Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: 500 Mails täglich von Outlook nach DHL Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 20.05.2015, 22:04   #1
Sash1502
 
500 Mails täglich von Outlook nach DHL Trojaner - Icon27

500 Mails täglich von Outlook nach DHL Trojaner



Hallo zusammen,

eins vorab: schön das es euch gibt

Wie so viele habe auch ich den PDF Anhang mit dem Trojaner der "DHL" geöffnet.
Ich konnte mit Kaspersky schon einige Sachen entfernen doch Outlook versendet,
und das auch nur von einer einzigen Mail Adresse aus täglich knapp 500 Mails.

Es nervt einfach nur noch und ich bitte um eure Hilfe.

Hier auch gleich das FRST Log...hoffentlich im richtigen Code gepostet...


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by s (administrator) on SR_HP_ULTRABOOK on 20-05-2015 22:18:52
Running from C:\Users\s\Desktop
Loaded Profiles: s & Gast (Available profiles: s & Gast)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(FUJIFILM Corporation.) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(OrdinarySoft) C:\Program Files\Start Menu X\StartMenuX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe
(Spotify Ltd) C:\Users\s\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Deutsche Telekom AG) C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Code:Aero Technologies) C:\Program Files (x86)\Password Memory 4\Keynote.exe
(Code:Aero Technologies) C:\Program Files (x86)\Password Memory 4\Keynote.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-09] (IDT, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-06-13] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-31] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [74160 2014-01-29] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [DATEVSetup] => C:\Users\s\AppData\Local\Temp\OYa04020\TLP\DATEVsetup.exe <===== ATTENTION
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [DVCServ] => C:\Program Files (x86)\DATEV-SiPa-compact\DVCSERV
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SMB60StarMoneyRunEntry] => C:\Program Files (x86)\StarMoney Business 6.0\app\oflagent.exe [51856 2015-04-13] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [icq] => C:\Users\s\AppData\Roaming\ICQM\icq.exe [28698984 2013-08-31] (ICQ)
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [StartMenuX] => C:\Program Files\Start Menu X\StartMenuX.exe [7673664 2013-11-20] (OrdinarySoft)
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [Allway Sync] => C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe [94920 2015-04-21] ()
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [Spotify Web Helper] => C:\Users\s\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-14] (Spotify Ltd)
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [GoogleChromeAutoLaunch_25B1D1BADDAEDB1571E4D008134EB6A3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-05-05] (Google Inc.)
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [EntscheiderClub Premium] => C:\Users\s\AppData\Local\EntscheiderClub Premium\EntscheiderClub Premium.exe [1121264 2015-01-29] (Wakoopa)
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [9c5bf01b358884ef955dbaaa237340c7] => "C:\Users\s\AppData\Local\9c5bf01b358884ef955dbaaa237340c7.exe"
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\MountPoints2: {edae7ff0-618c-11e3-beb2-8434978947f8} - "E:\AutoRun.exe" 
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\E-POST MAILER.lnk [2015-03-03]
ShortcutTarget: E-POST MAILER.lnk -> C:\Program Files (x86)\Deutsche Post AG\E-POST MAILER\EpostMailer.exe (Deutsche Post AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FUJIFILM PC AutoSave auf Standby.lnk [2015-04-05]
ShortcutTarget: FUJIFILM PC AutoSave auf Standby.lnk -> C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\Manager.exe (FUJIFILM Corporation.)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-09-30]
ShortcutTarget: Dropbox.lnk -> C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk [2015-01-20]
ShortcutTarget: Mediencenter.lnk -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [01Mediencenter_InSync] -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2014-06-12] (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [02Mediencenter_ToSync] -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2014-06-12] (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [03Mediencenter_Failed] -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2014-06-12] (Deutsche Telekom AG)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKU\S-1-5-21-2262038565-221129539-630273557-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.goodsyouneed.de/
HKU\S-1-5-21-2262038565-221129539-630273557-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4
HKU\S-1-5-21-2262038565-221129539-630273557-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM -> {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2262038565-221129539-630273557-1001 -> {13BCEA89-FB1C-45B8-8EE9-2900DCF75A39} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552&CUI=UN15775412304438150&UM=1
SearchScopes: HKU\S-1-5-21-2262038565-221129539-630273557-1001 -> {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2262038565-221129539-630273557-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2262038565-221129539-630273557-501 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2262038565-221129539-630273557-501 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: SCardBHOEvent Class -> {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} -> C:\Program Files (x86)\DATEV-SiPa-compact\DVCCSASCardBHO64002.dll [2014-05-12] (DATEV eG)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2015-01-13] (DVDVideoSoft Ltd.)
BHO: EntscheiderClub Premium -> {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} -> C:\Users\s\AppData\Local\Wakoopa Shared\WakoopaBHO-x64.dll [2015-01-29] (Wakoopa)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-19] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-12-17] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: SCardBHOEvent Class -> {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} -> C:\Program Files (x86)\DATEV-SiPa-compact\DVCCSASCardBHO002.dll [2014-05-12] (DATEV eG)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-19] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-01-13] (DVDVideoSoft Ltd.)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: EntscheiderClub Premium -> {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} -> C:\Users\s\AppData\Local\Wakoopa Shared\WakoopaBHO.dll [2015-01-29] (Wakoopa)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2262038565-221129539-630273557-1001 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1

FireFox:
========
FF ProfilePath: C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default
FF Homepage: hxxp://t3n.de/|hxxp://www.logistik-watchblog.de/
FF NetworkProxy: "MM3ProxySwitch.type", 1
FF NetworkProxy: "ftp", "127.0.0.1"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-18] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-18] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-06-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-06-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-19] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-07-24] (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\abs@avira.com [2015-04-27]
FF Extension: YouTube Unblocker - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\youtubeunblocker@unblocker.yt [2014-11-05]
FF Extension: Hide My Ass Proxy Extension - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\extension@hidemyass.com.xpi [2013-06-29]
FF Extension: Soundcloud SUPER +2: Downloader and Recommender - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi [2013-08-23]
FF Extension: SoundCloud Downloader - Technowise - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2013-08-23]
FF Extension: Adblock Plus - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-19]
FF Extension: {f5110906-1b93-4640-a7fe-12251b0b7b10} - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{f5110906-1b93-4640-a7fe-12251b0b7b10}.xpi [2014-12-08]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com [2013-09-01]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2013-06-15]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-09-02]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.goodsyouneed.de/plenty/ui/admin.html
CHR StartupUrls: Default -> "hxxp://www.goodsyouneed.de/plenty/ui/admin.html"
CHR Profile: C:\Users\s\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-29]
CHR Extension: (Google Drive) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-29]
CHR Extension: (EntscheiderClub Premium) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbojioefbafdanbjbdhhmoblcbikeia [2015-03-29]
CHR Extension: (YouTube) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-29]
CHR Extension: (Google Cast) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-05-30]
CHR Extension: (Adblock Plus) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-30]
CHR Extension: (Google Search) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-29]
CHR Extension: (Bookmark Manager) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-23]
CHR Extension: (DVDVideoSoft) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2014-04-29]
CHR Extension: (Google Wallet) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-29]
CHR Extension: (Gmail) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-29]
CHR Profile: C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06]
CHR Extension: (Google Docs) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google Drive) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-06]
CHR Extension: (YouTube) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-06]
CHR Extension: (Google Search) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-06]
CHR Extension: (Google Sheets) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06]
CHR Extension: (Skype Click to Call) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-06]
CHR Extension: (DVDVideoSoft) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2015-02-06]
CHR Extension: (Google Wallet) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-06]
CHR Extension: (Gmail) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-06]
CHR Profile: C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06]
CHR Extension: (Google Docs) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google Drive) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-06]
CHR Extension: (YouTube) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-06]
CHR Extension: (Google Search) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-06]
CHR Extension: (Google Sheets) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06]
CHR Extension: (Avira Browser Safety) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-06]
CHR Extension: (Skype Click to Call) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-06]
CHR Extension: (DVDVideoSoft) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2015-02-06]
CHR Extension: (Google Wallet) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-06]
CHR Extension: (Gmail) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-06]
CHR HKU\S-1-5-21-2262038565-221129539-630273557-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-06-15]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182784 2015-04-13] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 FFPCAutoSave; C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe [94208 2013-02-28] (FUJIFILM Corporation.) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-06-13] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-06-13] (Intel Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 StarMoney 10 OnlineUpdate; C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe [688272 2015-04-15] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 StarMoney Business 6.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5491984 2015-05-13] (TeamViewer GmbH)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2014-01-29] (Check Point Software Technologies LTD)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-12] (Avira Operations GmbH & Co. KG)
S1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [46792 2013-09-17] (AnchorFree Inc.)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-21] (Intel Corporation)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-07-17] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2013-02-21] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-10-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [489056 2013-10-08] (Kaspersky Lab ZAO)
S3 KOBCCID; C:\Windows\system32\drivers\KOBCCID.sys [116864 2014-03-18] (KOBIL Systems GmbH)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-13] (Synaptics Incorporated)
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-08-13] (Anchorfree Inc.)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [454168 2013-10-23] (Check Point Software Technologies LTD)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
U0 dmboot; No ImagePath
S3 ewusbnet; \SystemRoot\system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-20 22:18 - 2015-05-20 22:19 - 00043267 _____ () C:\Users\s\Desktop\FRST.txt
2015-05-20 22:18 - 2015-05-20 22:19 - 00000000 ____D () C:\FRST
2015-05-20 22:17 - 2015-05-20 22:17 - 02107904 _____ (Farbar) C:\Users\s\Desktop\FRST64.exe
2015-05-19 13:59 - 2015-05-19 13:59 - 00001255 _____ () C:\WINDOWS\system32\TeamViewer10_Hooks.log
2015-05-19 00:52 - 2015-05-19 00:51 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-05-19 00:51 - 2015-05-19 00:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-05-18 22:37 - 2015-05-18 22:37 - 00000000 ____D () C:\ProgramData\StarMoney 10
2015-05-18 22:37 - 2015-05-18 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 10
2015-05-18 22:30 - 2015-05-20 01:18 - 00000000 ____D () C:\Program Files (x86)\StarMoney 10
2015-05-18 16:13 - 2015-05-18 16:13 - 00000019 _____ () C:\Users\s\Desktop\buchhaltungssoftware.txt
2015-05-18 09:55 - 2015-05-18 10:37 - 00000000 ____D () C:\KVRT_Data
2015-05-14 16:14 - 2015-05-14 16:14 - 00000123 _____ () C:\Users\s\Desktop\Collmex.url
2015-05-02 03:04 - 2015-05-02 03:04 - 00000000 ____D () C:\Users\s\Documents\Hausverwalter
2015-05-02 03:04 - 2015-05-02 03:04 - 00000000 ____D () C:\Users\s\AppData\Roaming\Buhl Data Service
2015-05-02 03:04 - 2015-05-02 03:04 - 00000000 ____D () C:\Users\s\AppData\Local\Buhl Data Service
2015-05-02 03:03 - 2015-05-04 12:14 - 00000647 _____ () C:\WINDOWS\wiso.ini
2015-05-02 03:03 - 2015-05-02 03:03 - 00002131 _____ () C:\Users\Public\Desktop\WISO Hausverwalter 2015.lnk
2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\Users\s\AppData\Roaming\Buhl
2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\Users\s\AppData\Local\Buhl
2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Hausverwalter 2015
2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\Program Files (x86)\Buhl
2015-05-02 03:02 - 2015-05-02 03:03 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2015-04-28 23:55 - 2015-04-28 23:55 - 00001733 _____ () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Copy of plentymarkets.lnk
2015-04-28 23:49 - 2015-04-28 23:49 - 07810528 _____ (plentymarkets GmbH) C:\Users\s\plentymarkets_updater_windows_216.exe
2015-04-21 20:19 - 2015-05-19 13:59 - 00000985 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-21 20:19 - 2015-04-21 20:19 - 00000000 ____D () C:\Users\s\AppData\Local\TeamViewer

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-20 22:21 - 2013-05-14 23:57 - 00000000 ____D () C:\Users\s\Documents\Outlook-Dateien
2015-05-20 22:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-20 22:00 - 2015-02-27 21:25 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2015-05-20 21:59 - 2013-11-30 16:56 - 01072060 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-20 21:58 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-20 21:50 - 2014-04-29 13:07 - 00001150 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-20 20:00 - 2015-04-14 21:31 - 00000000 ____D () C:\Program Files (x86)\StarMoney Business 6.0
2015-05-20 19:42 - 2015-01-20 02:14 - 00000000 ___RD () C:\Users\s\Mediencenter
2015-05-20 17:49 - 2013-06-22 18:48 - 00000000 ____D () C:\Users\s\AppData\Roaming\FTPRush
2015-05-20 10:43 - 2014-05-27 17:55 - 00000000 ___RD () C:\Users\s\Dropbox
2015-05-19 19:28 - 2013-05-10 12:34 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2262038565-221129539-630273557-1001
2015-05-19 14:00 - 2014-08-28 21:12 - 00000408 _____ () C:\WINDOWS\Tasks\Allway Sync_{4E6949520858136489535401CF6DD6A8}.job
2015-05-19 14:00 - 2013-11-22 17:08 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-05-19 01:24 - 2013-08-07 14:13 - 00000000 ____D () C:\Users\s\AppData\Roaming\vlc
2015-05-19 00:52 - 2013-10-21 18:27 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-19 00:51 - 2013-10-21 18:27 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-18 22:34 - 2013-08-22 15:25 - 00017486 _____ () C:\WINDOWS\system32\Drivers\etc\services
2015-05-18 22:15 - 2012-08-24 18:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-18 22:00 - 2014-09-02 12:01 - 00000000 ____D () C:\Users\s\AppData\Local\Adobe
2015-05-18 21:50 - 2013-09-30 06:14 - 01980934 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-18 21:50 - 2013-09-30 05:56 - 00842568 _____ () C:\WINDOWS\system32\perfh007.dat
2015-05-18 21:50 - 2013-09-30 05:56 - 00191764 _____ () C:\WINDOWS\system32\perfc007.dat
2015-05-18 21:46 - 2014-05-27 17:53 - 00000000 ____D () C:\Users\s\AppData\Roaming\Dropbox
2015-05-18 21:46 - 2012-08-24 18:00 - 00000000 ____D () C:\ProgramData\Temp
2015-05-18 21:45 - 2013-11-30 17:11 - 00000000 ___DO () C:\Users\s\SkyDrive
2015-05-18 21:43 - 2015-03-03 08:57 - 00000106 _____ () C:\WINDOWS\system32\mfilemon.log
2015-05-18 21:43 - 2014-04-29 13:07 - 00001146 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-18 21:43 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-18 21:42 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-18 11:15 - 2014-06-10 15:21 - 00000000 ____D () C:\Users\s\AppData\Local\Spotify
2015-05-18 10:52 - 2014-06-10 15:20 - 00000000 ____D () C:\Users\s\AppData\Roaming\Spotify
2015-05-18 01:43 - 2014-01-02 20:14 - 00003154 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleFors
2015-05-18 01:43 - 2014-01-02 20:14 - 00000348 _____ () C:\WINDOWS\Tasks\HPCeeScheduleFors.job
2015-05-18 00:39 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-17 15:31 - 2013-08-22 16:46 - 00336769 _____ () C:\WINDOWS\setupact.log
2015-05-17 13:16 - 2013-05-12 21:28 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-05-17 06:45 - 2014-04-29 13:07 - 00004122 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 06:45 - 2014-04-29 13:07 - 00003886 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-05 13:15 - 2015-03-05 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-05 13:12 - 2014-07-07 17:21 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-05-05 13:12 - 2014-07-07 17:21 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-05-04 12:29 - 2014-12-17 14:50 - 00000000 ____D () C:\WINDOWS\uninstall
2015-05-04 12:29 - 2014-12-17 14:50 - 00000000 ____D () C:\Program Files (x86)\CDN YabeOffice Daten
2015-05-04 12:29 - 2014-12-17 14:50 - 00000000 ____D () C:\Program Files (x86)\CDN YabeOffice
2015-05-04 12:18 - 2014-04-30 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Allway Sync
2015-05-04 12:18 - 2014-04-30 18:22 - 00000000 ____D () C:\Program Files (x86)\Allway Sync
2015-04-29 00:52 - 2013-09-29 21:04 - 00377164 _____ () C:\WINDOWS\PFRO.log
2015-04-28 23:55 - 2014-09-21 17:41 - 00001784 _____ () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\plentymarkets.lnk
2015-04-28 23:55 - 2014-03-03 14:32 - 00000000 ____D () C:\Program Files\plentymarkets
2015-04-28 23:49 - 2013-11-30 16:48 - 00000000 ____D () C:\Users\s
2015-04-23 18:53 - 2013-06-15 17:00 - 00000000 ____D () C:\Users\s\AppData\Roaming\WindSolutions
2015-04-22 16:18 - 2013-08-22 16:44 - 05142072 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-22 16:17 - 2013-05-14 23:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-21 23:34 - 2013-05-14 23:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-21 20:19 - 2013-10-20 16:25 - 00000000 ____D () C:\Users\s\AppData\Roaming\TeamViewer

==================== Files in the root of some directories =======

2013-05-10 12:25 - 2013-06-08 12:51 - 0013930 _____ () C:\Users\s\AppData\Roaming\AbsoluteReminder.xml
2013-10-19 13:29 - 2013-10-19 13:58 - 0001796 _____ () C:\Users\s\AppData\Roaming\LiveSupport.exe_log.txt
2013-10-19 13:29 - 2013-10-19 14:48 - 0000092 _____ () C:\Users\s\AppData\Roaming\regsvr32.exe_log.txt
2014-03-18 16:19 - 2014-03-18 16:20 - 0000834 _____ () C:\Users\s\AppData\Local\belegtransfer_setup.log
2014-09-02 20:25 - 2014-09-02 20:25 - 0002273 _____ () C:\Users\s\AppData\Local\recently-used.xbel
2014-03-18 12:27 - 2015-01-14 11:46 - 0718262 _____ () C:\Users\s\AppData\Local\tempvcredist_x64.log
2014-02-09 18:25 - 2014-02-09 18:25 - 0000011 _____ () C:\ProgramData\.tv7

Files to move or delete:
====================
C:\Users\s\plentymarkets_updater_windows_207.exe
C:\Users\s\plentymarkets_updater_windows_208.exe
C:\Users\s\plentymarkets_updater_windows_209.exe
C:\Users\s\plentymarkets_updater_windows_210.exe
C:\Users\s\plentymarkets_updater_windows_213.exe
C:\Users\s\plentymarkets_updater_windows_214.exe
C:\Users\s\plentymarkets_updater_windows_215.exe
C:\Users\s\plentymarkets_updater_windows_216.exe
C:\Users\s\plentymarkets_windows_212.exe


Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\avgnt.exe
C:\Users\s\AppData\Local\Temp\avgnt.exe
C:\Users\s\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpv7tf4_.dll
C:\Users\s\AppData\Local\Temp\FreeStudio.exe
C:\Users\s\AppData\Local\Temp\i4jdel0.exe
C:\Users\s\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\s\AppData\Local\Temp\proxy_vole5753558156256649135.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-18 23:24

==================== End Of Log ============================
         
--- --- ---

Alt 21.05.2015, 06:55   #2
schrauber
/// the machine
/// TB-Ausbilder
 

500 Mails täglich von Outlook nach DHL Trojaner - Standard

500 Mails täglich von Outlook nach DHL Trojaner



Hi,

Addition.txt fehlt noch
__________________

__________________

Alt 21.05.2015, 21:54   #3
Sash1502
 
500 Mails täglich von Outlook nach DHL Trojaner - Standard

500 Mails täglich von Outlook nach DHL Trojaner



Ahhh....da ist sie..




Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05-2015
Ran by s at 2015-05-20 22:21:26
Running from C:\Users\s\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2262038565-221129539-630273557-500 - Administrator - Disabled)
fbwuser (S-1-5-21-2262038565-221129539-630273557-1005 - Limited - Disabled)
Gast (S-1-5-21-2262038565-221129539-630273557-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-2262038565-221129539-630273557-1003 - Limited - Enabled)
s (S-1-5-21-2262038565-221129539-630273557-1001 - Administrator - Enabled) => C:\Users\s

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: ZoneAlarm Antivirus (Enabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.13 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Allway Sync version 15.1.9 (HKLM-x32\...\Allway Sync_is1) (Version:  - Botkind Inc)
Ant Renamer (HKLM-x32\...\Ant Renamer 2_is1) (Version: 2.10.0 - Ant Software)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DATEV Belegtransfer V.3.22 (HKLM-x32\...\{EC561A24-754E-44F1-B76F-2FDA3DF9E912}) (Version: 2.03 - DATEV eG)
DATEV Installation V.2.74 (HKLM-x32\...\DATEVB00000482.0) (Version:  - )
DATEV Sicherheitspaket - compact (HKLM-x32\...\{13D2D749-7F84-4A63-A09E-3DFDBA4E03EF}) (Version: 2.40.0001 - DATEV eG)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Dropbox (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
DVS Video Downloader Addon for Mozilla Firefox version 4.3.4.15 (HKLM-x32\...\DVS Video Downloader Addon for Mozilla Firefox_is1) (Version: 4.3.4.15 - DVDVideoSoft Ltd.)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
EntscheiderClub Premium (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\EntscheiderClub Premium) (Version:  - Wakoopa B.V.)
E-POST MAILER (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\{6e991dbc-fbeb-434e-b0c0-20f336054450}) (Version: 2.0.1.1972 - Deutsche Post AG)
E-POST MAILER (x32 Version: 2.0.1.1925 - Deutsche Post AG) Hidden
E-POST MAILER Drucker (Version: 2.0.1.1925 - Deutsche Post AG) Hidden
E-POST MAILER Start (x32 Version: 1.0.0.0 - Deutsche Post AG) Hidden
etope Lister 2 (HKLM-x32\...\etope Lister_is1) (Version:  - Freshworx GmbH & Co.KG)
Evernote v. 5.8.1 (HKLM-x32\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.)
Free Studio version 6.4.2.113 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.2.113 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.17.1125 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.17.1125 - DVDVideoSoft Ltd.)
FTPRush 2.1.8 (HKLM-x32\...\FTP Rush_is1) (Version: 2.1.8 - wftpserver.com)
FUJIFILM PC AutoSave (HKLM-x32\...\{872F1306-0DB6-45EC-832E-2F5D3A56CF99}) (Version: 1.0.0 - FUJIFILM)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{AB5BCC55-18E2-46C7-9405-FF61CB888F05}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{0D3A6808-82B8-4BB1-BE5A-AED75B3F6C02}) (Version: 2.20.11 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{D044EBE7-94E7-4C49-90FC-9069E3F374E1}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Quick Launch (HKLM-x32\...\{609B11CC-8CED-4116-AD8A-A72168894D39}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
ICQ 8.1 (build 6337) (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\ICQ) (Version: 8.1.6337.0 - Mail.Ru)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KOBIL CCID driver x64x86 (x32 Version: 1.013.02121 - KOBIL Systems) Hidden
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Mediencenter 3.9.1055.64 (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Mediencenter) (Version: 3.9.1055.64 - Deutsche Telekom AG)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
Multi file port monitor (mfilemon) 1.5.1 (HKLM\...\{A932243F-381F-434C-B18E-4F09D2F015F8}_is1) (Version: 1.5.1 - Monti Lorenzo)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Password Memory 4.1.2 (HKLM-x32\...\ca_keynote_is1) (Version: 4.1.2 - Code:Aero Technologies)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
plentymarkets 216 (HKLM-x32\...\5841-3682-4824-5789) (Version: 216 - plentymarkets GmbH)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Spotify) (Version: 1.0.5.178.g885b099b - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
StarMoney (x32 Version: 4.0.7.94 - StarFinanz) Hidden
StarMoney (x32 Version: 5.0.0.226 - StarFinanz) Hidden
StarMoney 10  (HKLM-x32\...\{F061A207-B07B-4E1D-8655-286BBBB3E2CC}) (Version: 10 - Star Finanz GmbH)
StarMoney 9.0  (HKLM-x32\...\{E50EB864-0852-4249-A1B9-96CED146E52B}) (Version: 9.0 - Star Finanz GmbH)
StarMoney Business 6.0  (HKLM-x32\...\{8BE45DD0-1BB0-4E3D-9940-9D92C5B52BAB}) (Version: 6.0 - Star Finanz GmbH)
Start Menu X Version 5.02 (HKLM\...\{3E494002-985C-4908-B72C-5B4DD15BE090}_is1) (Version: 5.02 - OrdinarySoft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.42650 - TeamViewer)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WISO Hausverwalter 2015 (HKLM-x32\...\{E821384E-D24C-4316-9D86-872F95ED92F0}) (Version: 9.00.8468 - Buhl Data Service GmbH)
ZoneAlarm Antivirus (x32 Version: 12.0.121.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 12.0.121.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 12.0.121.000 - Check Point)
ZoneAlarm Security (x32 Version: 12.0.121.000 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{268502F4-815D-4358-A8D6-B783FDB58EF0}\InprocServer32 -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.ContextMenuHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}\InprocServer32 -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}\InprocServer32 -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}\InprocServer32 -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

18-05-2015 22:14:20 Installiert StarMoney

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {09A9D1BB-CC0A-45D0-B9A9-691712E9122D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {11512367-DAEA-4113-9F27-98A7BFA4A5AC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {17DEAEAD-5874-411D-B661-12F9FB3044D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {2A196FE1-2322-4811-882B-905EAF8FB978} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {42FBFC55-ACCC-4121-AD29-71B8636EFE2A} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-08-19] (Hewlett-Packard Development Company, L.P.)
Task: {898CD2B7-EF24-4ED8-A572-329FCF4AE92D} - System32\Tasks\{F6BBF5FB-2A3D-4BA1-853E-6C46DE6EFC5B} => pcalua.exe -a "C:\Program Files (x86)\MultiProxy\uninstall.exe" -d "C:\Program Files (x86)\MultiProxy"
Task: {8DA74E5E-BF32-42FC-850C-5C8DFDD5E7CC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {9EE09341-E1F1-4B2D-A58E-9808BE8A8726} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {9FACF286-E864-427A-A9F4-07E29BE178FA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {AB713B58-8184-413F-8BBF-7FFDFC895289} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {AF9E4EA1-40E4-4098-9E62-E3C2BA309555} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-29] (Google Inc.)
Task: {B65CC303-6A43-4666-AE7A-F6DD23051E52} - System32\Tasks\HPCeeScheduleFors => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {B97EBAE3-14F0-462D-9768-EBB19F72BB80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-29] (Google Inc.)
Task: {C56BD8AB-BF86-4FE9-9BBC-0DDE1420BDBA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {D43C1296-698F-4266-A542-E539473DB882} - \DSite No Task File <==== ATTENTION
Task: {E8BFD69A-2607-4D93-8015-C28198CBF9F6} - System32\Tasks\Allway Sync_{4E6949520858136489535401CF6DD6A8} => C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe [2015-04-21] ()
Task: {F1624858-F5D9-439E-832B-0496983BEC90} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-07-20] (Intel)
Task: C:\WINDOWS\Tasks\Allway Sync_{4E6949520858136489535401CF6DD6A8}.job => C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleFors.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (Whitelisted) ==============

2014-04-30 18:22 - 2015-04-13 15:55 - 00182784 _____ () C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-10-04 00:42 - 2013-10-04 00:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-04-30 18:22 - 2015-04-21 00:37 - 00094920 _____ () C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-12-03 11:06 - 2014-12-03 11:06 - 03445656 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\PDFMaker\Common\X64\AdobePDFMakerX.dll
2014-12-03 20:07 - 2014-12-03 20:07 - 01446400 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\PDFMaker\AdobePDFMakerX.DEU
2010-12-21 04:30 - 2010-12-21 04:30 - 01549664 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-28 19:14 - 2013-02-28 19:14 - 00118784 _____ () C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\libFFIR.dll
2013-02-28 19:14 - 2013-02-28 19:14 - 00188416 _____ () C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\FFWB.dll
2013-02-28 19:14 - 2013-02-28 19:14 - 00135168 _____ () C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\libFTLPTPIP.dll
2013-08-26 15:02 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-08-26 15:02 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-08-26 15:02 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-08-26 15:02 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-08-26 15:02 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-02-27 21:27 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0\ouservice\PATCHW32.dll
2015-04-14 21:34 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney Business 6.0\ouservice\PATCHW32.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-05-14 19:52 - 2015-05-05 06:06 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libglesv2.dll
2015-05-14 19:52 - 2015-05-05 06:06 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libegl.dll
2014-04-30 18:22 - 2015-04-13 15:55 - 08573952 _____ () C:\Program Files (x86)\Allway Sync\Bin\syncapp.dll
2015-05-18 21:44 - 2015-05-18 21:44 - 00043008 _____ () c:\users\s\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpv7tf4_.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\s\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\s\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\s\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\s\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-12-03 20:07 - 2014-12-03 20:07 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu
2015-05-14 19:52 - 2015-05-05 06:06 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\PepperFlash\pepflashplayer.dll
2012-10-23 21:18 - 2013-06-13 23:27 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-05-18 22:35 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 10\ouservice\PATCHW32.dll
2015-05-19 00:51 - 2015-05-19 00:51 - 00019040 _____ () C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2native.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
2013-05-11 12:37 - 2013-05-11 12:37 - 14588632 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\NPSWF32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0966080E
AlternateDataStreams: C:\Users\s\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2262038565-221129539-630273557-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\s\Pictures\photo-1415226620463-aedee27159c5.jpg
HKU\S-1-5-21-2262038565-221129539-630273557-501\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.43.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Twonky Server.lnk"
HKLM\...\StartupApproved\StartupFolder: => "CDN Yabe Office.lnk"
HKLM\...\StartupApproved\StartupFolder: => "E-POST MAILER.lnk"
HKLM\...\StartupApproved\StartupFolder: => "FUJIFILM PC AutoSave auf Standby.lnk"
HKLM\...\StartupApproved\Run: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "ZoneAlarm Installer"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "DVCServ"
HKLM\...\StartupApproved\Run32: => "DATEVSetup"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\StartupApproved\Run: => "icq"
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\StartupApproved\Run: => "EntscheiderClub Premium"
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\StartupApproved\Run: => "9c5bf01b358884ef955dbaaa237340c7"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E7394822-19FD-4263-8A5B-C56FC9586959}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{9C1AA961-87D8-43C9-A409-B9075BA40BA0}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{62632452-45E0-4A04-90C7-731B2D587CB4}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{1FF59A7C-422C-4678-BFF6-DABFC2D8F96A}] => (Allow) C:\Users\s\AppData\Roaming\ICQM\icq.exe
FirewallRules: [{D72A5104-3D6C-4A90-BD72-44C21639BD2C}] => (Allow) C:\Users\s\AppData\Roaming\ICQM\icq.exe
FirewallRules: [{AD05BABA-6646-4C3A-986E-CC7BA770AD38}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exe
FirewallRules: [{890D8DA8-AAD1-49CB-BCB0-2A21237F60D5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{B0CAB26B-7B5F-480E-8CA9-2285194FE692}] => (Allow) LPort=1900
FirewallRules: [{FCF99A43-9699-4020-8128-D1F18CF0D614}] => (Allow) LPort=2869
FirewallRules: [{5BEF5397-0FC8-49E3-9FC1-51B5F68A7DD0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [TCP Query User{23C78A46-DA51-4410-8FD7-B92D9CD0182F}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{20CADABF-5640-4640-AAD0-0FCB7C768A6D}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{7919D2CD-2FBE-4047-AB76-C729ABC33759}] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{E0CB3568-2010-42AF-9F86-0EFFCE56D4C9}] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{F98A1208-C992-4820-BB99-EB19AA0AE8E1}C:\program files (x86)\ftprush\ftprush.exe] => (Allow) C:\program files (x86)\ftprush\ftprush.exe
FirewallRules: [UDP Query User{797FCA2A-1C08-4917-849B-FDF7B93C63D8}C:\program files (x86)\ftprush\ftprush.exe] => (Allow) C:\program files (x86)\ftprush\ftprush.exe
FirewallRules: [{A17DF673-784F-4FD7-9723-305EBE15D116}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
FirewallRules: [{C91441AD-8F11-47A0-BB59-AA7B1F65A330}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
FirewallRules: [{FFF639CC-4A34-4347-A8A8-41CD3587376F}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
FirewallRules: [{2E78FCC5-454A-40AE-AA7D-D8E42CE68DEE}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
FirewallRules: [{2CF1C950-CD39-4021-8BF7-579969943023}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{D824EF1C-3643-48B6-8124-CD6BACB04531}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{29B09A44-3E1B-4004-A26E-3B60B19074D5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{862EEF92-8F16-4AA7-BE44-65ECECA6E968}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [TCP Query User{8E58FFEC-E106-4FC8-8ABB-CFD051248184}C:\program files (x86)\ftprush\ftprush.exe] => (Block) C:\program files (x86)\ftprush\ftprush.exe
FirewallRules: [UDP Query User{4384D3B5-3319-4104-9995-38A628A32252}C:\program files (x86)\ftprush\ftprush.exe] => (Block) C:\program files (x86)\ftprush\ftprush.exe
FirewallRules: [TCP Query User{B78A5B98-5FF3-459F-A408-9EF6FAE44ADB}C:\users\s\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\s\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{55ECA24A-5568-4287-BC3B-0AC17527631C}C:\users\s\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\s\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{AB5DD043-E289-4BD5-96D1-C6C36E485418}C:\users\s\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\s\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{F6A8BB49-2AF7-467A-94E4-C590CE0C0CE2}C:\users\s\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\s\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{56BC7622-B916-435E-A99E-B3F97DC2B7B2}C:\program files\plentymarkets\plentymarkets.exe] => (Allow) C:\program files\plentymarkets\plentymarkets.exe
FirewallRules: [UDP Query User{AE302455-86AB-4369-BC73-705BE5491036}C:\program files\plentymarkets\plentymarkets.exe] => (Allow) C:\program files\plentymarkets\plentymarkets.exe
FirewallRules: [{7FCF99BE-B64C-4253-9875-049FD6EE6AA9}] => (Allow) C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{77EE1C70-93F9-471C-AC16-B65023CD0F59}] => (Allow) C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{EE98B557-949C-417A-930B-F7A073B7F3F7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{0C152529-6A25-4C14-B1B7-2CD6EF949FC2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{2948C0C7-1B75-4F31-A81B-E9A3248DEA61}C:\users\s\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\s\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8EA478D7-4D10-4161-9219-926541B70169}C:\users\s\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\s\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{F14AC53E-5CEF-49FE-9CBB-0DF22A816B1D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{FDB4C01D-F4D9-4938-8095-2C74532A5B93}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{DC3DFE60-96C4-47C4-A493-981FF86CFA53}C:\program files\plentymarkets\plentymarkets.exe] => (Allow) C:\program files\plentymarkets\plentymarkets.exe
FirewallRules: [UDP Query User{92A4DB3C-4104-4936-8AA3-F71440316A3E}C:\program files\plentymarkets\plentymarkets.exe] => (Allow) C:\program files\plentymarkets\plentymarkets.exe
FirewallRules: [TCP Query User{C0129FFD-FFE5-422E-84E4-643D59C0C0F4}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{431F683D-E82A-4A6C-B687-E37281C041A0}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{F0AD5292-DE10-4214-B6A5-447ED58AC720}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{379F69FE-3BC4-4C53-B85A-904B4114A44E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{792EDE5E-D31B-4320-9A52-CEE928322F1C}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{6AC56DAE-8C18-4920-8EAC-1101786C3F3E}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{33F25883-60DB-49D3-A745-F5F64C7C0560}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\app\StarMoney.exe
FirewallRules: [{801CE9A9-9D86-4CD9-B237-E2CAD0A1F3D3}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\app\StarMoney.exe
FirewallRules: [TCP Query User{6BB9E385-A916-4AE9-9ACB-E699B7747A9B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{037EDFE1-43DE-4272-B543-1C13CCC0D876}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{B63DAE1C-FE80-4F4B-A7AE-43644616C7AB}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PairingWizard.exe
FirewallRules: [{4A7A5C9B-EED4-40B1-AD45-6960AA5648A1}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PairingWizard.exe
FirewallRules: [{775848ED-0AC4-4EC6-93BA-1287B0787B13}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe
FirewallRules: [{73F0DEAF-3EAC-44CD-B822-FD6026AEB483}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe
FirewallRules: [{DFB9FE53-F7E1-4722-9045-7BE36A899B8A}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{DA13A301-BC4D-4410-8E2E-C0A71DDA511E}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{7EA59164-96B1-4AC8-B02B-9AE5D204C320}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\app\StarMoney.exe
FirewallRules: [{44984E01-EA4E-4B26-A680-8F5CEC2E1BC9}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\app\StarMoney.exe
FirewallRules: [{404D4D02-9942-438D-B5B3-73A380C233F4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{78EBD91E-BE77-48D1-9C3D-69DEAE23945B}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{695BCC07-367E-4D56-8799-C8042E5E9CC9}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{D39A23BF-94FA-498F-A9C6-3E18E77E3519}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe
FirewallRules: [{C6706BC1-2DF5-448D-BBE8-313A44848299}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe
FirewallRules: [{31509B17-9DBE-4214-89B0-71BD92256E48}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E5D41589-171C-4DB9-AB20-5C876F558093}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{00E4A3C8-9DCE-4AAB-A725-3E7D8AA2CBFE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E549719D-2ADD-463E-AE7F-146D1FD3FD88}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{51781ACE-FC85-4D39-A795-41AF1A2764AB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/20/2015 01:16:59 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "\\?\Volume{57f9d638-36f8-48f8-a7aa-395529054261}\" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (05/20/2015 01:16:59 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "WINRE" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (05/19/2015 10:15:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_stisvc, Version: 6.3.9600.16384, Zeitstempel: 0x5215dfe3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22
Ausnahmecode: 0xc0000008
Fehleroffset: 0x000000000009355a
ID des fehlerhaften Prozesses: 0x9dc
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_stisvc0
Pfad der fehlerhaften Anwendung: svchost.exe_stisvc1
Pfad des fehlerhaften Moduls: svchost.exe_stisvc2
Berichtskennung: svchost.exe_stisvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_stisvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_stisvc5

Error: (05/19/2015 01:24:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000052f0b
ID des fehlerhaften Prozesses: 0xf78
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Vollständiger Name des fehlerhaften Pakets: vlc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: vlc.exe5

Error: (05/19/2015 00:55:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 37.0.2.5583, Zeitstempel: 0x552ef76c
Name des fehlerhaften Moduls: mozalloc.dll, Version: 37.0.2.5583, Zeitstempel: 0x552ee9ae
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0xc0
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5

Error: (05/19/2015 00:49:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jre-8u45-windows-i586-iftw.exe, Version: 8.0.450.15, Zeitstempel: 0x5542981d
Name des fehlerhaften Moduls: jre-8u45-windows-i586-iftw.exe, Version: 8.0.450.15, Zeitstempel: 0x5542981d
Ausnahmecode: 0x40000015
Fehleroffset: 0x0005d386
ID des fehlerhaften Prozesses: 0xadc
Startzeit der fehlerhaften Anwendung: 0xjre-8u45-windows-i586-iftw.exe0
Pfad der fehlerhaften Anwendung: jre-8u45-windows-i586-iftw.exe1
Pfad des fehlerhaften Moduls: jre-8u45-windows-i586-iftw.exe2
Berichtskennung: jre-8u45-windows-i586-iftw.exe3
Vollständiger Name des fehlerhaften Pakets: jre-8u45-windows-i586-iftw.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: jre-8u45-windows-i586-iftw.exe5

Error: (05/18/2015 09:43:35 PM) (Source: SideBySide) (EventID: 79) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1".
Die Einstellung "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName" ist nicht registriert.

