Avira findet Schadsoftware "SystemkService.exe", die aber nicht korrekt entfernt wird

schrauber · 03.06.2014, 09:48

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Heidjer · 03.06.2014, 14:56

ESET:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=3d4ac176a103c749b735764042a5111c
# engine=18534
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-03 01:46:59
# local_time=2014-06-03 03:46:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 1577730 26684512 0 0
# scanned=214661
# found=29
# cleaned=0
# scan_time=5539
sh=63022D62B780E0CB3C9AE873A09A32207AEC0C45 ft=1 fh=550715eb61a24f3b vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1873882003-3979479213-967090690-1001\$RD861BJ.exe"
sh=2CF0E9EA3CDC2296FF073201E864C469A7A5759E ft=1 fh=5618c33f21c2403f vn="Variante von Win32/AdWare.Bandoo.AE Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1873882003-3979479213-967090690-1001\$RJNPSA6.dll"
sh=6736252706F89DFC6899FEE6C360D8BFBF401BEC ft=1 fh=374276c930bcde15 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF10.dll.vir"
sh=7909DF2339D78F00C24092FFF9491317AB954316 ft=1 fh=2ff184a74c05a271 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF11.dll.vir"
sh=E5FCE2519122FAF40529BA6294CB3F0844E0C738 ft=1 fh=f13e05a62680f109 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF12.dll.vir"
sh=EFC055DC03DD7698ABBFB92718A7777E2973F079 ft=1 fh=6ef019d475ea6325 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF13.dll.vir"
sh=D2859A7F5E059C24ED68665DA69EDF33A7352D55 ft=1 fh=357742a168447bbd vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF14.dll.vir"
sh=5F46910AFA74FD8EE8574E183A04B8E781F1A249 ft=1 fh=9887df60e379ba2f vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF15.dll.vir"
sh=D755D4C9CC3700F4869589360F53F61B6CC2CC72 ft=1 fh=ce2f72d226aff2b4 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF16.dll.vir"
sh=D5224E3374B861B523BC618B725D88774D077E39 ft=1 fh=c6333adf6866c44f vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF17.dll.vir"
sh=B538DC950FD59AA3F4D1349FE0BD2E2B92603612 ft=1 fh=21900040b5af4e8e vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF18.dll.vir"
sh=B785203A7E1C00F93B888EB494B33EA5D108571E ft=1 fh=fe3406bdfbae635e vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF19.dll.vir"
sh=11A9C493387FFF75D1DDEDBB8F4449CD06DF8C93 ft=1 fh=005351c573d9875e vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF2.dll.vir"
sh=7AE7378589350EA7FF89791FB017E371E653A5B7 ft=1 fh=f8ea411c78bbb34f vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF20.dll.vir"
sh=DFEDDDF25967D22BBDFC60DAB1911B85FEE88D01 ft=1 fh=dc927e8494037489 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF21.dll.vir"
sh=693DE5FECAD1B00542B339DD2F9A529B4A06A5E2 ft=1 fh=e35a43df301ed0c6 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF22.dll.vir"
sh=4ED4F94AF4D97B67412714D0747B45CF0FD6B2DA ft=1 fh=0444909e9111ddc6 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF23.dll.vir"
sh=1AFC1DF188673069ACE2163F696052C1ECB08144 ft=1 fh=9a5377a5e8bddacd vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF24.dll.vir"
sh=75E809C271D5E5ADE512E408C9EA5ADE196DE89C ft=1 fh=7061a52b9960f21b vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF25.dll.vir"
sh=C400C8D7DA9B44EF26D343A43D7079E4A87AF733 ft=1 fh=dbd9550bceae1ea9 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF26.dll.vir"
sh=4E650F2C07952D0925C8D71B2B0D36B410D27C51 ft=1 fh=e213dfeb1eda7c6b vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF27.dll.vir"
sh=BD6032EF269C1FFAB0931168C6B5CBFE0D8AAF72 ft=1 fh=076f8ebd13e4e9b1 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF28.dll.vir"
sh=7670B37DBB5192661C56908529F0C994E45A6954 ft=1 fh=36b8f310622c76d5 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF4.dll.vir"
sh=FDD7DD7F09B21EB50AAC74FC235F05A594DAC4DC ft=1 fh=4edf44d6b267a41c vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF5.dll.vir"
sh=BD07028D4DA0F02790633480206025807B0F78E2 ft=1 fh=473dff4246a7fd2a vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF6.dll.vir"
sh=42E09CB7ADCA9A141089F3F2D45F746B1C236F98 ft=1 fh=ffd8dd6bffaac829 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF7.dll.vir"
sh=53B8D8514A3C23F2B745FBD5C03E09BB24BF331D ft=1 fh=07e550a04c82e3f3 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF8.dll.vir"
sh=6539535AAB146A3C27DB949B4376C7895C3731B6 ft=1 fh=e1ba3d53c2ef126c vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF9.dll.vir"
sh=D32B92ABCEC651ABE6B27997A67674DC994609E4 ft=1 fh=04eb9f1f842db58d vn="Win32/Toolbar.AskSBar evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michel1899\Dropbox\Michel\Dokumente\Programme\Nero 8 Ultra Edition 8.3.6.0\Nero-8.3.6.0_deu_trial.exe"

