCK32.dll!setsockopt + 218 00007fff1b601f82 4 bytes [60, 1B, FF, 7F]
.text C:\Windows\System32\svchost.exe[1640] c:\windows\system32\WSOCK32.dll!setsockopt + 194 00007fff1b601f6a 4 bytes [60, 1B, FF, 7F]
.text C:\Windows\System32\svchost.exe[1640] c:\windows\system32\WSOCK32.dll!setsockopt + 218 00007fff1b601f82 4 bytes [60, 1B, FF, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1704] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff25bb169a 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1704] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff25bb16a2 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1704] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff25bb181a 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1704] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff25bb1832 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe[2188] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff25bb169a 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe[2188] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff25bb16a2 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe[2188] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff25bb181a 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe[2188] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff25bb1832 4 bytes [BB, 25, FF, 7F]
.text C:\Windows\system32\wbem\wmiprvse.exe[2352] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff25bb169a 4 bytes [BB, 25, FF, 7F]
.text C:\Windows\system32\wbem\wmiprvse.exe[2352] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff25bb16a2 4 bytes [BB, 25, FF, 7F]
.text C:\Windows\system32\wbem\wmiprvse.exe[2352] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff25bb181a 4 bytes [BB, 25, FF, 7F]
.text C:\Windows\system32\wbem\wmiprvse.exe[2352] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff25bb1832 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2456] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff25bb169a 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2456] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff25bb16a2 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2456] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff25bb181a 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2456] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff25bb1832 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[2744] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff25bb169a 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[2744] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff25bb16a2 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[2744] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff25bb181a 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe[2744] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff25bb1832 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4324] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff25bb169a 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4324] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff25bb16a2 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4324] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff25bb181a 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4324] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff25bb1832 4 bytes [BB, 25, FF, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5156] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff25bb169a 4 bytes [BB, 25, FF, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5156] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff25bb16a2 4 bytes [BB, 25, FF, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5156] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff25bb181a 4 bytes [BB, 25, FF, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[5156] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff25bb1832 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[5716] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff25bb169a 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[5716] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff25bb16a2 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[5716] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff25bb181a 4 bytes [BB, 25, FF, 7F]
.text C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe[5716] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff25bb1832 4 bytes [BB, 25, FF, 7F]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [564:588] fffff9600086db90
---- Processes - GMER 2.1 ----
Process C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\Dropbox.exe [5728] (FILE NOT FOUND) 0000000000400000
Library C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\Dropbox.exe [5728](2014-01-03 01:09:26) 0000000003d70000
Library c:\users\michel~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphuprej.dll (*** suspicious ***) @ C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\Dropbox.exe [5728](2014-06-01 22:59:31) 0000000003c70000
Library C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\Dropbox.exe [5728](2013-08-23 19:01:44) 0000000066280000
Library C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\Dropbox.exe [5728] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42) 0000000065660000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
| Themen zu Avira findet Schadsoftware "SystemkService.exe", die aber nicht korrekt entfernt wird |
| 4d36e972-e325-11ce-bfc1-08002be10318, adware/searchsuite.c, antivir, association, ccsetup, desktop, explorer, fehlercode 1, homepage, installation, officejet, onedrive, opera, outlook 2013, programm, pup.optional.aztecmedia.a, pup.optional.conduit.a, pup.optional.crossrider.a, pup.optional.datamngr.a, pup.optional.defaultsearch.a, pup.optional.linkey.a, pup.optional.opencandy, pup.optional.settingsmanager.a, pup.optional.softonic.a, pup.optional.systemk.a, registry, rundll, services.exe, vonteera, win32/adware.bandoo.ae, win32/toolbar.asksbar, win32/toolbar.searchsuite.q, winlogon.exe |
Baum-Darstellung