Error: (05/18/2015 04:16:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20856 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: b430

Startzeit: 01d091749624d735

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 8a03d776-fd68-11e4-bf16-8434978947f8

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/18/2015 03:55:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20856 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: bbd8

Startzeit: 01d091719fe3c72f

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 9426f154-fd65-11e4-bf16-8434978947f8

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/18/2015 10:48:32 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4


System errors:
=============
Error: (05/20/2015 00:45:47 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 43. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (05/20/2015 10:47:24 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 43. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (05/20/2015 10:47:24 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 43. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (05/20/2015 10:41:16 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 43. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (05/20/2015 10:41:14 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 43. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (05/19/2015 10:47:05 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (05/19/2015 10:47:05 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (05/19/2015 10:47:05 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (05/19/2015 10:47:05 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (05/19/2015 10:48:59 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.


Microsoft Office Sessions:
=========================
Error: (05/20/2015 01:16:59 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: \\?\Volume{57f9d638-36f8-48f8-a7aa-395529054261}\Falscher Parameter. (0x80070057)

Error: (05/20/2015 01:16:59 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: WINREFalscher Parameter. (0x80070057)

Error: (05/19/2015 10:15:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_stisvc6.3.9600.163845215dfe3ntdll.dll6.3.9600.1727853eebd22c0000008000000000009355a9dc01d091a2ea8430a8C:\WINDOWS\system32\svchost.exeC:\WINDOWS\SYSTEM32\ntdll.dll2c6091a1-fdff-11e4-bf17-8434978947f8

Error: (05/19/2015 01:24:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.3.9600.1727853eebd22c00000050000000000052f0bf7801d091c19add12fbC:\Program Files\VideoLAN\VLC\vlc.exeC:\WINDOWS\SYSTEM32\ntdll.dll18ac1534-fdb5-11e4-bf17-8434978947f8

Error: (05/19/2015 00:55:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.2.5583552ef76cmozalloc.dll37.0.2.5583552ee9ae8000000300001aa1c001d091bd2af897d8C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlled66422c-fdb0-11e4-bf17-8434978947f8

Error: (05/19/2015 00:49:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: jre-8u45-windows-i586-iftw.exe8.0.450.155542981djre-8u45-windows-i586-iftw.exe8.0.450.155542981d400000150005d386adc01d091bb8fc133fdC:\Users\s\Desktop\Downloads\jre-8u45-windows-i586-iftw.exeC:\Users\s\Desktop\Downloads\jre-8u45-windows-i586-iftw.exe1a0576c9-fdb0-11e4-bf17-8434978947f8

Error: (05/18/2015 09:43:35 PM) (Source: SideBySide) (EventID: 79) (User: )
Description: hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNameC:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

Error: (05/18/2015 04:16:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20856b43001d091749624d7354294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe8a03d776-fd68-11e4-bf16-8434978947f8microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (05/18/2015 03:55:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20856bbd801d091719fe3c72f4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe9426f154-fd65-11e4-bf16-8434978947f8microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (05/18/2015 10:48:32 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4


CodeIntegrity Errors:
===================================
  Date: 2013-11-30 15:06:55.497
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-30 14:42:41.927
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-30 14:39:40.327
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-30 13:40:28.974
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-30 13:39:09.041
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-30 13:10:21.879
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll that did not meet the Microsoft signing level requirements.

  Date: 2013-11-30 13:10:21.754
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll that did not meet the Microsoft signing level requirements.

  Date: 2013-11-30 13:10:18.442
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll that did not meet the Microsoft signing level requirements.

  Date: 2013-11-30 13:10:09.332
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll that did not meet the Microsoft signing level requirements.

  Date: 2013-11-30 13:10:09.035
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 74%
Total physical RAM: 6036.28 MB
Available physical RAM: 1512.66 MB
Total Pagefile: 11668.28 MB
Available Pagefile: 5388.29 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:448.38 GB) (Free:87.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:16.27 GB) (Free:2.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive i: () (Removable) (Total:29.47 GB) (Free:29.47 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 466E2C46)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 6 GB) (Disk ID: C73F6553)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 29.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
__________________

Alt 22.05.2015, 19:59   #4
schrauber
/// the machine
/// TB-Ausbilder
 

500 Mails täglich von Outlook nach DHL Trojaner - Standard

500 Mails täglich von Outlook nach DHL Trojaner



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.05.2015, 11:24   #5
Sash1502
 
500 Mails täglich von Outlook nach DHL Trojaner - Standard

500 Mails täglich von Outlook nach DHL Trojaner



Hallo Schrauber,

vielen Dank für deine Hilfe.
Nachfolgend die gewünschten Log Dateien


Malwarebytes Anti-Malware
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 24.05.2015
Suchlauf-Zeit: 12:35:36
Logdatei: mwam.txt
Administrator: Ja

Version: 0.00.0.0000
Malware Datenbank: v2015.05.24.01
Rootkit Datenbank: v2015.05.16.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: s

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 460741
Verstrichene Zeit: 17 Std, 50 Min, 56 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         


AdwCleaner

Code:
ATTFilter
# AdwCleaner v4.205 - Bericht erstellt 25/05/2015 um 11:46:25
# Aktualisiert 21/05/2015 von Xplode
# Datenbank : 2015-05-24.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : s - SR_HP_ULTRABOOK
# Gestarted von : C:\Users\s\Desktop\AdwCleaner_4.205.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\s\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\s\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Ordner Gelöscht : C:\Users\s\AppData\Roaming\dvdvideosoftiehelpers
Datei Gelöscht : C:\Users\s\AppData\Roaming\LiveSupport.exe_log.txt
Datei Gelöscht : C:\Users\s\AppData\Roaming\regsvr32.exe_log.txt
Datei Gelöscht : C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_primeshare.tv_0.localstorage
Datei Gelöscht : C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_primeshare.tv_0.localstorage-journal

***** [ Geplante Tasks ] *****

Task Gelöscht : DSite

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v38.0.1 (x86 de)


-\\ Google Chrome v43.0.2357.65


*************************

AdwCleaner[R0].txt - [6114 Bytes] - [26/08/2013 15:44:01]
AdwCleaner[R1].txt - [1058 Bytes] - [26/08/2013 15:47:19]
AdwCleaner[R2].txt - [1119 Bytes] - [26/08/2013 15:48:12]
AdwCleaner[R3].txt - [1239 Bytes] - [26/08/2013 15:50:32]
AdwCleaner[R4].txt - [18632 Bytes] - [26/11/2013 22:34:44]
AdwCleaner[R5].txt - [1513 Bytes] - [27/11/2013 14:42:49]
AdwCleaner[R6].txt - [4354 Bytes] - [24/05/2015 12:09:35]
AdwCleaner[R7].txt - [3860 Bytes] - [25/05/2015 11:42:10]
AdwCleaner[S0].txt - [4511 Bytes] - [26/08/2013 15:45:15]
AdwCleaner[S1].txt - [1189 Bytes] - [26/08/2013 15:49:04]
AdwCleaner[S2].txt - [1309 Bytes] - [26/08/2013 15:51:07]
AdwCleaner[S3].txt - [18190 Bytes] - [26/11/2013 23:05:17]
AdwCleaner[S4].txt - [3722 Bytes] - [25/05/2015 11:46:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [3781  Bytes] ##########
         

Junkware Removal Tool

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.9 (05.24.2015:1)
OS: Windows 8.1 x64
Ran by s on 25.05.2015 at 11:51:17,35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2262038565-221129539-630273557-1001
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2262038565-221129539-630273557-500
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2567798722-2426003216-117595747-500
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-4175652003-2738746085-1523831210-500



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_25B1D1BADDAEDB1571E4D008134EB6A3