SecurityCheck:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.83  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop      
Windows Defender   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 TuneUp Utilities 2014   
 TuneUp Utilities 2014 (de-DE)  
 TuneUp Utilities 2014   
 Adobe Flash Player 	13.0.0.214  
 Mozilla Firefox (29.0.1) 
 Google Chrome 34.0.1847.137  
 Google Chrome 35.0.1916.114  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

FRST:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Michel1899 (administrator) on MICHEL on 03-06-2014 15:51:51
Running from C:\Users\Michel1899\Desktop
Platform: Windows 8.1 (Update 1) (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Dropbox, Inc.) C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-12] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-06-03] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7830328 2013-05-21] (Motorola Solutions, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-05-05] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2013 Schnellstart.lnk
ShortcutTarget: SolidWorks 2013 Schnellstart.lnk -> C:\Windows\Installer\{B6B5EA7E-B91F-443D-A958-B0062FB53804}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\Michel1899\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Michel1899\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM - DefaultScope {58064229-5711-4E4D-8944-2B3587376579} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {58064229-5711-4E4D-8944-2B3587376579} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM-x32 - {58064229-5711-4E4D-8944-2B3587376579} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKCU - {58064229-5711-4E4D-8944-2B3587376579} URL = 
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{32C9AFD3-EC4E-42BB-B031-675C2DE9F8AC}: [NameServer]193.174.193.231

FireFox:
========
FF ProfilePath: C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FoxyProxy Standard - C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\foxyproxy@eric.h.jung [2014-06-02]
FF Extension: PAYBACK Toolbar - C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\toolbar-ff@payback.de.xpi [2014-05-07]
FF Extension: Adblock Plus - C:\Users\Michel1899\AppData\Roaming\Mozilla\Firefox\Profiles\ddv4ekxv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-15]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-03-19]

Chrome: 
=======
CHR HomePage: 
CHR DefaultSearchKeyword: ask.com
CHR DefaultSearchProvider: default-search.net
CHR DefaultNewTabURL: 
CHR Extension: (No Name) - C:\Users\Michel1899\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2014-05-19]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [124496 2014-05-05] (Avira Operations GmbH & Co. KG)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [1127736 2013-07-01] ()
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-09-05] (Intel Corporation)
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [810808 2013-07-01] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-28] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-08-23] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2138936 2014-03-20] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3667696 2013-08-23] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [117192 2013-08-29] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-28] (Intel Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-12] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-08-12] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-02-10] (TuneUp Software)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-03 15:51 - 2014-06-03 15:51 - 00000000 ____D () C:\Users\Michel1899\Desktop\FRST-OlderVersion
2014-06-03 15:50 - 2014-06-03 15:50 - 00854367 _____ () C:\Users\Michel1899\Desktop\SecurityCheck.exe
2014-06-03 14:09 - 2014-06-03 14:09 - 02347384 _____ (ESET) C:\Users\Michel1899\Desktop\esetsmartinstaller_deu.exe
2014-06-02 11:03 - 2014-06-03 15:51 - 00019683 _____ () C:\Users\Michel1899\Desktop\FRST.txt
2014-06-02 11:00 - 2014-06-02 11:00 - 00000756 _____ () C:\Users\Michel1899\Desktop\JRT.txt
2014-06-02 10:56 - 2014-06-02 10:56 - 00000000 ____D () C:\Windows\ERUNT
2014-06-02 10:55 - 2014-06-02 10:56 - 01016261 _____ (Thisisu) C:\Users\Michel1899\Desktop\JRT.exe
2014-06-02 10:54 - 2014-06-02 10:54 - 00008321 _____ () C:\Users\Michel1899\Desktop\AdwCleaner[S0].txt
2014-06-02 10:50 - 2014-06-02 10:51 - 00000000 ____D () C:\AdwCleaner
2014-06-02 10:50 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-02 10:49 - 2014-06-02 10:49 - 01327971 _____ () C:\Users\Michel1899\Desktop\adwcleaner_3.211.exe
2014-06-02 10:44 - 2014-06-02 10:49 - 00012116 _____ () C:\Users\Michel1899\Desktop\mbam.txt
2014-06-02 01:36 - 2014-06-02 01:36 - 611383096 _____ () C:\Windows\MEMORY.DMP
2014-06-02 01:36 - 2014-06-02 01:36 - 00291784 _____ () C:\Windows\Minidump\060214-17140-01.dmp
2014-06-02 01:36 - 2014-06-02 01:36 - 00000000 ____D () C:\Windows\Minidump
2014-06-02 01:11 - 2014-06-02 01:11 - 00014740 _____ () C:\Users\Michel1899\Downloads\gmer.log
2014-06-02 01:07 - 2014-06-02 01:07 - 00380416 _____ () C:\Users\Michel1899\Downloads\Gmer-19357.exe
2014-06-02 01:06 - 2014-06-02 01:06 - 00045807 _____ () C:\Users\Michel1899\Downloads\Addition.txt
2014-06-02 01:05 - 2014-06-03 15:51 - 00000000 ____D () C:\FRST
2014-06-02 01:05 - 2014-06-02 01:06 - 00046419 _____ () C:\Users\Michel1899\Downloads\FRST.txt
2014-06-02 01:04 - 2014-06-03 15:51 - 02068992 _____ (Farbar) C:\Users\Michel1899\Desktop\FRST64.exe
2014-06-02 01:03 - 2014-06-02 01:03 - 00000482 _____ () C:\Users\Michel1899\Downloads\defogger_disable.log
2014-06-02 01:03 - 2014-06-02 01:03 - 00000000 _____ () C:\Users\Michel1899\defogger_reenable
2014-06-02 01:02 - 2014-06-02 01:02 - 00050477 _____ () C:\Users\Michel1899\Downloads\Defogger.exe
2014-05-26 11:09 - 2014-05-26 11:09 - 00000000 ____D () C:\Poker
2014-05-26 11:06 - 2014-05-26 11:06 - 00392032 _____ (Playtech) C:\Users\Michel1899\Downloads\SetupPoker.exe
2014-05-26 08:46 - 2014-05-26 08:46 - 00000165 ____H () C:\Users\Michel1899\Desktop\~$Wetten.xlsx
2014-05-23 10:29 - 2014-05-23 10:29 - 03746544 _____ () C:\Users\Michel1899\Downloads\3540798536_.KLrechnung.zip
2014-05-23 10:24 - 2014-05-23 10:24 - 02591163 _____ () C:\Users\Michel1899\Downloads\3642118232_.Kostenmanage.zip
2014-05-21 14:29 - 2014-05-21 14:29 - 00279851 _____ () C:\Users\Michel1899\Downloads\hondekop_und_01_1075_mp3.zip
2014-05-20 10:19 - 2014-05-20 10:19 - 00000000 __SHD () C:\Users\Michel1899\AppData\Local\EmieUserList
2014-05-20 10:19 - 2014-05-20 10:19 - 00000000 __SHD () C:\Users\Michel1899\AppData\Local\EmieSiteList
2014-05-17 11:28 - 2014-05-17 11:28 - 00038894 _____ () C:\Users\Michel1899\Desktop\Werte.xlsx