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\s\appdata\local\{26D783D1-CA72-40B1-9141-AE4B71B7488B}
Successfully deleted: [Empty Folder] C:\Users\s\appdata\local\{766AA640-9A5E-4402-AAF4-86E11DD98D3F}
Successfully deleted: [Empty Folder] C:\Users\s\appdata\local\{9BFB4E64-E654-4773-9281-3EC69D20F8AA}
Successfully deleted: [Empty Folder] C:\Users\s\appdata\local\{A6310268-8B72-4B2D-A45A-ED7B50724B51}



~~~ FireFox

Emptied folder: C:\Users\s\AppData\Roaming\mozilla\firefox\profiles\ql894xzp.default\minidumps [18 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.05.2015 at 12:00:17,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01
Ran by s (administrator) on SR_HP_ULTRABOOK on 25-05-2015 12:10:00
Running from C:\Users\s\Desktop
Loaded Profiles: s (Available Profiles: s & Gast)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(FUJIFILM Corporation.) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(hxxp://www.wftpserver.com) C:\Program Files (x86)\FTPRush\ftprush.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-09] (IDT, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-06-13] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-31] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [74160 2014-01-29] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [DATEVSetup] => C:\Users\s\AppData\Local\Temp\OYa04020\TLP\DATEVsetup.exe <===== ATTENTION
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [DVCServ] => C:\Program Files (x86)\DATEV-SiPa-compact\DVCSERV
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SMB60StarMoneyRunEntry] => C:\Program Files (x86)\StarMoney Business 6.0\app\oflagent.exe [51856 2015-05-20] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [icq] => C:\Users\s\AppData\Roaming\ICQM\icq.exe [28698984 2013-08-31] (ICQ)
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [StartMenuX] => C:\Program Files\Start Menu X\StartMenuX.exe [7673664 2013-11-20] (OrdinarySoft)
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [Allway Sync] => C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe [94920 2015-04-21] ()
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [Spotify Web Helper] => C:\Users\s\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-14] (Spotify Ltd)
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [EntscheiderClub Premium] => C:\Users\s\AppData\Local\EntscheiderClub Premium\EntscheiderClub Premium.exe [1121264 2015-01-29] (Wakoopa)
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [9c5bf01b358884ef955dbaaa237340c7] => "C:\Users\s\AppData\Local\9c5bf01b358884ef955dbaaa237340c7.exe"
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\MountPoints2: {edae7ff0-618c-11e3-beb2-8434978947f8} - "E:\AutoRun.exe" 
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\E-POST MAILER.lnk [2015-03-03]
ShortcutTarget: E-POST MAILER.lnk -> C:\Program Files (x86)\Deutsche Post AG\E-POST MAILER\EpostMailer.exe (Deutsche Post AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FUJIFILM PC AutoSave auf Standby.lnk [2015-04-05]
ShortcutTarget: FUJIFILM PC AutoSave auf Standby.lnk -> C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\Manager.exe (FUJIFILM Corporation.)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-09-30]
ShortcutTarget: Dropbox.lnk -> C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk [2015-01-20]
ShortcutTarget: Mediencenter.lnk -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [01Mediencenter_InSync] -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2014-06-12] (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [02Mediencenter_ToSync] -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2014-06-12] (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [03Mediencenter_Failed] -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2014-06-12] (Deutsche Telekom AG)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKU\S-1-5-21-2262038565-221129539-630273557-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.goodsyouneed.de/
SearchScopes: HKLM -> {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2262038565-221129539-630273557-1001 -> {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2262038565-221129539-630273557-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: SCardBHOEvent Class -> {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} -> C:\Program Files (x86)\DATEV-SiPa-compact\DVCCSASCardBHO64002.dll [2014-05-12] (DATEV eG)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: EntscheiderClub Premium -> {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} -> C:\Users\s\AppData\Local\Wakoopa Shared\WakoopaBHO-x64.dll [2015-01-29] (Wakoopa)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-19] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-12-17] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: SCardBHOEvent Class -> {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} -> C:\Program Files (x86)\DATEV-SiPa-compact\DVCCSASCardBHO002.dll [2014-05-12] (DATEV eG)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-19] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: EntscheiderClub Premium -> {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} -> C:\Users\s\AppData\Local\Wakoopa Shared\WakoopaBHO.dll [2015-01-29] (Wakoopa)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2262038565-221129539-630273557-1001 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default
FF Homepage: hxxp://t3n.de/|hxxp://www.logistik-watchblog.de/
FF NetworkProxy: "MM3ProxySwitch.type", 1
FF NetworkProxy: "ftp", "127.0.0.1"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-18] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-18] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-06-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-06-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-19] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-07-24] (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\abs@avira.com [2015-04-27]
FF Extension: YouTube Unblocker - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\youtubeunblocker@unblocker.yt [2014-11-05]
FF Extension: Hide My Ass Proxy Extension - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\extension@hidemyass.com.xpi [2013-06-29]
FF Extension: Soundcloud SUPER +2: Downloader and Recommender - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi [2013-08-23]
FF Extension: SoundCloud Downloader - Technowise - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2013-08-23]
FF Extension: Adblock Plus - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-19]
FF Extension: {f5110906-1b93-4640-a7fe-12251b0b7b10} - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{f5110906-1b93-4640-a7fe-12251b0b7b10}.xpi [2014-12-08]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com [2013-09-01]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-09-02]

Chrome: 
=======
CHR Profile: C:\Users\s\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-29]
CHR Extension: (Google Drive) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-29]
CHR Extension: (EntscheiderClub Premium) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbojioefbafdanbjbdhhmoblcbikeia [2015-03-29]
CHR Extension: (YouTube) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-29]
CHR Extension: (Google Cast) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-05-30]
CHR Extension: (Adblock Plus) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-30]
CHR Extension: (Google Search) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-29]
CHR Extension: (Bookmark Manager) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-23]
CHR Extension: (Google Wallet) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-29]
CHR Extension: (Gmail) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-29]
CHR Profile: C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06]
CHR Extension: (Google Docs) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google Drive) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-06]
CHR Extension: (YouTube) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-06]
CHR Extension: (Google Search) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-06]
CHR Extension: (Google Sheets) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06]
CHR Extension: (Skype Click to Call) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-06]
CHR Extension: (DVDVideoSoft) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2015-02-06]
CHR Extension: (Google Wallet) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-06]
CHR Extension: (Gmail) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-06]
CHR Profile: C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06]
CHR Extension: (Google Docs) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google Drive) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-06]
CHR Extension: (YouTube) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-06]
CHR Extension: (Google Search) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-06]
CHR Extension: (Google Sheets) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06]
CHR Extension: (Avira Browser Safety) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-06]
CHR Extension: (Skype Click to Call) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-06]
CHR Extension: (DVDVideoSoft) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2015-02-06]
CHR Extension: (Google Wallet) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-06]
CHR Extension: (Gmail) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-06]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [109568 2013-09-30] (Microsoft Corporation) []
S2 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182784 2015-04-13] () []
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 FFPCAutoSave; C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe [94208 2013-02-28] (FUJIFILM Corporation.) []
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) []
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) []
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) []
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-06-13] (Intel Corporation)
S2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-06-13] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S2 StarMoney 10 OnlineUpdate; C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe [688272 2015-04-15] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S2 StarMoney Business 6.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) []
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5491984 2015-05-13] (TeamViewer GmbH)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2014-01-29] (Check Point Software Technologies LTD)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-12] (Avira Operations GmbH & Co. KG)
S1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [46792 2013-09-17] (AnchorFree Inc.)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-21] (Intel Corporation)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-07-17] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2013-02-21] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-10-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [489056 2013-10-08] (Kaspersky Lab ZAO)
R3 KOBCCID; C:\Windows\system32\drivers\KOBCCID.sys [116864 2014-03-18] (KOBIL Systems GmbH)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-13] (Synaptics Incorporated)
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-08-13] (Anchorfree Inc.)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [454168 2013-10-23] (Check Point Software Technologies LTD)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
U0 dmboot; No ImagePath
S3 ewusbnet; \SystemRoot\system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 12:10 - 2015-05-25 12:11 - 00036503 _____ () C:\Users\s\Desktop\FRST.txt
2015-05-25 12:09 - 2015-05-25 12:09 - 00000000 ____D () C:\Users\s\Desktop\FRST-OlderVersion
2015-05-25 12:00 - 2015-05-25 12:00 - 00001820 _____ () C:\Users\s\Desktop\JRT.txt
2015-05-25 11:53 - 2015-05-25 11:53 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2262038565-221129539-630273557-1001
2015-05-25 11:51 - 2015-05-25 11:51 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-SR_HP_ULTRABOOK-Windows-8.1-(64-bit).dat
2015-05-25 11:51 - 2015-05-25 11:51 - 00000000 ____D () C:\RegBackup
2015-05-25 11:50 - 2015-05-24 19:35 - 02945770 _____ (Thisisu) C:\Users\s\Desktop\JRT_NEW.exe
2015-05-24 12:38 - 2015-05-24 12:38 - 00001200 _____ () C:\Users\s\Desktop\mwam.txt
2015-05-24 12:37 - 2015-05-24 12:37 - 00000054 _____ () C:\Users\s\Desktop\boxen.txt
2015-05-23 17:57 - 2015-05-25 11:48 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 17:56 - 2015-05-23 17:56 - 02222592 _____ () C:\Users\s\Desktop\AdwCleaner_4.205.exe
2015-05-23 17:55 - 2015-05-23 17:55 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-23 17:55 - 2015-05-23 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-23 17:55 - 2015-05-23 17:55 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-23 17:55 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-05-23 17:55 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-23 17:55 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-23 17:50 - 2015-05-23 17:51 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\s\Desktop\mbam-setup-2.1.6.1022.exe
2015-05-20 22:18 - 2015-05-25 12:10 - 00000000 ____D () C:\FRST
2015-05-20 22:17 - 2015-05-25 12:09 - 02108416 _____ (Farbar) C:\Users\s\Desktop\FRST64.exe
2015-05-19 13:59 - 2015-05-19 13:59 - 00001255 _____ () C:\WINDOWS\system32\TeamViewer10_Hooks.log
2015-05-19 00:52 - 2015-05-19 00:51 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-05-19 00:51 - 2015-05-19 00:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-05-18 22:37 - 2015-05-18 22:37 - 00000000 ____D () C:\ProgramData\StarMoney 10
2015-05-18 22:37 - 2015-05-18 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 10
2015-05-18 22:30 - 2015-05-25 11:38 - 00000000 ____D () C:\Program Files (x86)\StarMoney 10
2015-05-18 09:55 - 2015-05-18 10:37 - 00000000 ____D () C:\KVRT_Data
2015-05-14 16:14 - 2015-05-14 16:14 - 00000123 _____ () C:\Users\s\Desktop\Collmex.url
2015-05-02 03:04 - 2015-05-02 03:04 - 00000000 ____D () C:\Users\s\Documents\Hausverwalter
2015-05-02 03:04 - 2015-05-02 03:04 - 00000000 ____D () C:\Users\s\AppData\Roaming\Buhl Data Service
2015-05-02 03:04 - 2015-05-02 03:04 - 00000000 ____D () C:\Users\s\AppData\Local\Buhl Data Service
2015-05-02 03:03 - 2015-05-04 12:14 - 00000647 _____ () C:\WINDOWS\wiso.ini
2015-05-02 03:03 - 2015-05-02 03:03 - 00002131 _____ () C:\Users\Public\Desktop\WISO Hausverwalter 2015.lnk
2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\Users\s\AppData\Roaming\Buhl
2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\Users\s\AppData\Local\Buhl
2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Hausverwalter 2015
2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\Program Files (x86)\Buhl
2015-05-02 03:02 - 2015-05-02 03:03 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2015-04-28 23:55 - 2015-04-28 23:55 - 00001733 _____ () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Copy of plentymarkets.lnk
2015-04-28 23:49 - 2015-04-28 23:49 - 07810528 _____ (plentymarkets GmbH) C:\Users\s\plentymarkets_updater_windows_216.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 12:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-25 11:53 - 2015-03-03 08:57 - 00000106 _____ () C:\WINDOWS\system32\mfilemon.log
2015-05-25 11:53 - 2013-06-22 18:48 - 00000000 ____D () C:\Users\s\AppData\Roaming\FTPRush
2015-05-25 11:51 - 2014-04-29 13:07 - 00001150 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-25 11:49 - 2015-01-20 02:14 - 00000000 ___RD () C:\Users\s\Mediencenter
2015-05-25 11:49 - 2014-05-27 17:55 - 00000000 ___RD () C:\Users\s\Dropbox
2015-05-25 11:49 - 2014-05-27 17:53 - 00000000 ____D () C:\Users\s\AppData\Roaming\Dropbox
2015-05-25 11:49 - 2013-11-30 16:56 - 01580319 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-25 11:48 - 2014-04-29 13:07 - 00001146 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-25 11:48 - 2013-11-30 17:11 - 00000000 ___DO () C:\Users\s\SkyDrive
2015-05-25 11:47 - 2013-09-29 21:04 - 00378580 _____ () C:\WINDOWS\PFRO.log
2015-05-25 11:47 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-25 11:47 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-25 11:47 - 2013-05-14 23:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-25 11:46 - 2013-08-26 15:43 - 00000000 ____D () C:\AdwCleaner
2015-05-25 11:46 - 2013-05-11 16:48 - 00000000 ____D () C:\Users\s\AppData\Roaming\CheckPoint
2015-05-25 11:42 - 2013-05-14 23:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-25 11:38 - 2015-04-14 21:31 - 00000000 ____D () C:\Program Files (x86)\StarMoney Business 6.0
2015-05-25 11:38 - 2015-02-27 21:25 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2015-05-24 12:42 - 2013-08-22 16:44 - 05142448 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-24 12:41 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-24 12:40 - 2013-05-14 23:57 - 00000000 ____D () C:\Users\s\Documents\Outlook-Dateien
2015-05-24 12:35 - 2014-06-10 15:20 - 00000000 ____D () C:\Users\s\AppData\Roaming\Spotify
2015-05-23 18:28 - 2015-02-11 19:16 - 00000000 ____D () C:\Users\s\AppData\Local\Windows Live
2015-05-23 18:23 - 2013-08-07 14:13 - 00000000 ____D () C:\Users\s\AppData\Roaming\vlc
2015-05-23 17:55 - 2013-11-26 22:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-23 15:17 - 2013-09-30 06:14 - 01980934 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-23 15:17 - 2013-09-30 05:56 - 00842568 _____ () C:\WINDOWS\system32\perfh007.dat
2015-05-23 15:17 - 2013-09-30 05:56 - 00191764 _____ () C:\WINDOWS\system32\perfc007.dat
2015-05-23 12:05 - 2014-06-10 15:21 - 00000000 ____D () C:\Users\s\AppData\Local\Spotify
2015-05-22 14:00 - 2014-08-28 21:12 - 00000408 _____ () C:\WINDOWS\Tasks\Allway Sync_{4E6949520858136489535401CF6DD6A8}.job
2015-05-22 01:43 - 2014-01-02 20:14 - 00003154 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleFors
2015-05-22 01:43 - 2014-01-02 20:14 - 00000348 _____ () C:\WINDOWS\Tasks\HPCeeScheduleFors.job
2015-05-20 21:58 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-19 14:00 - 2013-11-22 17:08 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-05-19 13:59 - 2015-04-21 20:19 - 00000985 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-05-19 00:52 - 2013-10-21 18:27 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-19 00:51 - 2013-10-21 18:27 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-18 22:34 - 2013-08-22 15:25 - 00017486 _____ () C:\WINDOWS\system32\Drivers\etc\services
2015-05-18 22:15 - 2012-08-24 18:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-18 22:00 - 2014-09-02 12:01 - 00000000 ____D () C:\Users\s\AppData\Local\Adobe
2015-05-18 21:46 - 2012-08-24 18:00 - 00000000 ____D () C:\ProgramData\Temp
2015-05-18 00:39 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-17 15:31 - 2013-08-22 16:46 - 00336769 _____ () C:\WINDOWS\setupact.log
2015-05-17 13:16 - 2013-05-12 21:28 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-05-17 06:45 - 2014-04-29 13:07 - 00004122 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 06:45 - 2014-04-29 13:07 - 00003886 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-05 13:15 - 2015-03-05 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-05 13:12 - 2014-07-07 17:21 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-05-05 13:12 - 2014-07-07 17:21 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-05-04 12:29 - 2014-12-17 14:50 - 00000000 ____D () C:\WINDOWS\uninstall
2015-05-04 12:29 - 2014-12-17 14:50 - 00000000 ____D () C:\Program Files (x86)\CDN YabeOffice Daten
2015-05-04 12:29 - 2014-12-17 14:50 - 00000000 ____D () C:\Program Files (x86)\CDN YabeOffice
2015-05-04 12:18 - 2014-04-30 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Allway Sync
2015-05-04 12:18 - 2014-04-30 18:22 - 00000000 ____D () C:\Program Files (x86)\Allway Sync
2015-04-28 23:55 - 2014-09-21 17:41 - 00001784 _____ () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\plentymarkets.lnk
2015-04-28 23:55 - 2014-03-03 14:32 - 00000000 ____D () C:\Program Files\plentymarkets
2015-04-28 23:49 - 2013-11-30 16:48 - 00000000 ____D () C:\Users\s

==================== Files in the root of some directories =======

2013-05-10 12:25 - 2013-06-08 12:51 - 0013930 _____ () C:\Users\s\AppData\Roaming\AbsoluteReminder.xml
2014-03-18 16:19 - 2014-03-18 16:20 - 0000834 _____ () C:\Users\s\AppData\Local\belegtransfer_setup.log
2014-09-02 20:25 - 2014-09-02 20:25 - 0002273 _____ () C:\Users\s\AppData\Local\recently-used.xbel
2014-03-18 12:27 - 2015-01-14 11:46 - 0718262 _____ () C:\Users\s\AppData\Local\tempvcredist_x64.log
2014-02-09 18:25 - 2014-02-09 18:25 - 0000011 _____ () C:\ProgramData\.tv7

Files to move or delete:
====================
C:\Users\s\plentymarkets_updater_windows_207.exe
C:\Users\s\plentymarkets_updater_windows_208.exe
C:\Users\s\plentymarkets_updater_windows_209.exe
C:\Users\s\plentymarkets_updater_windows_210.exe
C:\Users\s\plentymarkets_updater_windows_213.exe
C:\Users\s\plentymarkets_updater_windows_214.exe
C:\Users\s\plentymarkets_updater_windows_215.exe
C:\Users\s\plentymarkets_updater_windows_216.exe
C:\Users\s\plentymarkets_windows_212.exe


Some files in TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\avgnt.exe
C:\Users\s\AppData\Local\Temp\avgnt.exe
C:\Users\s\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvybihd.dll
C:\Users\s\AppData\Local\Temp\FreeStudio.exe
C:\Users\s\AppData\Local\Temp\i4jdel0.exe
C:\Users\s\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\s\AppData\Local\Temp\proxy_vole5753558156256649135.dll
C:\Users\s\AppData\Local\Temp\Quarantine.exe
C:\Users\s\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 12:53

==================== End of log ============================
         
Addition

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
Ran by s at 2015-05-25 12:12:39
Running from C:\Users\s\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2262038565-221129539-630273557-500 - Administrator - Disabled)
fbwuser (S-1-5-21-2262038565-221129539-630273557-1005 - Limited - Disabled)
Gast (S-1-5-21-2262038565-221129539-630273557-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-2262038565-221129539-630273557-1003 - Limited - Enabled)
s (S-1-5-21-2262038565-221129539-630273557-1001 - Administrator - Enabled) => C:\Users\s

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: ZoneAlarm Antivirus (Enabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.13 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Allway Sync version 15.1.9 (HKLM-x32\...\Allway Sync_is1) (Version:  - Botkind Inc)
Ant Renamer (HKLM-x32\...\Ant Renamer 2_is1) (Version: 2.10.0 - Ant Software)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DATEV Belegtransfer V.3.22 (HKLM-x32\...\{EC561A24-754E-44F1-B76F-2FDA3DF9E912}) (Version: 2.03 - DATEV eG)
DATEV Installation V.2.74 (HKLM-x32\...\DATEVB00000482.0) (Version:  - )
DATEV Sicherheitspaket - compact (HKLM-x32\...\{13D2D749-7F84-4A63-A09E-3DFDBA4E03EF}) (Version: 2.40.0001 - DATEV eG)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Dropbox (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