2014-05-16 09:33 - 2014-05-01 22:30 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-16 09:33 - 2014-05-01 22:30 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 14:29 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-05-15 14:29 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-05-15 14:28 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 14:28 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 14:28 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 14:28 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 14:28 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-05-15 14:28 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-05-15 14:28 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2014-05-15 14:28 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-05-15 14:28 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-05-15 14:28 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-05-15 14:28 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-05-15 14:28 - 2014-04-11 05:36 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-05-15 14:28 - 2014-04-11 05:24 - 13288960 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-05-15 14:28 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-05-15 14:28 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-15 14:28 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-05-15 14:28 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-15 14:28 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-05-15 14:28 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-05-15 14:28 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-05-15 14:28 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-05-15 14:28 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-05-15 14:28 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-05-15 14:28 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-05-15 14:28 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-05-15 14:28 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-05-15 14:28 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-05-15 14:28 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-05-15 14:28 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-15 14:28 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-05-15 14:28 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-05-15 14:28 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\Windows\system32\mrt_map.dll
2014-05-15 14:28 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\Windows\system32\mrt100.dll
2014-05-15 14:28 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt_map.dll
2014-05-15 14:28 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt100.dll
2014-05-15 14:28 - 2014-03-27 11:12 - 21225584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 14:28 - 2014-03-27 09:48 - 18679728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 14:28 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-15 14:28 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-05-15 14:28 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-15 12:03 - 2014-05-15 12:04 - 06030166 _____ () C:\Users\Michel1899\Downloads\ZZ_Meine Wetten_Wettforum_Neu_3_0_2.xlsx
2014-05-15 08:53 - 2014-06-03 07:32 - 00012808 _____ () C:\Windows\PFRO.log
2014-05-14 18:05 - 2014-05-26 10:54 - 05707684 _____ () C:\Users\Michel1899\Desktop\Wetten.xlsx
2014-05-13 18:06 - 2014-05-13 18:06 - 00287061 _____ () C:\Users\Michel1899\Desktop\1547151_860143427332429_1604073925_n.mp4
2014-05-12 10:42 - 2014-05-12 10:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 20:51 - 2014-05-10 20:52 - 35250808 _____ () C:\Users\Michel1899\Downloads\skylevsvw.avi
2014-05-08 19:57 - 2014-05-08 19:58 - 00827594 _____ () C:\Users\Michel1899\Desktop\10302495_1385777135001339_812349112_n.mp4
2014-05-05 22:34 - 2014-06-03 13:12 - 01758000 _____ () C:\Windows\WindowsUpdate.log
2014-05-05 17:11 - 2014-06-02 10:48 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-05 17:11 - 2014-05-05 17:11 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-05 17:11 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-05 17:11 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-05 17:11 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-05 17:07 - 2014-05-05 17:08 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Michel1899\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-05 17:05 - 2014-05-05 17:05 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-05 17:05 - 2014-05-05 17:05 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-05 17:05 - 2014-05-05 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-05 17:05 - 2014-05-05 17:05 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-05 17:04 - 2014-05-05 17:04 - 03671432 _____ (Piriform Ltd) C:\Users\Michel1899\Downloads\ccsetup413_slim.exe
2014-05-04 20:45 - 2014-05-19 19:56 - 00029696 ___SH () C:\Users\Michel1899\Downloads\Thumbs.db
2014-05-04 20:43 - 2014-06-03 15:49 - 00000000 ____D () C:\ProgramData\Freemake
2014-05-04 20:43 - 2014-05-04 20:44 - 00000000 ____D () C:\Users\Michel1899\Documents\Freemake
2014-05-04 20:41 - 2014-05-04 20:41 - 01308144 _____ (Ellora Assets Corporation ) C:\Users\Michel1899\Downloads\FreemakeVideoConverterSetup.exe
2014-05-04 20:28 - 2014-05-04 20:28 - 20673204 _____ () C:\Users\Michel1899\Downloads\WWW.DOWNVIDS.NET-Lachyoga-Übungen.mp4
2014-05-04 18:21 - 2014-05-04 18:21 - 00471691 _____ () C:\Users\Michel1899\Downloads\zug
2014-05-04 11:46 - 2014-05-04 11:46 - 00002770 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013