DVS Video Downloader Addon for Mozilla Firefox version 4.3.4.15 (HKLM-x32\...\DVS Video Downloader Addon for Mozilla Firefox_is1) (Version: 4.3.4.15 - DVDVideoSoft Ltd.)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
EntscheiderClub Premium (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\EntscheiderClub Premium) (Version:  - Wakoopa B.V.)
E-POST MAILER (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\{6e991dbc-fbeb-434e-b0c0-20f336054450}) (Version: 2.0.1.1972 - Deutsche Post AG)
E-POST MAILER (x32 Version: 2.0.1.1925 - Deutsche Post AG) Hidden
E-POST MAILER Drucker (Version: 2.0.1.1925 - Deutsche Post AG) Hidden
E-POST MAILER Start (x32 Version: 1.0.0.0 - Deutsche Post AG) Hidden
etope Lister 2 (HKLM-x32\...\etope Lister_is1) (Version:  - Freshworx GmbH & Co.KG)
Evernote v. 5.8.1 (HKLM-x32\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.)
Free Studio version 6.4.2.113 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.2.113 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.17.1125 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.17.1125 - DVDVideoSoft Ltd.)
FTPRush 2.1.8 (HKLM-x32\...\FTP Rush_is1) (Version: 2.1.8 - wftpserver.com)
FUJIFILM PC AutoSave (HKLM-x32\...\{872F1306-0DB6-45EC-832E-2F5D3A56CF99}) (Version: 1.0.0 - FUJIFILM)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{AB5BCC55-18E2-46C7-9405-FF61CB888F05}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{0D3A6808-82B8-4BB1-BE5A-AED75B3F6C02}) (Version: 2.20.11 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{D044EBE7-94E7-4C49-90FC-9069E3F374E1}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Quick Launch (HKLM-x32\...\{609B11CC-8CED-4116-AD8A-A72168894D39}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
ICQ 8.1 (build 6337) (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\ICQ) (Version: 8.1.6337.0 - Mail.Ru)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KOBIL CCID driver x64x86 (x32 Version: 1.013.02121 - KOBIL Systems) Hidden
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mediencenter 3.9.1055.64 (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Mediencenter) (Version: 3.9.1055.64 - Deutsche Telekom AG)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
Multi file port monitor (mfilemon) 1.5.1 (HKLM\...\{A932243F-381F-434C-B18E-4F09D2F015F8}_is1) (Version: 1.5.1 - Monti Lorenzo)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Password Memory 4.1.2 (HKLM-x32\...\ca_keynote_is1) (Version: 4.1.2 - Code:Aero Technologies)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
plentymarkets 216 (HKLM-x32\...\5841-3682-4824-5789) (Version: 216 - plentymarkets GmbH)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Spotify) (Version: 1.0.5.178.g885b099b - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
StarMoney (x32 Version: 4.0.7.94 - StarFinanz) Hidden
StarMoney (x32 Version: 5.0.0.226 - StarFinanz) Hidden
StarMoney 10  (HKLM-x32\...\{F061A207-B07B-4E1D-8655-286BBBB3E2CC}) (Version: 10 - Star Finanz GmbH)
StarMoney 9.0  (HKLM-x32\...\{E50EB864-0852-4249-A1B9-96CED146E52B}) (Version: 9.0 - Star Finanz GmbH)
StarMoney Business 6.0  (HKLM-x32\...\{8BE45DD0-1BB0-4E3D-9940-9D92C5B52BAB}) (Version: 6.0 - Star Finanz GmbH)
Start Menu X Version 5.02 (HKLM\...\{3E494002-985C-4908-B72C-5B4DD15BE090}_is1) (Version: 5.02 - OrdinarySoft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.42650 - TeamViewer)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WISO Hausverwalter 2015 (HKLM-x32\...\{E821384E-D24C-4316-9D86-872F95ED92F0}) (Version: 9.00.8468 - Buhl Data Service GmbH)
ZoneAlarm Antivirus (x32 Version: 12.0.121.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 12.0.121.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 12.0.121.000 - Check Point)
ZoneAlarm Security (x32 Version: 12.0.121.000 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{268502F4-815D-4358-A8D6-B783FDB58EF0}\InprocServer32 -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.ContextMenuHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}\InprocServer32 -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}\InprocServer32 -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}\InprocServer32 -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

18-05-2015 22:14:20 Installiert StarMoney

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09A9D1BB-CC0A-45D0-B9A9-691712E9122D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {11512367-DAEA-4113-9F27-98A7BFA4A5AC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {17DEAEAD-5874-411D-B661-12F9FB3044D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {2A196FE1-2322-4811-882B-905EAF8FB978} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {42FBFC55-ACCC-4121-AD29-71B8636EFE2A} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-08-19] (Hewlett-Packard Development Company, L.P.)
Task: {8157EF01-0930-4747-A3E2-054BB4278C09} - \Optimize Start Menu Cache Files-S-1-5-21-2262038565-221129539-630273557-500 No Task File <==== ATTENTION
Task: {898CD2B7-EF24-4ED8-A572-329FCF4AE92D} - System32\Tasks\{F6BBF5FB-2A3D-4BA1-853E-6C46DE6EFC5B} => pcalua.exe -a "C:\Program Files (x86)\MultiProxy\uninstall.exe" -d "C:\Program Files (x86)\MultiProxy"
Task: {8DA74E5E-BF32-42FC-850C-5C8DFDD5E7CC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {9EE09341-E1F1-4B2D-A58E-9808BE8A8726} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {9FACF286-E864-427A-A9F4-07E29BE178FA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {AB713B58-8184-413F-8BBF-7FFDFC895289} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {AF9E4EA1-40E4-4098-9E62-E3C2BA309555} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-29] (Google Inc.)
Task: {B65CC303-6A43-4666-AE7A-F6DD23051E52} - System32\Tasks\HPCeeScheduleFors => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {B97EBAE3-14F0-462D-9768-EBB19F72BB80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-29] (Google Inc.)
Task: {C56BD8AB-BF86-4FE9-9BBC-0DDE1420BDBA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {E8BFD69A-2607-4D93-8015-C28198CBF9F6} - System32\Tasks\Allway Sync_{4E6949520858136489535401CF6DD6A8} => C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe [2015-04-21] ()
Task: {F1624858-F5D9-439E-832B-0496983BEC90} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-07-20] (Intel)
Task: C:\WINDOWS\Tasks\Allway Sync_{4E6949520858136489535401CF6DD6A8}.job => C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleFors.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (Whitelisted) ==============

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-26 15:02 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-08-26 15:02 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-08-26 15:02 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-08-26 15:02 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-08-26 15:02 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-02-28 19:14 - 2013-02-28 19:14 - 00118784 _____ () C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\libFFIR.dll
2013-02-28 19:14 - 2013-02-28 19:14 - 00188416 _____ () C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\FFWB.dll
2013-02-28 19:14 - 2013-02-28 19:14 - 00135168 _____ () C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\libFTLPTPIP.dll
2013-08-31 10:20 - 2013-08-31 10:20 - 00308048 _____ () C:\Users\s\AppData\Roaming\ICQM\ICQ\dll\mramenu.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0966080E
AlternateDataStreams: C:\Users\s\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2262038565-221129539-630273557-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\s\Pictures\photo-1415226620463-aedee27159c5.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Twonky Server.lnk"
HKLM\...\StartupApproved\StartupFolder: => "CDN Yabe Office.lnk"
HKLM\...\StartupApproved\StartupFolder: => "E-POST MAILER.lnk"
HKLM\...\StartupApproved\StartupFolder: => "FUJIFILM PC AutoSave auf Standby.lnk"
HKLM\...\StartupApproved\Run: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "ZoneAlarm Installer"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "DVCServ"
HKLM\...\StartupApproved\Run32: => "DATEVSetup"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\StartupApproved\Run: => "icq"
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\StartupApproved\Run: => "EntscheiderClub Premium"
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\StartupApproved\Run: => "9c5bf01b358884ef955dbaaa237340c7"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E7394822-19FD-4263-8A5B-C56FC9586959}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{9C1AA961-87D8-43C9-A409-B9075BA40BA0}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{62632452-45E0-4A04-90C7-731B2D587CB4}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{1FF59A7C-422C-4678-BFF6-DABFC2D8F96A}] => (Allow) C:\Users\s\AppData\Roaming\ICQM\icq.exe
FirewallRules: [{D72A5104-3D6C-4A90-BD72-44C21639BD2C}] => (Allow) C:\Users\s\AppData\Roaming\ICQM\icq.exe
FirewallRules: [{AD05BABA-6646-4C3A-986E-CC7BA770AD38}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exe
FirewallRules: [{890D8DA8-AAD1-49CB-BCB0-2A21237F60D5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{B0CAB26B-7B5F-480E-8CA9-2285194FE692}] => (Allow) LPort=1900
FirewallRules: [{FCF99A43-9699-4020-8128-D1F18CF0D614}] => (Allow) LPort=2869
FirewallRules: [{5BEF5397-0FC8-49E3-9FC1-51B5F68A7DD0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [TCP Query User{23C78A46-DA51-4410-8FD7-B92D9CD0182F}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{20CADABF-5640-4640-AAD0-0FCB7C768A6D}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{7919D2CD-2FBE-4047-AB76-C729ABC33759}] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{E0CB3568-2010-42AF-9F86-0EFFCE56D4C9}] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{F98A1208-C992-4820-BB99-EB19AA0AE8E1}C:\program files (x86)\ftprush\ftprush.exe] => (Allow) C:\program files (x86)\ftprush\ftprush.exe
FirewallRules: [UDP Query User{797FCA2A-1C08-4917-849B-FDF7B93C63D8}C:\program files (x86)\ftprush\ftprush.exe] => (Allow) C:\program files (x86)\ftprush\ftprush.exe
FirewallRules: [{A17DF673-784F-4FD7-9723-305EBE15D116}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
FirewallRules: [{C91441AD-8F11-47A0-BB59-AA7B1F65A330}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
FirewallRules: [{FFF639CC-4A34-4347-A8A8-41CD3587376F}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
FirewallRules: [{2E78FCC5-454A-40AE-AA7D-D8E42CE68DEE}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
FirewallRules: [{2CF1C950-CD39-4021-8BF7-579969943023}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{D824EF1C-3643-48B6-8124-CD6BACB04531}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{29B09A44-3E1B-4004-A26E-3B60B19074D5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{862EEF92-8F16-4AA7-BE44-65ECECA6E968}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [TCP Query User{8E58FFEC-E106-4FC8-8ABB-CFD051248184}C:\program files (x86)\ftprush\ftprush.exe] => (Block) C:\program files (x86)\ftprush\ftprush.exe
FirewallRules: [UDP Query User{4384D3B5-3319-4104-9995-38A628A32252}C:\program files (x86)\ftprush\ftprush.exe] => (Block) C:\program files (x86)\ftprush\ftprush.exe
FirewallRules: [TCP Query User{B78A5B98-5FF3-459F-A408-9EF6FAE44ADB}C:\users\s\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\s\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{55ECA24A-5568-4287-BC3B-0AC17527631C}C:\users\s\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\s\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{AB5DD043-E289-4BD5-96D1-C6C36E485418}C:\users\s\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\s\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{F6A8BB49-2AF7-467A-94E4-C590CE0C0CE2}C:\users\s\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\s\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{56BC7622-B916-435E-A99E-B3F97DC2B7B2}C:\program files\plentymarkets\plentymarkets.exe] => (Allow) C:\program files\plentymarkets\plentymarkets.exe
FirewallRules: [UDP Query User{AE302455-86AB-4369-BC73-705BE5491036}C:\program files\plentymarkets\plentymarkets.exe] => (Allow) C:\program files\plentymarkets\plentymarkets.exe
FirewallRules: [{7FCF99BE-B64C-4253-9875-049FD6EE6AA9}] => (Allow) C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{77EE1C70-93F9-471C-AC16-B65023CD0F59}] => (Allow) C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{EE98B557-949C-417A-930B-F7A073B7F3F7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{0C152529-6A25-4C14-B1B7-2CD6EF949FC2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{2948C0C7-1B75-4F31-A81B-E9A3248DEA61}C:\users\s\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\s\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8EA478D7-4D10-4161-9219-926541B70169}C:\users\s\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\s\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{F14AC53E-5CEF-49FE-9CBB-0DF22A816B1D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{FDB4C01D-F4D9-4938-8095-2C74532A5B93}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{DC3DFE60-96C4-47C4-A493-981FF86CFA53}C:\program files\plentymarkets\plentymarkets.exe] => (Allow) C:\program files\plentymarkets\plentymarkets.exe
FirewallRules: [UDP Query User{92A4DB3C-4104-4936-8AA3-F71440316A3E}C:\program files\plentymarkets\plentymarkets.exe] => (Allow) C:\program files\plentymarkets\plentymarkets.exe
FirewallRules: [TCP Query User{C0129FFD-FFE5-422E-84E4-643D59C0C0F4}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{431F683D-E82A-4A6C-B687-E37281C041A0}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{F0AD5292-DE10-4214-B6A5-447ED58AC720}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{379F69FE-3BC4-4C53-B85A-904B4114A44E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{792EDE5E-D31B-4320-9A52-CEE928322F1C}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{6AC56DAE-8C18-4920-8EAC-1101786C3F3E}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{33F25883-60DB-49D3-A745-F5F64C7C0560}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\app\StarMoney.exe
FirewallRules: [{801CE9A9-9D86-4CD9-B237-E2CAD0A1F3D3}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\app\StarMoney.exe
FirewallRules: [TCP Query User{6BB9E385-A916-4AE9-9ACB-E699B7747A9B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{037EDFE1-43DE-4272-B543-1C13CCC0D876}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{B63DAE1C-FE80-4F4B-A7AE-43644616C7AB}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PairingWizard.exe
FirewallRules: [{4A7A5C9B-EED4-40B1-AD45-6960AA5648A1}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PairingWizard.exe
FirewallRules: [{775848ED-0AC4-4EC6-93BA-1287B0787B13}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe
FirewallRules: [{73F0DEAF-3EAC-44CD-B822-FD6026AEB483}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe
FirewallRules: [{DFB9FE53-F7E1-4722-9045-7BE36A899B8A}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{DA13A301-BC4D-4410-8E2E-C0A71DDA511E}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{7EA59164-96B1-4AC8-B02B-9AE5D204C320}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\app\StarMoney.exe
FirewallRules: [{44984E01-EA4E-4B26-A680-8F5CEC2E1BC9}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\app\StarMoney.exe
FirewallRules: [{404D4D02-9942-438D-B5B3-73A380C233F4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{78EBD91E-BE77-48D1-9C3D-69DEAE23945B}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{695BCC07-367E-4D56-8799-C8042E5E9CC9}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{D39A23BF-94FA-498F-A9C6-3E18E77E3519}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe
FirewallRules: [{C6706BC1-2DF5-448D-BBE8-313A44848299}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe
FirewallRules: [{31509B17-9DBE-4214-89B0-71BD92256E48}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E5D41589-171C-4DB9-AB20-5C876F558093}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{00E4A3C8-9DCE-4AAB-A725-3E7D8AA2CBFE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E549719D-2ADD-463E-AE7F-146D1FD3FD88}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{51781ACE-FC85-4D39-A795-41AF1A2764AB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2015 11:47:29 AM) (Source: SideBySide) (EventID: 79) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1".
Die Einstellung "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName" ist nicht registriert.

Error: (05/25/2015 11:42:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17284 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: f18

Startzeit: 01d0960ffc0fa0ed

Endzeit: 0

Anwendungspfad: C:\WINDOWS\Explorer.EXE

Berichts-ID: 30e688d5-02c2-11e5-bf18-8434978947f8

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (05/25/2015 11:39:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20856 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: b10

Startzeit: 01d09610078fd03e

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: e4a24f5b-02c1-11e5-bf18-8434978947f8

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/24/2015 00:42:58 PM) (Source: SideBySide) (EventID: 79) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1".
Die Einstellung "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName" ist nicht registriert.

Error: (05/20/2015 01:16:59 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "\\?\Volume{57f9d638-36f8-48f8-a7aa-395529054261}\" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (05/20/2015 01:16:59 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "WINRE" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (05/19/2015 10:15:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_stisvc, Version: 6.3.9600.16384, Zeitstempel: 0x5215dfe3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22
Ausnahmecode: 0xc0000008
Fehleroffset: 0x000000000009355a
ID des fehlerhaften Prozesses: 0x9dc
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_stisvc0
Pfad der fehlerhaften Anwendung: svchost.exe_stisvc1
Pfad des fehlerhaften Moduls: svchost.exe_stisvc2
Berichtskennung: svchost.exe_stisvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_stisvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_stisvc5

Error: (05/19/2015 01:24:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000052f0b
ID des fehlerhaften Prozesses: 0xf78
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Vollständiger Name des fehlerhaften Pakets: vlc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: vlc.exe5

Error: (05/19/2015 00:55:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 37.0.2.5583, Zeitstempel: 0x552ef76c
Name des fehlerhaften Moduls: mozalloc.dll, Version: 37.0.2.5583, Zeitstempel: 0x552ee9ae
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0xc0
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5

Error: (05/19/2015 00:49:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jre-8u45-windows-i586-iftw.exe, Version: 8.0.450.15, Zeitstempel: 0x5542981d
Name des fehlerhaften Moduls: jre-8u45-windows-i586-iftw.exe, Version: 8.0.450.15, Zeitstempel: 0x5542981d
Ausnahmecode: 0x40000015
Fehleroffset: 0x0005d386
ID des fehlerhaften Prozesses: 0xadc
Startzeit der fehlerhaften Anwendung: 0xjre-8u45-windows-i586-iftw.exe0
Pfad der fehlerhaften Anwendung: jre-8u45-windows-i586-iftw.exe1
Pfad des fehlerhaften Moduls: jre-8u45-windows-i586-iftw.exe2
Berichtskennung: jre-8u45-windows-i586-iftw.exe3
Vollständiger Name des fehlerhaften Pakets: jre-8u45-windows-i586-iftw.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: jre-8u45-windows-i586-iftw.exe5


System errors:
=============
Error: (05/25/2015 11:53:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/25/2015 11:53:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/25/2015 11:53:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "IconMan_R" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/25/2015 11:53:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "HP Support Assistant Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/25/2015 11:53:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Software Framework Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/25/2015 11:52:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Spybot-S&D 2 Updating Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/25/2015 11:52:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/25/2015 11:52:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "ZoneAlarm Privacy Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/25/2015 11:52:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "StarMoney 10 OnlineUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/25/2015 11:52:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "StarMoney Business 6.0 OnlineUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office:
=========================
Error: (05/25/2015 11:47:29 AM) (Source: SideBySide) (EventID: 79) (User: )
Description: hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNameC:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

Error: (05/25/2015 11:42:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.17284f1801d0960ffc0fa0ed0C:\WINDOWS\Explorer.EXE30e688d5-02c2-11e5-bf18-8434978947f8

Error: (05/25/2015 11:39:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20856b1001d09610078fd03e4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exee4a24f5b-02c1-11e5-bf18-8434978947f8microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (05/24/2015 00:42:58 PM) (Source: SideBySide) (EventID: 79) (User: )
Description: hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNameC:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

Error: (05/20/2015 01:16:59 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: \\?\Volume{57f9d638-36f8-48f8-a7aa-395529054261}\Falscher Parameter. (0x80070057)

Error: (05/20/2015 01:16:59 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: WINREFalscher Parameter. (0x80070057)

Error: (05/19/2015 10:15:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_stisvc6.3.9600.163845215dfe3ntdll.dll6.3.9600.1727853eebd22c0000008000000000009355a9dc01d091a2ea8430a8C:\WINDOWS\system32\svchost.exeC:\WINDOWS\SYSTEM32\ntdll.dll2c6091a1-fdff-11e4-bf17-8434978947f8

Error: (05/19/2015 01:24:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.3.9600.1727853eebd22c00000050000000000052f0bf7801d091c19add12fbC:\Program Files\VideoLAN\VLC\vlc.exeC:\WINDOWS\SYSTEM32\ntdll.dll18ac1534-fdb5-11e4-bf17-8434978947f8

Error: (05/19/2015 00:55:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.2.5583552ef76cmozalloc.dll37.0.2.5583552ee9ae8000000300001aa1c001d091bd2af897d8C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlled66422c-fdb0-11e4-bf17-8434978947f8

Error: (05/19/2015 00:49:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: jre-8u45-windows-i586-iftw.exe8.0.450.155542981djre-8u45-windows-i586-iftw.exe8.0.450.155542981d400000150005d386adc01d091bb8fc133fdC:\Users\s\Desktop\Downloads\jre-8u45-windows-i586-iftw.exeC:\Users\s\Desktop\Downloads\jre-8u45-windows-i586-iftw.exe1a0576c9-fdb0-11e4-bf17-8434978947f8


CodeIntegrity Errors:
===================================
  Date: 2013-11-30 15:06:55.497
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-30 14:42:41.927
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-30 14:39:40.327
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-30 13:40:28.974
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-30 13:39:09.041
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-30 13:10:21.879
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll that did not meet the Microsoft signing level requirements.

  Date: 2013-11-30 13:10:21.754
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll that did not meet the Microsoft signing level requirements.

  Date: 2013-11-30 13:10:18.442
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll that did not meet the Microsoft signing level requirements.

  Date: 2013-11-30 13:10:09.332
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll that did not meet the Microsoft signing level requirements.

  Date: 2013-11-30 13:10:09.035
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 25%
Total physical RAM: 6036.28 MB
Available physical RAM: 4500.05 MB
Total Pagefile: 11668.28 MB
Available Pagefile: 9739.39 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:448.38 GB) (Free:44.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:16.27 GB) (Free:2.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive i: () (Removable) (Total:29.47 GB) (Free:29.47 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 466E2C46)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 6 GB) (Disk ID: C73F6553)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 29.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End of log ============================
         


Alt 25.05.2015, 19:33   #6
schrauber
/// the machine
/// TB-Ausbilder
 

500 Mails täglich von Outlook nach DHL Trojaner - Standard

500 Mails täglich von Outlook nach DHL Trojaner




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> 500 Mails täglich von Outlook nach DHL Trojaner

Alt 26.05.2015, 11:22   #7
Sash1502
 
500 Mails täglich von Outlook nach DHL Trojaner - Standard

500 Mails täglich von Outlook nach DHL Trojaner



Hier die Logs...bisher werden keine Mails mehr verschickt

Eset

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=bcb72c0ede7b084ab7b808e85ce434e9
# engine=24017
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-25 08:59:28
# local_time=2015-05-25 10:59:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 13748602 40913889 0 0
# scanned=387036
# found=7
# cleaned=7
# scan_time=7953
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=5BF0BED25279CA1F3F14DB1F18364EDFB9AB0C86 ft=1 fh=b14befa4627c35fa vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\hotspot shield\ConduitUninstaller.exe.vir"
sh=2D5A89662E964AEAE12D6AB3886E965DE43921AF ft=1 fh=351d5799861e0142 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\Plugins\npConduitFirefoxPlugin.dll.vir"
sh=1DA7E55B7B8609994368D0C56A7B76474F882B6A ft=1 fh=6342ba6251261b43 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=C25E453070C795849C94FCB0311ED1DDD4F7B74D ft=1 fh=a07ba6255bd749e6 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe"
sh=DF507CE26573850D2EF424E58C2793B3A64C3748 ft=1 fh=5bbafaa53f163c41 vn="Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\CheckPoint\Install\zatb.exe"
sh=F08EB755731C1E3F3492137F0C648241838F91ED ft=1 fh=3ac8e72c6a2b6537 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\s\Desktop\Downloads\HSS-3.13-install-chip-389-conduit.exe"
         
SecurityCheck

Code:
ATTFilter
 Results of screen317's Security Check version 1.001  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Antivirus       
ZoneAlarm Antivirus   
Windows Defender      
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Java 8 Update 45  
 Adobe Flash Player 	17.0.0.188  
 Adobe Reader XI  
 Mozilla Firefox (38.0.1) 
 Mozilla Thunderbird 24.3.0 Thunderbird out of Date!  
 Google Chrome (43.0.2357.65) 
 Google Chrome (43.0.2357.81) 
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 StarMoney 10 ouservice StarMoneyOnlineUpdate.exe  
 CheckPoint ZoneAlarm ZAPrivacyService.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
FRST

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2015
Ran by s (administrator) on SR_HP_ULTRABOOK on 26-05-2015 12:10:54
Running from C:\Users\s\Desktop
Loaded Profiles: s (Available Profiles: s & Gast)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(FUJIFILM Corporation.) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Code:Aero Technologies) C:\Program Files (x86)\Password Memory 4\Keynote.exe
(Code:Aero Technologies) C:\Program Files (x86)\Password Memory 4\Keynote.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(OrdinarySoft) C:\Program Files\Start Menu X\StartMenuX.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Spotify Ltd) C:\Users\s\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Spotify Ltd) C:\Users\s\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\s\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\s\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\s\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
() C:\Users\s\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-09] (IDT, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-06-13] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-31] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [74160 2014-01-29] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [DATEVSetup] => C:\Users\s\AppData\Local\Temp\OYa04020\TLP\DATEVsetup.exe <===== ATTENTION
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [DVCServ] => C:\Program Files (x86)\DATEV-SiPa-compact\DVCSERV
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SMB60StarMoneyRunEntry] => C:\Program Files (x86)\StarMoney Business 6.0\app\oflagent.exe [51856 2015-05-20] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [icq] => C:\Users\s\AppData\Roaming\ICQM\icq.exe [28698984 2013-08-31] (ICQ)
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [StartMenuX] => C:\Program Files\Start Menu X\StartMenuX.exe [7673664 2013-11-20] (OrdinarySoft)
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [Allway Sync] => C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe [94920 2015-04-21] ()
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [Spotify Web Helper] => C:\Users\s\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-25] (Spotify Ltd)
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [EntscheiderClub Premium] => C:\Users\s\AppData\Local\EntscheiderClub Premium\EntscheiderClub Premium.exe [1121264 2015-01-29] (Wakoopa)
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [9c5bf01b358884ef955dbaaa237340c7] => "C:\Users\s\AppData\Local\9c5bf01b358884ef955dbaaa237340c7.exe"
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [GoogleChromeAutoLaunch_25B1D1BADDAEDB1571E4D008134EB6A3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-13] (Google Inc.)
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\MountPoints2: {edae7ff0-618c-11e3-beb2-8434978947f8} - "E:\AutoRun.exe" 
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\E-POST MAILER.lnk [2015-03-03]
ShortcutTarget: E-POST MAILER.lnk -> C:\Program Files (x86)\Deutsche Post AG\E-POST MAILER\EpostMailer.exe (Deutsche Post AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FUJIFILM PC AutoSave auf Standby.lnk [2015-04-05]
ShortcutTarget: FUJIFILM PC AutoSave auf Standby.lnk -> C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\Manager.exe (FUJIFILM Corporation.)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-09-30]
ShortcutTarget: Dropbox.lnk -> C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk [2015-01-20]
ShortcutTarget: Mediencenter.lnk -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [01Mediencenter_InSync] -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2014-06-12] (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [02Mediencenter_ToSync] -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2014-06-12] (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [03Mediencenter_Failed] -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2014-06-12] (Deutsche Telekom AG)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKU\S-1-5-21-2262038565-221129539-630273557-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.goodsyouneed.de/
SearchScopes: HKLM -> {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2262038565-221129539-630273557-1001 -> {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2262038565-221129539-630273557-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: SCardBHOEvent Class -> {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} -> C:\Program Files (x86)\DATEV-SiPa-compact\DVCCSASCardBHO64002.dll [2014-05-12] (DATEV eG)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: EntscheiderClub Premium -> {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} -> C:\Users\s\AppData\Local\Wakoopa Shared\WakoopaBHO-x64.dll [2015-01-29] (Wakoopa)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-19] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-12-17] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: SCardBHOEvent Class -> {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} -> C:\Program Files (x86)\DATEV-SiPa-compact\DVCCSASCardBHO002.dll [2014-05-12] (DATEV eG)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-19] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: EntscheiderClub Premium -> {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} -> C:\Users\s\AppData\Local\Wakoopa Shared\WakoopaBHO.dll [2015-01-29] (Wakoopa)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2262038565-221129539-630273557-1001 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default
FF Homepage: hxxp://t3n.de/|hxxp://www.logistik-watchblog.de/
FF NetworkProxy: "MM3ProxySwitch.type", 1
FF NetworkProxy: "ftp", "127.0.0.1"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-18] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-18] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-06-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-06-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-19] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-07-24] (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\abs@avira.com [2015-04-27]
FF Extension: YouTube Unblocker - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\youtubeunblocker@unblocker.yt [2014-11-05]
FF Extension: Hide My Ass Proxy Extension - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\extension@hidemyass.com.xpi [2013-06-29]
FF Extension: Soundcloud SUPER +2: Downloader and Recommender - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi [2013-08-23]
FF Extension: SoundCloud Downloader - Technowise - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2013-08-23]
FF Extension: Adblock Plus - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-19]
FF Extension: {f5110906-1b93-4640-a7fe-12251b0b7b10} - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{f5110906-1b93-4640-a7fe-12251b0b7b10}.xpi [2014-12-08]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com [2013-09-01]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-09-02]

Chrome: 
=======
CHR Profile: C:\Users\s\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-29]
CHR Extension: (Google Drive) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-29]
CHR Extension: (EntscheiderClub Premium) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbojioefbafdanbjbdhhmoblcbikeia [2015-03-29]
CHR Extension: (YouTube) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-29]
CHR Extension: (Google Cast) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-05-30]
CHR Extension: (Adblock Plus) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-30]
CHR Extension: (Google Search) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-29]
CHR Extension: (Bookmark Manager) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-23]
CHR Extension: (Google Wallet) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-29]
CHR Extension: (Gmail) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-29]
CHR Profile: C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06]
CHR Extension: (Google Docs) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google Drive) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-06]
CHR Extension: (YouTube) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-06]
CHR Extension: (Google Search) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-06]
CHR Extension: (Google Sheets) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06]
CHR Extension: (Skype Click to Call) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-06]
CHR Extension: (DVDVideoSoft) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2015-02-06]
CHR Extension: (Google Wallet) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-06]
CHR Extension: (Gmail) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-06]
CHR Profile: C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06]
CHR Extension: (Google Docs) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google Drive) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-06]
CHR Extension: (YouTube) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-06]
CHR Extension: (Google Search) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-06]
CHR Extension: (Google Sheets) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06]
CHR Extension: (Avira Browser Safety) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-06]
CHR Extension: (Skype Click to Call) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-06]
CHR Extension: (DVDVideoSoft) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2015-02-06]
CHR Extension: (Google Wallet) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-06]
CHR Extension: (Gmail) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-06]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S2 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182784 2015-04-13] () []
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 FFPCAutoSave; C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe [94208 2013-02-28] (FUJIFILM Corporation.) []
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) []
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) []
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) []
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-06-13] (Intel Corporation)
S2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-06-13] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S2 StarMoney 10 OnlineUpdate; C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe [688272 2015-04-15] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S2 StarMoney Business 6.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) []
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5491984 2015-05-13] (TeamViewer GmbH)
S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2014-01-29] (Check Point Software Technologies LTD)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-12] (Avira Operations GmbH & Co. KG)
S1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [46792 2013-09-17] (AnchorFree Inc.)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-21] (Intel Corporation)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-07-17] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2013-02-21] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-10-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [489056 2013-10-08] (Kaspersky Lab ZAO)
S3 KOBCCID; C:\Windows\system32\drivers\KOBCCID.sys [116864 2014-03-18] (KOBIL Systems GmbH)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-13] (Synaptics Incorporated)
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-08-13] (Anchorfree Inc.)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [454168 2013-10-23] (Check Point Software Technologies LTD)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
U0 dmboot; No ImagePath
S3 ewusbnet; \SystemRoot\system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 20:43 - 2015-05-25 20:43 - 02347384 _____ (ESET) C:\Users\s\Desktop\esetsmartinstaller_deu.exe
2015-05-25 20:43 - 2015-05-25 20:43 - 00852630 _____ () C:\Users\s\Desktop\SecurityCheck.exe
2015-05-25 12:12 - 2015-05-25 12:14 - 00055807 _____ () C:\Users\s\Desktop\Addition.txt
2015-05-25 12:10 - 2015-05-26 12:10 - 00040234 _____ () C:\Users\s\Desktop\FRST.txt
2015-05-25 12:09 - 2015-05-26 12:10 - 00000000 ____D () C:\Users\s\Desktop\FRST-OlderVersion
2015-05-25 12:00 - 2015-05-25 12:00 - 00001820 _____ () C:\Users\s\Desktop\JRT.txt
2015-05-25 11:53 - 2015-05-25 20:38 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2262038565-221129539-630273557-1001
2015-05-25 11:51 - 2015-05-25 11:51 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-SR_HP_ULTRABOOK-Windows-8.1-(64-bit).dat
2015-05-25 11:51 - 2015-05-25 11:51 - 00000000 ____D () C:\RegBackup
2015-05-25 11:50 - 2015-05-24 19:35 - 02945770 _____ (Thisisu) C:\Users\s\Desktop\JRT_NEW.exe
2015-05-24 12:38 - 2015-05-24 12:38 - 00001200 _____ () C:\Users\s\Desktop\mwam.txt
2015-05-24 12:37 - 2015-05-24 12:37 - 00000054 _____ () C:\Users\s\Desktop\boxen.txt
2015-05-23 17:57 - 2015-05-25 11:48 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 17:55 - 2015-05-23 17:55 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-23 17:55 - 2015-05-23 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-23 17:55 - 2015-05-23 17:55 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-23 17:55 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-05-23 17:55 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-23 17:55 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-20 22:18 - 2015-05-26 12:11 - 00000000 ____D () C:\FRST
2015-05-20 22:17 - 2015-05-26 12:10 - 02108928 _____ (Farbar) C:\Users\s\Desktop\FRST64.exe
2015-05-19 13:59 - 2015-05-19 13:59 - 00001255 _____ () C:\WINDOWS\system32\TeamViewer10_Hooks.log
2015-05-19 00:52 - 2015-05-19 00:51 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-05-19 00:51 - 2015-05-19 00:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-05-18 22:37 - 2015-05-18 22:37 - 00000000 ____D () C:\ProgramData\StarMoney 10
2015-05-18 22:37 - 2015-05-18 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 10
2015-05-18 22:30 - 2015-05-25 11:38 - 00000000 ____D () C:\Program Files (x86)\StarMoney 10
2015-05-18 09:55 - 2015-05-18 10:37 - 00000000 ____D () C:\KVRT_Data
2015-05-14 16:14 - 2015-05-14 16:14 - 00000123 _____ () C:\Users\s\Desktop\Collmex.url
2015-05-02 03:04 - 2015-05-02 03:04 - 00000000 ____D () C:\Users\s\Documents\Hausverwalter
2015-05-02 03:04 - 2015-05-02 03:04 - 00000000 ____D () C:\Users\s\AppData\Roaming\Buhl Data Service
2015-05-02 03:04 - 2015-05-02 03:04 - 00000000 ____D () C:\Users\s\AppData\Local\Buhl Data Service
2015-05-02 03:03 - 2015-05-04 12:14 - 00000647 _____ () C:\WINDOWS\wiso.ini
2015-05-02 03:03 - 2015-05-02 03:03 - 00002131 _____ () C:\Users\Public\Desktop\WISO Hausverwalter 2015.lnk
2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\Users\s\AppData\Roaming\Buhl
2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\Users\s\AppData\Local\Buhl
2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Hausverwalter 2015
2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\Program Files (x86)\Buhl
2015-05-02 03:02 - 2015-05-02 03:03 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2015-04-28 23:55 - 2015-04-28 23:55 - 00001733 _____ () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Copy of plentymarkets.lnk
2015-04-28 23:49 - 2015-04-28 23:49 - 07810528 _____ (plentymarkets GmbH) C:\Users\s\plentymarkets_updater_windows_216.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-26 12:11 - 2013-05-14 23:57 - 00000000 ____D () C:\Users\s\Documents\Outlook-Dateien
2015-05-26 12:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-26 12:01 - 2013-11-30 16:56 - 01800086 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-26 11:54 - 2014-06-10 15:20 - 00000000 ____D () C:\Users\s\AppData\Roaming\Spotify
2015-05-26 11:50 - 2014-04-29 13:07 - 00001150 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-26 11:49 - 2014-06-10 15:21 - 00000000 ____D () C:\Users\s\AppData\Local\Spotify
2015-05-25 19:50 - 2013-11-30 17:11 - 00000000 ___DO () C:\Users\s\SkyDrive
2015-05-25 14:00 - 2014-08-28 21:12 - 00000408 _____ () C:\WINDOWS\Tasks\Allway Sync_{4E6949520858136489535401CF6DD6A8}.job
2015-05-25 12:21 - 2012-08-24 18:00 - 00000000 ____D () C:\ProgramData\Temp
2015-05-25 12:17 - 2013-06-22 18:48 - 00000000 ____D () C:\Users\s\AppData\Roaming\FTPRush
2015-05-25 11:53 - 2015-03-03 08:57 - 00000106 _____ () C:\WINDOWS\system32\mfilemon.log
2015-05-25 11:49 - 2015-01-20 02:14 - 00000000 ___RD () C:\Users\s\Mediencenter
2015-05-25 11:49 - 2014-05-27 17:55 - 00000000 ___RD () C:\Users\s\Dropbox
2015-05-25 11:49 - 2014-05-27 17:53 - 00000000 ____D () C:\Users\s\AppData\Roaming\Dropbox
2015-05-25 11:48 - 2014-04-29 13:07 - 00001146 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-25 11:47 - 2013-09-29 21:04 - 00378580 _____ () C:\WINDOWS\PFRO.log
2015-05-25 11:47 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-25 11:47 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-25 11:47 - 2013-05-14 23:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-25 11:46 - 2013-08-26 15:43 - 00000000 ____D () C:\AdwCleaner
2015-05-25 11:46 - 2013-05-11 16:48 - 00000000 ____D () C:\Users\s\AppData\Roaming\CheckPoint
2015-05-25 11:42 - 2013-05-14 23:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-25 11:38 - 2015-04-14 21:31 - 00000000 ____D () C:\Program Files (x86)\StarMoney Business 6.0
2015-05-25 11:38 - 2015-02-27 21:25 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2015-05-24 12:42 - 2013-08-22 16:44 - 05142448 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-24 12:41 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-23 18:28 - 2015-02-11 19:16 - 00000000 ____D () C:\Users\s\AppData\Local\Windows Live
2015-05-23 18:23 - 2013-08-07 14:13 - 00000000 ____D () C:\Users\s\AppData\Roaming\vlc
2015-05-23 17:55 - 2013-11-26 22:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-23 15:17 - 2013-09-30 06:14 - 01980934 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-23 15:17 - 2013-09-30 05:56 - 00842568 _____ () C:\WINDOWS\system32\perfh007.dat
2015-05-23 15:17 - 2013-09-30 05:56 - 00191764 _____ () C:\WINDOWS\system32\perfc007.dat
2015-05-22 01:43 - 2014-01-02 20:14 - 00003154 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleFors
2015-05-22 01:43 - 2014-01-02 20:14 - 00000348 _____ () C:\WINDOWS\Tasks\HPCeeScheduleFors.job
2015-05-20 21:58 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-19 14:00 - 2013-11-22 17:08 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-05-19 13:59 - 2015-04-21 20:19 - 00000985 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-05-19 00:52 - 2013-10-21 18:27 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-19 00:51 - 2013-10-21 18:27 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-18 22:34 - 2013-08-22 15:25 - 00017486 _____ () C:\WINDOWS\system32\Drivers\etc\services
2015-05-18 22:15 - 2012-08-24 18:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-18 22:00 - 2014-09-02 12:01 - 00000000 ____D () C:\Users\s\AppData\Local\Adobe
2015-05-18 00:39 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-17 15:31 - 2013-08-22 16:46 - 00336769 _____ () C:\WINDOWS\setupact.log