==================== One Month Modified Files and Folders =======

2014-06-03 15:52 - 2014-06-02 11:03 - 00019683 _____ () C:\Users\Michel1899\Desktop\FRST.txt
2014-06-03 15:52 - 2014-02-26 08:34 - 00000000 ____D () C:\Users\Michel1899\AppData\Local\Temp
2014-06-03 15:51 - 2014-06-03 15:51 - 00000000 ____D () C:\Users\Michel1899\Desktop\FRST-OlderVersion
2014-06-03 15:51 - 2014-06-02 01:05 - 00000000 ____D () C:\FRST
2014-06-03 15:51 - 2014-06-02 01:04 - 02068992 _____ (Farbar) C:\Users\Michel1899\Desktop\FRST64.exe
2014-06-03 15:50 - 2014-06-03 15:50 - 00854367 _____ () C:\Users\Michel1899\Desktop\SecurityCheck.exe
2014-06-03 15:49 - 2014-05-04 20:43 - 00000000 ____D () C:\ProgramData\Freemake
2014-06-03 15:47 - 2014-04-13 11:32 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-03 15:17 - 2014-02-26 11:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-03 15:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-06-03 14:09 - 2014-06-03 14:09 - 02347384 _____ (ESET) C:\Users\Michel1899\Desktop\esetsmartinstaller_deu.exe
2014-06-03 13:37 - 2014-02-26 11:12 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-03 13:37 - 2014-02-26 11:12 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-03 13:12 - 2014-05-05 22:34 - 01758000 _____ () C:\Windows\WindowsUpdate.log
2014-06-03 07:43 - 2014-02-26 08:41 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1873882003-3979479213-967090690-1001
2014-06-03 07:35 - 2014-04-13 11:32 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-03 07:35 - 2014-02-26 11:12 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\Dropbox
2014-06-03 07:34 - 2014-02-26 11:17 - 00000000 ___RD () C:\Users\Michel1899\Dropbox
2014-06-03 07:33 - 2014-04-13 11:32 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-03 07:33 - 2014-03-25 15:27 - 00000000 ___RD () C:\Users\Michel1899\SkyDrive
2014-06-03 07:33 - 2014-02-26 11:16 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\DropboxMaster
2014-06-03 07:32 - 2014-05-15 08:53 - 00012808 _____ () C:\Windows\PFRO.log
2014-06-03 07:32 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-02 21:50 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-06-02 21:30 - 2014-04-14 15:25 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\HpUpdate
2014-06-02 11:00 - 2014-06-02 11:00 - 00000756 _____ () C:\Users\Michel1899\Desktop\JRT.txt
2014-06-02 10:56 - 2014-06-02 10:56 - 00000000 ____D () C:\Windows\ERUNT
2014-06-02 10:56 - 2014-06-02 10:55 - 01016261 _____ (Thisisu) C:\Users\Michel1899\Desktop\JRT.exe
2014-06-02 10:54 - 2014-06-02 10:54 - 00008321 _____ () C:\Users\Michel1899\Desktop\AdwCleaner[S0].txt
2014-06-02 10:51 - 2014-06-02 10:50 - 00000000 ____D () C:\AdwCleaner
2014-06-02 10:49 - 2014-06-02 10:49 - 01327971 _____ () C:\Users\Michel1899\Desktop\adwcleaner_3.211.exe
2014-06-02 10:49 - 2014-06-02 10:44 - 00012116 _____ () C:\Users\Michel1899\Desktop\mbam.txt
2014-06-02 10:48 - 2014-05-05 17:11 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-02 10:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\System
2014-06-02 01:53 - 2014-02-26 08:34 - 00000000 ____D () C:\Users\Michel1899
2014-06-02 01:36 - 2014-06-02 01:36 - 611383096 _____ () C:\Windows\MEMORY.DMP
2014-06-02 01:36 - 2014-06-02 01:36 - 00291784 _____ () C:\Windows\Minidump\060214-17140-01.dmp
2014-06-02 01:36 - 2014-06-02 01:36 - 00000000 ____D () C:\Windows\Minidump
2014-06-02 01:11 - 2014-06-02 01:11 - 00014740 _____ () C:\Users\Michel1899\Downloads\gmer.log
2014-06-02 01:07 - 2014-06-02 01:07 - 00380416 _____ () C:\Users\Michel1899\Downloads\Gmer-19357.exe
2014-06-02 01:06 - 2014-06-02 01:06 - 00045807 _____ () C:\Users\Michel1899\Downloads\Addition.txt