2015-05-17 13:16 - 2013-05-12 21:28 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-05-17 06:45 - 2014-04-29 13:07 - 00004122 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 06:45 - 2014-04-29 13:07 - 00003886 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-05 13:15 - 2015-03-05 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-05 13:12 - 2014-07-07 17:21 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-05-05 13:12 - 2014-07-07 17:21 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-05-04 12:29 - 2014-12-17 14:50 - 00000000 ____D () C:\WINDOWS\uninstall
2015-05-04 12:29 - 2014-12-17 14:50 - 00000000 ____D () C:\Program Files (x86)\CDN YabeOffice Daten
2015-05-04 12:29 - 2014-12-17 14:50 - 00000000 ____D () C:\Program Files (x86)\CDN YabeOffice
2015-05-04 12:18 - 2014-04-30 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Allway Sync
2015-05-04 12:18 - 2014-04-30 18:22 - 00000000 ____D () C:\Program Files (x86)\Allway Sync
2015-04-28 23:55 - 2014-09-21 17:41 - 00001784 _____ () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\plentymarkets.lnk
2015-04-28 23:55 - 2014-03-03 14:32 - 00000000 ____D () C:\Program Files\plentymarkets
2015-04-28 23:49 - 2013-11-30 16:48 - 00000000 ____D () C:\Users\s

==================== Files in the root of some directories =======

2013-05-10 12:25 - 2013-06-08 12:51 - 0013930 _____ () C:\Users\s\AppData\Roaming\AbsoluteReminder.xml
2014-03-18 16:19 - 2014-03-18 16:20 - 0000834 _____ () C:\Users\s\AppData\Local\belegtransfer_setup.log
2014-09-02 20:25 - 2014-09-02 20:25 - 0002273 _____ () C:\Users\s\AppData\Local\recently-used.xbel
2014-03-18 12:27 - 2015-01-14 11:46 - 0718262 _____ () C:\Users\s\AppData\Local\tempvcredist_x64.log
2014-02-09 18:25 - 2014-02-09 18:25 - 0000011 _____ () C:\ProgramData\.tv7

Files to move or delete:
====================
C:\Users\s\plentymarkets_updater_windows_207.exe
C:\Users\s\plentymarkets_updater_windows_208.exe
C:\Users\s\plentymarkets_updater_windows_209.exe
C:\Users\s\plentymarkets_updater_windows_210.exe
C:\Users\s\plentymarkets_updater_windows_213.exe
C:\Users\s\plentymarkets_updater_windows_214.exe
C:\Users\s\plentymarkets_updater_windows_215.exe
C:\Users\s\plentymarkets_updater_windows_216.exe
C:\Users\s\plentymarkets_windows_212.exe


Some files in TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\avgnt.exe
C:\Users\s\AppData\Local\Temp\avgnt.exe
C:\Users\s\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvybihd.dll
C:\Users\s\AppData\Local\Temp\FreeStudio.exe
C:\Users\s\AppData\Local\Temp\i4jdel0.exe
C:\Users\s\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\s\AppData\Local\Temp\proxy_vole5753558156256649135.dll
C:\Users\s\AppData\Local\Temp\Quarantine.exe
C:\Users\s\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-25 19:48

==================== End of log ============================
         

Wie gesagt...es werden keine Mails mehr verschickt.
Kann ich sicher sein das nun auch alles vom System runter ist?

Vielen vielen Dank für deine Hilfe

Ich war wohl etwas voreilig....Anscheinend hatte der Trojaner auch Wochenende :/

Es wurden kurz bevor ich den Post gemacht habe knapp 100 Mail im laufe des Vormittags verschickt. Über das ganze Wochenende wurde nichts verschickt.

Gruß

Alt 27.05.2015, 06:02   #8
schrauber
/// the machine
/// TB-Ausbilder
 

500 Mails täglich von Outlook nach DHL Trojaner - Standard

500 Mails täglich von Outlook nach DHL Trojaner



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [9c5bf01b358884ef955dbaaa237340c7] => "C:\Users\s\AppData\Local\9c5bf01b358884ef955dbaaa237340c7.exe"
C:\Users\s\AppData\Local\9c5bf01b358884ef955dbaaa237340c7.exe
FF NetworkProxy: "MM3ProxySwitch.type", 1
FF NetworkProxy: "ftp", "127.0.0.1"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "type", 0
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.05.2015, 10:49   #9
Sash1502
 
500 Mails täglich von Outlook nach DHL Trojaner - Standard

500 Mails täglich von Outlook nach DHL Trojaner



Fixlog

Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
Ran by s at 2015-05-27 11:35:55 Run:1
Running from C:\Users\s\Desktop
Loaded Profiles: s & Gast (Available Profiles: s & Gast)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [9c5bf01b358884ef955dbaaa237340c7] => "C:\Users\s\AppData\Local\9c5bf01b358884ef955dbaaa237340c7.exe"
C:\Users\s\AppData\Local\9c5bf01b358884ef955dbaaa237340c7.exe
FF NetworkProxy: "MM3ProxySwitch.type", 1
FF NetworkProxy: "ftp", "127.0.0.1"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "type", 0
Emptytemp:
         
*****************

HKU\S-1-5-21-2262038565-221129539-630273557-1001\Software\Microsoft\Windows\CurrentVersion\Run\\9c5bf01b358884ef955dbaaa237340c7 => value Removed successfully
"C:\Users\s\AppData\Local\9c5bf01b358884ef955dbaaa237340c7.exe" => File/Folder not found.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
EmptyTemp: => Removed 4.1 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 11:40:44 ====
         

Alt 27.05.2015, 18:34   #10
schrauber
/// the machine
/// TB-Ausbilder
 

500 Mails täglich von Outlook nach DHL Trojaner - Standard

500 Mails täglich von Outlook nach DHL Trojaner



frisches FRST log bitte noch. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.05.2015, 19:09   #11
Sash1502
 
500 Mails täglich von Outlook nach DHL Trojaner - Standard

500 Mails täglich von Outlook nach DHL Trojaner



hier die Logs...

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2015
Ran by s (administrator) on SR_HP_ULTRABOOK on 27-05-2015 19:42:54
Running from C:\Users\s\Desktop
Loaded Profiles: s (Available Profiles: s & Gast)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(FUJIFILM Corporation.) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(OrdinarySoft) C:\Program Files\Start Menu X\StartMenuX.exe
() C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe
(Spotify Ltd) C:\Users\s\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Deutsche Telekom AG) C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Code:Aero Technologies) C:\Program Files (x86)\Password Memory 4\Keynote.exe
(Code:Aero Technologies) C:\Program Files (x86)\Password Memory 4\Keynote.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-09] (IDT, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-06-13] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-31] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [74160 2014-01-29] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [DATEVSetup] => C:\Users\s\AppData\Local\Temp\OYa04020\TLP\DATEVsetup.exe <===== ATTENTION
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [DVCServ] => C:\Program Files (x86)\DATEV-SiPa-compact\DVCSERV
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SMB60StarMoneyRunEntry] => C:\Program Files (x86)\StarMoney Business 6.0\app\oflagent.exe [51856 2015-05-20] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [icq] => C:\Users\s\AppData\Roaming\ICQM\icq.exe [28698984 2013-08-31] (ICQ)
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [StartMenuX] => C:\Program Files\Start Menu X\StartMenuX.exe [7673664 2013-11-20] (OrdinarySoft)
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [Allway Sync] => C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe [94920 2015-04-21] ()
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [Spotify Web Helper] => C:\Users\s\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-25] (Spotify Ltd)
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [EntscheiderClub Premium] => C:\Users\s\AppData\Local\EntscheiderClub Premium\EntscheiderClub Premium.exe [1121264 2015-01-29] (Wakoopa)
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [GoogleChromeAutoLaunch_25B1D1BADDAEDB1571E4D008134EB6A3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.)
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\MountPoints2: {edae7ff0-618c-11e3-beb2-8434978947f8} - "E:\AutoRun.exe" 
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\E-POST MAILER.lnk [2015-03-03]
ShortcutTarget: E-POST MAILER.lnk -> C:\Program Files (x86)\Deutsche Post AG\E-POST MAILER\EpostMailer.exe (Deutsche Post AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FUJIFILM PC AutoSave auf Standby.lnk [2015-04-05]
ShortcutTarget: FUJIFILM PC AutoSave auf Standby.lnk -> C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\Manager.exe (FUJIFILM Corporation.)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-09-30]
ShortcutTarget: Dropbox.lnk -> C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk [2015-01-20]
ShortcutTarget: Mediencenter.lnk -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [01Mediencenter_InSync] -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2014-06-12] (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [02Mediencenter_ToSync] -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2014-06-12] (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [03Mediencenter_Failed] -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2014-06-12] (Deutsche Telekom AG)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKU\S-1-5-21-2262038565-221129539-630273557-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.goodsyouneed.de/
SearchScopes: HKLM -> {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2262038565-221129539-630273557-1001 -> {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2262038565-221129539-630273557-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: SCardBHOEvent Class -> {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} -> C:\Program Files (x86)\DATEV-SiPa-compact\DVCCSASCardBHO64002.dll [2014-05-12] (DATEV eG)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: EntscheiderClub Premium -> {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} -> C:\Users\s\AppData\Local\Wakoopa Shared\WakoopaBHO-x64.dll [2015-01-29] (Wakoopa)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-19] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-12-17] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: SCardBHOEvent Class -> {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} -> C:\Program Files (x86)\DATEV-SiPa-compact\DVCCSASCardBHO002.dll [2014-05-12] (DATEV eG)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-19] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: EntscheiderClub Premium -> {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} -> C:\Users\s\AppData\Local\Wakoopa Shared\WakoopaBHO.dll [2015-01-29] (Wakoopa)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2262038565-221129539-630273557-1001 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default
FF Homepage: hxxp://t3n.de/|hxxp://www.logistik-watchblog.de/
FF NetworkProxy: "MM3ProxySwitch.type", 1
FF NetworkProxy: "ftp", "127.0.0.1"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-18] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-18] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-06-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-06-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-19] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-07-24] (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\abs@avira.com [2015-05-27]
FF Extension: YouTube Unblocker - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\youtubeunblocker@unblocker.yt [2014-11-05]
FF Extension: Hide My Ass Proxy Extension - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\extension@hidemyass.com.xpi [2013-06-29]
FF Extension: Soundcloud SUPER +2: Downloader and Recommender - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi [2013-08-23]
FF Extension: SoundCloud Downloader - Technowise - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2013-08-23]
FF Extension: Adblock Plus - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-19]
FF Extension: {f5110906-1b93-4640-a7fe-12251b0b7b10} - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{f5110906-1b93-4640-a7fe-12251b0b7b10}.xpi [2014-12-08]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com [2013-09-01]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-09-02]

Chrome: 
=======
CHR Profile: C:\Users\s\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-29]
CHR Extension: (Google Drive) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-29]
CHR Extension: (EntscheiderClub Premium) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbojioefbafdanbjbdhhmoblcbikeia [2015-03-29]
CHR Extension: (YouTube) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-29]
CHR Extension: (Google Cast) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-05-30]
CHR Extension: (Adblock Plus) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-30]
CHR Extension: (Google Search) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-29]
CHR Extension: (Bookmark Manager) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-23]
CHR Extension: (Google Wallet) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-29]
CHR Extension: (Gmail) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-29]
CHR Profile: C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06]
CHR Extension: (Google Docs) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google Drive) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-06]
CHR Extension: (YouTube) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-06]
CHR Extension: (Google Search) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-06]
CHR Extension: (Google Sheets) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06]
CHR Extension: (Skype Click to Call) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-06]
CHR Extension: (DVDVideoSoft) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2015-02-06]
CHR Extension: (Google Wallet) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-06]
CHR Extension: (Gmail) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-06]
CHR Profile: C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06]
CHR Extension: (Google Docs) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google Drive) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-06]
CHR Extension: (YouTube) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-06]
CHR Extension: (Google Search) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-06]
CHR Extension: (Google Sheets) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06]
CHR Extension: (Avira Browser Safety) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-06]
CHR Extension: (Skype Click to Call) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-06]
CHR Extension: (DVDVideoSoft) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2015-02-06]
CHR Extension: (Google Wallet) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-06]
CHR Extension: (Gmail) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-06]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182784 2015-04-13] () []
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 FFPCAutoSave; C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe [94208 2013-02-28] (FUJIFILM Corporation.) []
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) []
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) []
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) []
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-06-13] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-06-13] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 StarMoney 10 OnlineUpdate; C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe [688272 2015-04-15] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 StarMoney Business 6.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) []
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5491984 2015-05-20] (TeamViewer GmbH)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2014-01-29] (Check Point Software Technologies LTD)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-12] (Avira Operations GmbH & Co. KG)
S1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [46792 2013-09-17] (AnchorFree Inc.)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-21] (Intel Corporation)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-07-17] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2013-02-21] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-10-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [489056 2013-10-08] (Kaspersky Lab ZAO)
S3 KOBCCID; C:\Windows\system32\drivers\KOBCCID.sys [116864 2014-03-18] (KOBIL Systems GmbH)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-13] (Synaptics Incorporated)
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-08-13] (Anchorfree Inc.)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [454168 2013-10-23] (Check Point Software Technologies LTD)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
U0 dmboot; No ImagePath
S3 ewusbnet; \SystemRoot\system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-27 19:42 - 2015-05-27 19:43 - 00040427 _____ () C:\Users\s\Desktop\FRST.txt
2015-05-27 19:28 - 2015-05-27 19:29 - 00847824 _____ () C:\WINDOWS\Minidump\052715-12593-01.dmp
2015-05-25 11:53 - 2015-05-27 11:24 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2262038565-221129539-630273557-1001
2015-05-25 11:51 - 2015-05-25 11:51 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-SR_HP_ULTRABOOK-Windows-8.1-(64-bit).dat
2015-05-25 11:51 - 2015-05-25 11:51 - 00000000 ____D () C:\RegBackup
2015-05-24 12:37 - 2015-05-24 12:37 - 00000054 _____ () C:\Users\s\Desktop\boxen.txt
2015-05-23 17:57 - 2015-05-27 19:30 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 17:55 - 2015-05-23 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-23 17:55 - 2015-05-23 17:55 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-23 17:55 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-05-23 17:55 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-23 17:55 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-20 22:18 - 2015-05-27 19:43 - 00000000 ____D () C:\FRST
2015-05-20 22:17 - 2015-05-26 12:10 - 02108928 _____ (Farbar) C:\Users\s\Desktop\FRST64.exe
2015-05-19 13:59 - 2015-05-26 19:54 - 00002514 _____ () C:\WINDOWS\system32\TeamViewer10_Hooks.log
2015-05-19 00:52 - 2015-05-19 00:51 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-05-19 00:51 - 2015-05-19 00:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-05-18 22:37 - 2015-05-18 22:37 - 00000000 ____D () C:\ProgramData\StarMoney 10
2015-05-18 22:37 - 2015-05-18 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 10
2015-05-18 22:30 - 2015-05-27 11:52 - 00000000 ____D () C:\Program Files (x86)\StarMoney 10
2015-05-18 09:55 - 2015-05-18 10:37 - 00000000 ____D () C:\KVRT_Data
2015-05-02 03:04 - 2015-05-02 03:04 - 00000000 ____D () C:\Users\s\Documents\Hausverwalter
2015-05-02 03:04 - 2015-05-02 03:04 - 00000000 ____D () C:\Users\s\AppData\Roaming\Buhl Data Service
2015-05-02 03:04 - 2015-05-02 03:04 - 00000000 ____D () C:\Users\s\AppData\Local\Buhl Data Service
2015-05-02 03:03 - 2015-05-04 12:14 - 00000647 _____ () C:\WINDOWS\wiso.ini
2015-05-02 03:03 - 2015-05-02 03:03 - 00002131 _____ () C:\Users\Public\Desktop\WISO Hausverwalter 2015.lnk
2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\Users\s\AppData\Roaming\Buhl
2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\Users\s\AppData\Local\Buhl
2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Hausverwalter 2015
2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\Program Files (x86)\Buhl
2015-05-02 03:02 - 2015-05-02 03:03 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2015-04-28 23:55 - 2015-04-28 23:55 - 00001733 _____ () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Copy of plentymarkets.lnk
2015-04-28 23:49 - 2015-04-28 23:49 - 07810528 _____ (plentymarkets GmbH) C:\Users\s\plentymarkets_updater_windows_216.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-27 19:44 - 2013-05-14 23:57 - 00000000 ____D () C:\Users\s\Documents\Outlook-Dateien
2015-05-27 19:34 - 2012-08-24 18:00 - 00000000 ____D () C:\ProgramData\Temp
2015-05-27 19:33 - 2013-11-30 16:56 - 01123751 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-27 19:31 - 2015-01-20 02:14 - 00000000 ___RD () C:\Users\s\Mediencenter
2015-05-27 19:31 - 2014-05-27 17:55 - 00000000 ___RD () C:\Users\s\Dropbox
2015-05-27 19:31 - 2014-05-27 17:53 - 00000000 ____D () C:\Users\s\AppData\Roaming\Dropbox
2015-05-27 19:31 - 2013-11-30 17:11 - 00000000 ___DO () C:\Users\s\SkyDrive
2015-05-27 19:30 - 2015-03-03 08:57 - 00000106 _____ () C:\WINDOWS\system32\mfilemon.log
2015-05-27 19:29 - 2015-04-14 21:31 - 00000000 ____D () C:\Program Files (x86)\StarMoney Business 6.0
2015-05-27 19:29 - 2014-04-29 13:07 - 00001146 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-27 19:29 - 2013-11-30 16:48 - 00000000 ____D () C:\Users\s
2015-05-27 19:28 - 2015-02-27 21:25 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2015-05-27 19:28 - 2014-07-07 17:12 - 706576322 _____ () C:\WINDOWS\MEMORY.DMP
2015-05-27 19:28 - 2014-07-07 17:12 - 00000000 ____D () C:\WINDOWS\Minidump
2015-05-27 19:28 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-27 17:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-27 16:50 - 2014-04-29 13:07 - 00001150 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-27 14:00 - 2014-08-28 21:12 - 00000408 _____ () C:\WINDOWS\Tasks\Allway Sync_{4E6949520858136489535401CF6DD6A8}.job
2015-05-27 13:57 - 2013-09-30 06:14 - 01980934 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-27 13:57 - 2013-09-30 05:56 - 00842568 _____ () C:\WINDOWS\system32\perfh007.dat
2015-05-27 13:57 - 2013-09-30 05:56 - 00191764 _____ () C:\WINDOWS\system32\perfc007.dat
2015-05-27 13:52 - 2013-08-22 16:46 - 00337564 _____ () C:\WINDOWS\setupact.log
2015-05-27 11:42 - 2014-04-25 10:34 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-27 11:41 - 2013-09-29 21:04 - 00393256 _____ () C:\WINDOWS\PFRO.log
2015-05-27 11:41 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-26 20:47 - 2014-06-10 15:21 - 00000000 ____D () C:\Users\s\AppData\Local\Spotify
2015-05-26 19:54 - 2013-11-22 17:08 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-05-26 19:53 - 2015-04-21 20:19 - 00000985 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-05-26 15:45 - 2014-06-10 15:20 - 00000000 ____D () C:\Users\s\AppData\Roaming\Spotify
2015-05-26 13:43 - 2014-01-02 20:14 - 00003154 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleFors
2015-05-26 13:43 - 2014-01-02 20:14 - 00000348 _____ () C:\WINDOWS\Tasks\HPCeeScheduleFors.job
2015-05-25 12:17 - 2013-06-22 18:48 - 00000000 ____D () C:\Users\s\AppData\Roaming\FTPRush
2015-05-25 11:47 - 2013-05-14 23:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-25 11:46 - 2013-08-26 15:43 - 00000000 ____D () C:\AdwCleaner
2015-05-25 11:46 - 2013-05-11 16:48 - 00000000 ____D () C:\Users\s\AppData\Roaming\CheckPoint
2015-05-25 11:42 - 2013-05-14 23:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-24 12:42 - 2013-08-22 16:44 - 05142448 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-24 12:41 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-23 18:28 - 2015-02-11 19:16 - 00000000 ____D () C:\Users\s\AppData\Local\Windows Live
2015-05-23 18:23 - 2013-08-07 14:13 - 00000000 ____D () C:\Users\s\AppData\Roaming\vlc
2015-05-23 17:55 - 2013-11-26 22:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-20 21:58 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-19 00:52 - 2013-10-21 18:27 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-19 00:51 - 2013-10-21 18:27 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-18 22:34 - 2013-08-22 15:25 - 00017486 _____ () C:\WINDOWS\system32\Drivers\etc\services
2015-05-18 22:15 - 2012-08-24 18:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-18 22:00 - 2014-09-02 12:01 - 00000000 ____D () C:\Users\s\AppData\Local\Adobe