2014-06-02 01:06 - 2014-06-02 01:05 - 00046419 _____ () C:\Users\Michel1899\Downloads\FRST.txt
2014-06-02 01:03 - 2014-06-02 01:03 - 00000482 _____ () C:\Users\Michel1899\Downloads\defogger_disable.log
2014-06-02 01:03 - 2014-06-02 01:03 - 00000000 _____ () C:\Users\Michel1899\defogger_reenable
2014-06-02 01:02 - 2014-06-02 01:02 - 00050477 _____ () C:\Users\Michel1899\Downloads\Defogger.exe
2014-06-01 22:39 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-05-27 09:58 - 2014-03-03 16:31 - 00667648 ___SH () C:\Users\Michel1899\Desktop\Thumbs.db
2014-05-26 11:09 - 2014-05-26 11:09 - 00000000 ____D () C:\Poker
2014-05-26 11:06 - 2014-05-26 11:06 - 00392032 _____ (Playtech) C:\Users\Michel1899\Downloads\SetupPoker.exe
2014-05-26 10:54 - 2014-05-14 18:05 - 05707684 _____ () C:\Users\Michel1899\Desktop\Wetten.xlsx
2014-05-26 08:46 - 2014-05-26 08:46 - 00000165 ____H () C:\Users\Michel1899\Desktop\~$Wetten.xlsx
2014-05-24 12:17 - 2014-03-21 10:41 - 00001084 _____ () C:\Users\Michel1899\Desktop\Dropbox.lnk
2014-05-24 12:17 - 2014-02-26 11:16 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-24 12:17 - 2014-02-26 08:35 - 00000000 ___RD () C:\Users\Michel1899\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-23 10:29 - 2014-05-23 10:29 - 03746544 _____ () C:\Users\Michel1899\Downloads\3540798536_.KLrechnung.zip
2014-05-23 10:24 - 2014-05-23 10:24 - 02591163 _____ () C:\Users\Michel1899\Downloads\3642118232_.Kostenmanage.zip
2014-05-21 14:29 - 2014-05-21 14:29 - 00279851 _____ () C:\Users\Michel1899\Downloads\hondekop_und_01_1075_mp3.zip
2014-05-20 10:19 - 2014-05-20 10:19 - 00000000 __SHD () C:\Users\Michel1899\AppData\Local\EmieUserList
2014-05-20 10:19 - 2014-05-20 10:19 - 00000000 __SHD () C:\Users\Michel1899\AppData\Local\EmieSiteList
2014-05-19 20:01 - 2014-02-26 08:35 - 00000000 ____D () C:\Users\Michel1899\AppData\Local\Packages
2014-05-19 19:56 - 2014-05-04 20:45 - 00029696 ___SH () C:\Users\Michel1899\Downloads\Thumbs.db
2014-05-18 10:26 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-05-17 11:36 - 2014-03-03 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-05-17 11:36 - 2014-03-03 19:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-17 11:28 - 2014-05-17 11:28 - 00038894 _____ () C:\Users\Michel1899\Desktop\Werte.xlsx
2014-05-16 09:34 - 2014-02-26 08:35 - 00000000 ___RD () C:\Users\Michel1899\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-16 09:31 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-15 20:39 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-05-15 20:35 - 2014-02-26 11:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 20:34 - 2014-02-26 11:18 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 20:34 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-15 19:12 - 2013-12-11 11:24 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-15 19:12 - 2013-08-23 01:24 - 00766620 _____ () C:\Windows\system32\perfh007.dat
2014-05-15 19:12 - 2013-08-23 01:24 - 00159902 _____ () C:\Windows\system32\perfc007.dat
2014-05-15 14:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-15 12:04 - 2014-05-15 12:03 - 06030166 _____ () C:\Users\Michel1899\Downloads\ZZ_Meine Wetten_Wettforum_Neu_3_0_2.xlsx
2014-05-13 20:22 - 2014-02-26 11:51 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 18:06 - 2014-05-13 18:06 - 00287061 _____ () C:\Users\Michel1899\Desktop\1547151_860143427332429_1604073925_n.mp4
2014-05-13 18:03 - 2014-02-26 11:10 - 00001155 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-05-13 18:03 - 2014-02-26 11:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-13 18:03 - 2014-02-26 11:10 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-13 18:03 - 2013-12-11 11:31 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-13 17:57 - 2014-02-26 11:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-12 10:42 - 2014-05-12 10:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 20:57 - 2014-03-29 23:59 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\vlc
2014-05-10 20:52 - 2014-05-10 20:51 - 35250808 _____ () C:\Users\Michel1899\Downloads\skylevsvw.avi
2014-05-09 00:42 - 2014-04-13 11:32 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 00:42 - 2014-04-13 11:32 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-08 19:58 - 2014-05-08 19:57 - 00827594 _____ () C:\Users\Michel1899\Desktop\10302495_1385777135001339_812349112_n.mp4
2014-05-07 15:29 - 2014-03-26 21:19 - 00000000 ____D () C:\Users\Michel1899\AppData\Local\TempSWSicherungsverzeichnis
2014-05-07 14:14 - 2014-03-26 20:21 - 00000000 ____D () C:\Users\Michel1899\AppData\Roaming\SolidWorks
2014-05-06 06:40 - 2014-05-15 14:28 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:25 - 2014-05-15 14:28 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:00 - 2014-05-15 14:28 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 14:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 17:11 - 2014-05-05 17:11 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-05 17:11 - 2014-05-05 17:11 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-05 17:08 - 2014-05-05 17:07 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Michel1899\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-05 17:06 - 2014-03-19 18:40 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-05-05 17:05 - 2014-05-05 17:05 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-05 17:05 - 2014-05-05 17:05 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-05 17:05 - 2014-05-05 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-05 17:05 - 2014-05-05 17:05 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-05 17:04 - 2014-05-05 17:04 - 03671432 _____ (Piriform Ltd) C:\Users\Michel1899\Downloads\ccsetup413_slim.exe
2014-05-04 20:44 - 2014-05-04 20:43 - 00000000 ____D () C:\Users\Michel1899\Documents\Freemake
2014-05-04 20:41 - 2014-05-04 20:41 - 01308144 _____ (Ellora Assets Corporation ) C:\Users\Michel1899\Downloads\FreemakeVideoConverterSetup.exe
2014-05-04 20:28 - 2014-05-04 20:28 - 20673204 _____ () C:\Users\Michel1899\Downloads\WWW.DOWNVIDS.NET-Lachyoga-Übungen.mp4
2014-05-04 18:21 - 2014-05-04 18:21 - 00471691 _____ () C:\Users\Michel1899\Downloads\zug
2014-05-04 11:46 - 2014-05-04 11:46 - 00002770 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013

Some content of TEMP:
====================
C:\Users\Michel1899\AppData\Local\Temp\avgnt.exe
C:\Users\Michel1899\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp187ugo.dll
C:\Users\Michel1899\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-02 21:28

==================== End Of Log ============================

--- --- ---

--- --- ---

Zitat:

Zitat von schrauber

Noch Probleme?

Merkliche Probleme nicht. Wenn das "System" dann jetzt auch soweit wieder problemfrei bzw. frei von Schädlingen ist, bedanke ich mich recht herzlich für die Hilfe! :-)

Avira findet Schadsoftware "SystemkService.exe", die aber nicht korrekt entfernt wird

Log-Analyse und Auswertung: Avira findet Schadsoftware "SystemkService.exe", die aber nicht korrekt entfernt wird

Avira findet Schadsoftware "SystemkService.exe", die aber nicht korrekt entfernt wird

Avira findet Schadsoftware "SystemkService.exe", die aber nicht korrekt entfernt wird

Ähnliche Themen: Avira findet Schadsoftware "SystemkService.exe", die aber nicht korrekt entfernt wird