2015-05-18 00:39 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-17 13:16 - 2013-05-12 21:28 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-05-17 06:45 - 2014-04-29 13:07 - 00004122 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 06:45 - 2014-04-29 13:07 - 00003886 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-05 13:15 - 2015-03-05 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-05 13:12 - 2014-07-07 17:21 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-05-05 13:12 - 2014-07-07 17:21 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-05-04 12:29 - 2014-12-17 14:50 - 00000000 ____D () C:\WINDOWS\uninstall
2015-05-04 12:29 - 2014-12-17 14:50 - 00000000 ____D () C:\Program Files (x86)\CDN YabeOffice Daten
2015-05-04 12:29 - 2014-12-17 14:50 - 00000000 ____D () C:\Program Files (x86)\CDN YabeOffice
2015-05-04 12:18 - 2014-04-30 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Allway Sync
2015-05-04 12:18 - 2014-04-30 18:22 - 00000000 ____D () C:\Program Files (x86)\Allway Sync
2015-04-28 23:55 - 2014-09-21 17:41 - 00001784 _____ () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\plentymarkets.lnk
2015-04-28 23:55 - 2014-03-03 14:32 - 00000000 ____D () C:\Program Files\plentymarkets

==================== Files in the root of some directories =======

2013-05-10 12:25 - 2013-06-08 12:51 - 0013930 _____ () C:\Users\s\AppData\Roaming\AbsoluteReminder.xml
2014-03-18 16:19 - 2014-03-18 16:20 - 0000834 _____ () C:\Users\s\AppData\Local\belegtransfer_setup.log
2014-09-02 20:25 - 2014-09-02 20:25 - 0002273 _____ () C:\Users\s\AppData\Local\recently-used.xbel
2014-03-18 12:27 - 2015-01-14 11:46 - 0718262 _____ () C:\Users\s\AppData\Local\tempvcredist_x64.log
2014-02-09 18:25 - 2014-02-09 18:25 - 0000011 _____ () C:\ProgramData\.tv7

Files to move or delete:
====================
C:\Users\s\plentymarkets_updater_windows_207.exe
C:\Users\s\plentymarkets_updater_windows_208.exe
C:\Users\s\plentymarkets_updater_windows_209.exe
C:\Users\s\plentymarkets_updater_windows_210.exe
C:\Users\s\plentymarkets_updater_windows_213.exe
C:\Users\s\plentymarkets_updater_windows_214.exe
C:\Users\s\plentymarkets_updater_windows_215.exe
C:\Users\s\plentymarkets_updater_windows_216.exe
C:\Users\s\plentymarkets_windows_212.exe


Some files in TEMP:
====================
C:\Users\s\AppData\Local\Temp\avgnt.exe
C:\Users\s\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg4nh9r.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-25 19:48

==================== End of log ============================
         

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
Ran by s at 2015-05-27 19:45:20
Running from C:\Users\s\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2262038565-221129539-630273557-500 - Administrator - Disabled)
fbwuser (S-1-5-21-2262038565-221129539-630273557-1005 - Limited - Disabled)
Gast (S-1-5-21-2262038565-221129539-630273557-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-2262038565-221129539-630273557-1003 - Limited - Enabled)
s (S-1-5-21-2262038565-221129539-630273557-1001 - Administrator - Enabled) => C:\Users\s

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: ZoneAlarm Antivirus (Enabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.13 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Allway Sync version 15.1.9 (HKLM-x32\...\Allway Sync_is1) (Version:  - Botkind Inc)
Ant Renamer (HKLM-x32\...\Ant Renamer 2_is1) (Version: 2.10.0 - Ant Software)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DATEV Belegtransfer V.3.22 (HKLM-x32\...\{EC561A24-754E-44F1-B76F-2FDA3DF9E912}) (Version: 2.03 - DATEV eG)
DATEV Installation V.2.74 (HKLM-x32\...\DATEVB00000482.0) (Version:  - )
DATEV Sicherheitspaket - compact (HKLM-x32\...\{13D2D749-7F84-4A63-A09E-3DFDBA4E03EF}) (Version: 2.40.0001 - DATEV eG)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Dropbox (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
DVS Video Downloader Addon for Mozilla Firefox version 4.3.4.15 (HKLM-x32\...\DVS Video Downloader Addon for Mozilla Firefox_is1) (Version: 4.3.4.15 - DVDVideoSoft Ltd.)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
EntscheiderClub Premium (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\EntscheiderClub Premium) (Version:  - Wakoopa B.V.)
E-POST MAILER (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\{6e991dbc-fbeb-434e-b0c0-20f336054450}) (Version: 2.0.1.1972 - Deutsche Post AG)
E-POST MAILER (x32 Version: 2.0.1.1925 - Deutsche Post AG) Hidden
E-POST MAILER Drucker (Version: 2.0.1.1925 - Deutsche Post AG) Hidden
E-POST MAILER Start (x32 Version: 1.0.0.0 - Deutsche Post AG) Hidden
etope Lister 2 (HKLM-x32\...\etope Lister_is1) (Version:  - Freshworx GmbH & Co.KG)
Evernote v. 5.8.1 (HKLM-x32\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.)
Free Studio version 6.4.2.113 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.2.113 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.17.1125 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.17.1125 - DVDVideoSoft Ltd.)
FTPRush 2.1.8 (HKLM-x32\...\FTP Rush_is1) (Version: 2.1.8 - wftpserver.com)
FUJIFILM PC AutoSave (HKLM-x32\...\{872F1306-0DB6-45EC-832E-2F5D3A56CF99}) (Version: 1.0.0 - FUJIFILM)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{AB5BCC55-18E2-46C7-9405-FF61CB888F05}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{0D3A6808-82B8-4BB1-BE5A-AED75B3F6C02}) (Version: 2.20.11 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{D044EBE7-94E7-4C49-90FC-9069E3F374E1}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Quick Launch (HKLM-x32\...\{609B11CC-8CED-4116-AD8A-A72168894D39}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
ICQ 8.1 (build 6337) (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\ICQ) (Version: 8.1.6337.0 - Mail.Ru)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KOBIL CCID driver x64x86 (x32 Version: 1.013.02121 - KOBIL Systems) Hidden
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mediencenter 3.9.1055.64 (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Mediencenter) (Version: 3.9.1055.64 - Deutsche Telekom AG)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
Multi file port monitor (mfilemon) 1.5.1 (HKLM\...\{A932243F-381F-434C-B18E-4F09D2F015F8}_is1) (Version: 1.5.1 - Monti Lorenzo)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Password Memory 4.1.2 (HKLM-x32\...\ca_keynote_is1) (Version: 4.1.2 - Code:Aero Technologies)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
plentymarkets 216 (HKLM-x32\...\5841-3682-4824-5789) (Version: 216 - plentymarkets GmbH)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Spotify) (Version: 1.0.5.186.ga9c24d6a - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
StarMoney (x32 Version: 4.0.7.94 - StarFinanz) Hidden
StarMoney (x32 Version: 5.0.0.226 - StarFinanz) Hidden
StarMoney 10  (HKLM-x32\...\{F061A207-B07B-4E1D-8655-286BBBB3E2CC}) (Version: 10 - Star Finanz GmbH)
StarMoney 9.0  (HKLM-x32\...\{E50EB864-0852-4249-A1B9-96CED146E52B}) (Version: 9.0 - Star Finanz GmbH)
StarMoney Business 6.0  (HKLM-x32\...\{8BE45DD0-1BB0-4E3D-9940-9D92C5B52BAB}) (Version: 6.0 - Star Finanz GmbH)
Start Menu X Version 5.02 (HKLM\...\{3E494002-985C-4908-B72C-5B4DD15BE090}_is1) (Version: 5.02 - OrdinarySoft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.42849 - TeamViewer)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WISO Hausverwalter 2015 (HKLM-x32\...\{E821384E-D24C-4316-9D86-872F95ED92F0}) (Version: 9.00.8468 - Buhl Data Service GmbH)
ZoneAlarm Antivirus (x32 Version: 12.0.121.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 12.0.121.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 12.0.121.000 - Check Point)
ZoneAlarm Security (x32 Version: 12.0.121.000 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{268502F4-815D-4358-A8D6-B783FDB58EF0}\InprocServer32 -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.ContextMenuHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}\InprocServer32 -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}\InprocServer32 -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}\InprocServer32 -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

18-05-2015 22:14:20 Installiert StarMoney

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09A9D1BB-CC0A-45D0-B9A9-691712E9122D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {11512367-DAEA-4113-9F27-98A7BFA4A5AC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {17DEAEAD-5874-411D-B661-12F9FB3044D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {2A196FE1-2322-4811-882B-905EAF8FB978} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {42FBFC55-ACCC-4121-AD29-71B8636EFE2A} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-08-19] (Hewlett-Packard Development Company, L.P.)
Task: {8157EF01-0930-4747-A3E2-054BB4278C09} - \Optimize Start Menu Cache Files-S-1-5-21-2262038565-221129539-630273557-500 No Task File <==== ATTENTION
Task: {898CD2B7-EF24-4ED8-A572-329FCF4AE92D} - System32\Tasks\{F6BBF5FB-2A3D-4BA1-853E-6C46DE6EFC5B} => pcalua.exe -a "C:\Program Files (x86)\MultiProxy\uninstall.exe" -d "C:\Program Files (x86)\MultiProxy"
Task: {8DA74E5E-BF32-42FC-850C-5C8DFDD5E7CC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {9EE09341-E1F1-4B2D-A58E-9808BE8A8726} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {9FACF286-E864-427A-A9F4-07E29BE178FA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {AB713B58-8184-413F-8BBF-7FFDFC895289} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {AF9E4EA1-40E4-4098-9E62-E3C2BA309555} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-29] (Google Inc.)
Task: {B65CC303-6A43-4666-AE7A-F6DD23051E52} - System32\Tasks\HPCeeScheduleFors => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {B97EBAE3-14F0-462D-9768-EBB19F72BB80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-29] (Google Inc.)
Task: {C56BD8AB-BF86-4FE9-9BBC-0DDE1420BDBA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {E8BFD69A-2607-4D93-8015-C28198CBF9F6} - System32\Tasks\Allway Sync_{4E6949520858136489535401CF6DD6A8} => C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe [2015-04-21] ()
Task: {F1624858-F5D9-439E-832B-0496983BEC90} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-07-20] (Intel)
Task: C:\WINDOWS\Tasks\Allway Sync_{4E6949520858136489535401CF6DD6A8}.job => C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleFors.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-26 19:54 - 2015-05-20 19:15 - 00020240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2014-04-30 18:22 - 2015-04-13 15:55 - 00182784 _____ () C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe
2013-10-04 00:42 - 2013-10-04 00:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-04-30 18:22 - 2015-04-21 00:37 - 00094920 _____ () C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-12-03 11:06 - 2014-12-03 11:06 - 03445656 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\PDFMaker\Common\X64\AdobePDFMakerX.dll
2014-12-03 20:07 - 2014-12-03 20:07 - 01446400 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\PDFMaker\AdobePDFMakerX.DEU
2010-12-21 04:30 - 2010-12-21 04:30 - 01549664 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-28 19:14 - 2013-02-28 19:14 - 00118784 _____ () C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\libFFIR.dll
2013-02-28 19:14 - 2013-02-28 19:14 - 00188416 _____ () C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\FFWB.dll
2013-02-28 19:14 - 2013-02-28 19:14 - 00135168 _____ () C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\libFTLPTPIP.dll
2013-08-26 15:02 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-08-26 15:02 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-08-26 15:02 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-08-26 15:02 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-08-26 15:02 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-05-18 22:35 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 10\ouservice\PATCHW32.dll
2015-02-27 21:27 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0\ouservice\PATCHW32.dll
2015-04-14 21:34 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney Business 6.0\ouservice\PATCHW32.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-04-30 18:22 - 2015-04-13 15:55 - 08573952 _____ () C:\Program Files (x86)\Allway Sync\Bin\syncapp.dll
2015-05-27 19:31 - 2015-05-27 19:31 - 00043008 _____ () c:\users\s\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg4nh9r.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\s\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\s\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\s\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\s\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-05-25 23:02 - 2015-05-22 22:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-25 23:02 - 2015-05-22 22:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
2014-12-03 20:07 - 2014-12-03 20:07 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu
2012-10-23 21:18 - 2013-06-13 23:27 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0966080E
AlternateDataStreams: C:\Users\s\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2262038565-221129539-630273557-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\s\Pictures\photo-1415226620463-aedee27159c5.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Twonky Server.lnk"
HKLM\...\StartupApproved\StartupFolder: => "CDN Yabe Office.lnk"
HKLM\...\StartupApproved\StartupFolder: => "E-POST MAILER.lnk"
HKLM\...\StartupApproved\StartupFolder: => "FUJIFILM PC AutoSave auf Standby.lnk"
HKLM\...\StartupApproved\Run: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "ZoneAlarm Installer"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "DVCServ"
HKLM\...\StartupApproved\Run32: => "DATEVSetup"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\StartupApproved\Run: => "icq"
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_25B1D1BADDAEDB1571E4D008134EB6A3"
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\StartupApproved\Run: => "EntscheiderClub Premium"
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\StartupApproved\Run: => "9c5bf01b358884ef955dbaaa237340c7"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E7394822-19FD-4263-8A5B-C56FC9586959}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{9C1AA961-87D8-43C9-A409-B9075BA40BA0}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{62632452-45E0-4A04-90C7-731B2D587CB4}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{1FF59A7C-422C-4678-BFF6-DABFC2D8F96A}] => (Allow) C:\Users\s\AppData\Roaming\ICQM\icq.exe
FirewallRules: [{D72A5104-3D6C-4A90-BD72-44C21639BD2C}] => (Allow) C:\Users\s\AppData\Roaming\ICQM\icq.exe
FirewallRules: [{AD05BABA-6646-4C3A-986E-CC7BA770AD38}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exe
FirewallRules: [{890D8DA8-AAD1-49CB-BCB0-2A21237F60D5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{B0CAB26B-7B5F-480E-8CA9-2285194FE692}] => (Allow) LPort=1900
FirewallRules: [{FCF99A43-9699-4020-8128-D1F18CF0D614}] => (Allow) LPort=2869
FirewallRules: [{5BEF5397-0FC8-49E3-9FC1-51B5F68A7DD0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [TCP Query User{23C78A46-DA51-4410-8FD7-B92D9CD0182F}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{20CADABF-5640-4640-AAD0-0FCB7C768A6D}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{7919D2CD-2FBE-4047-AB76-C729ABC33759}] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{E0CB3568-2010-42AF-9F86-0EFFCE56D4C9}] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{F98A1208-C992-4820-BB99-EB19AA0AE8E1}C:\program files (x86)\ftprush\ftprush.exe] => (Allow) C:\program files (x86)\ftprush\ftprush.exe
FirewallRules: [UDP Query User{797FCA2A-1C08-4917-849B-FDF7B93C63D8}C:\program files (x86)\ftprush\ftprush.exe] => (Allow) C:\program files (x86)\ftprush\ftprush.exe
FirewallRules: [{A17DF673-784F-4FD7-9723-305EBE15D116}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
FirewallRules: [{C91441AD-8F11-47A0-BB59-AA7B1F65A330}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
FirewallRules: [{FFF639CC-4A34-4347-A8A8-41CD3587376F}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
FirewallRules: [{2E78FCC5-454A-40AE-AA7D-D8E42CE68DEE}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
FirewallRules: [{2CF1C950-CD39-4021-8BF7-579969943023}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{D824EF1C-3643-48B6-8124-CD6BACB04531}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{29B09A44-3E1B-4004-A26E-3B60B19074D5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{862EEF92-8F16-4AA7-BE44-65ECECA6E968}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [TCP Query User{8E58FFEC-E106-4FC8-8ABB-CFD051248184}C:\program files (x86)\ftprush\ftprush.exe] => (Block) C:\program files (x86)\ftprush\ftprush.exe
FirewallRules: [UDP Query User{4384D3B5-3319-4104-9995-38A628A32252}C:\program files (x86)\ftprush\ftprush.exe] => (Block) C:\program files (x86)\ftprush\ftprush.exe
FirewallRules: [TCP Query User{B78A5B98-5FF3-459F-A408-9EF6FAE44ADB}C:\users\s\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\s\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{55ECA24A-5568-4287-BC3B-0AC17527631C}C:\users\s\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\s\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{AB5DD043-E289-4BD5-96D1-C6C36E485418}C:\users\s\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\s\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{F6A8BB49-2AF7-467A-94E4-C590CE0C0CE2}C:\users\s\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\s\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{56BC7622-B916-435E-A99E-B3F97DC2B7B2}C:\program files\plentymarkets\plentymarkets.exe] => (Allow) C:\program files\plentymarkets\plentymarkets.exe
FirewallRules: [UDP Query User{AE302455-86AB-4369-BC73-705BE5491036}C:\program files\plentymarkets\plentymarkets.exe] => (Allow) C:\program files\plentymarkets\plentymarkets.exe
FirewallRules: [{7FCF99BE-B64C-4253-9875-049FD6EE6AA9}] => (Allow) C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{77EE1C70-93F9-471C-AC16-B65023CD0F59}] => (Allow) C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{EE98B557-949C-417A-930B-F7A073B7F3F7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{0C152529-6A25-4C14-B1B7-2CD6EF949FC2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{2948C0C7-1B75-4F31-A81B-E9A3248DEA61}C:\users\s\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\s\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8EA478D7-4D10-4161-9219-926541B70169}C:\users\s\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\s\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{F14AC53E-5CEF-49FE-9CBB-0DF22A816B1D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{FDB4C01D-F4D9-4938-8095-2C74532A5B93}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{DC3DFE60-96C4-47C4-A493-981FF86CFA53}C:\program files\plentymarkets\plentymarkets.exe] => (Allow) C:\program files\plentymarkets\plentymarkets.exe
FirewallRules: [UDP Query User{92A4DB3C-4104-4936-8AA3-F71440316A3E}C:\program files\plentymarkets\plentymarkets.exe] => (Allow) C:\program files\plentymarkets\plentymarkets.exe
FirewallRules: [TCP Query User{C0129FFD-FFE5-422E-84E4-643D59C0C0F4}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{431F683D-E82A-4A6C-B687-E37281C041A0}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{F0AD5292-DE10-4214-B6A5-447ED58AC720}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{379F69FE-3BC4-4C53-B85A-904B4114A44E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{792EDE5E-D31B-4320-9A52-CEE928322F1C}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{6AC56DAE-8C18-4920-8EAC-1101786C3F3E}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{33F25883-60DB-49D3-A745-F5F64C7C0560}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\app\StarMoney.exe
FirewallRules: [{801CE9A9-9D86-4CD9-B237-E2CAD0A1F3D3}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\app\StarMoney.exe
FirewallRules: [TCP Query User{6BB9E385-A916-4AE9-9ACB-E699B7747A9B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{037EDFE1-43DE-4272-B543-1C13CCC0D876}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{B63DAE1C-FE80-4F4B-A7AE-43644616C7AB}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PairingWizard.exe
FirewallRules: [{4A7A5C9B-EED4-40B1-AD45-6960AA5648A1}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PairingWizard.exe
FirewallRules: [{775848ED-0AC4-4EC6-93BA-1287B0787B13}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe
FirewallRules: [{73F0DEAF-3EAC-44CD-B822-FD6026AEB483}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe
FirewallRules: [{DFB9FE53-F7E1-4722-9045-7BE36A899B8A}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{DA13A301-BC4D-4410-8E2E-C0A71DDA511E}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{7EA59164-96B1-4AC8-B02B-9AE5D204C320}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\app\StarMoney.exe
FirewallRules: [{44984E01-EA4E-4B26-A680-8F5CEC2E1BC9}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\app\StarMoney.exe
FirewallRules: [{78EBD91E-BE77-48D1-9C3D-69DEAE23945B}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{695BCC07-367E-4D56-8799-C8042E5E9CC9}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{D39A23BF-94FA-498F-A9C6-3E18E77E3519}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe
FirewallRules: [{C6706BC1-2DF5-448D-BBE8-313A44848299}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe
FirewallRules: [{82742D6B-DF99-4D44-AA09-289ACDB37316}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{6418332D-6F4D-40F3-B766-9CB43D5207FC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{46CA8FF4-F56E-48AD-9640-97598D0FC971}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{43005283-9479-4BF6-A0D6-3E66D6901BC6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{58041001-C0BD-483C-B87F-5EBD33FE09CC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{78679A20-E125-45C9-9478-F1EC5D1097E2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/27/2015 07:29:30 PM) (Source: SideBySide) (EventID: 79) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1".
Die Einstellung "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName" ist nicht registriert.

Error: (05/27/2015 11:41:45 AM) (Source: SideBySide) (EventID: 79) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1".
Die Einstellung "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName" ist nicht registriert.

Error: (05/27/2015 11:35:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 38.0.1.5611, Zeitstempel: 0x55541a90
Name des fehlerhaften Moduls: mozalloc.dll, Version: 38.0.1.5611, Zeitstempel: 0x55540a1e
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0x3658
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5

Error: (05/27/2015 11:35:39 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (05/26/2015 00:06:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (05/25/2015 08:43:48 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (05/25/2015 08:43:48 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (05/25/2015 08:43:48 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (05/25/2015 08:43:24 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (05/25/2015 08:43:18 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.


System errors:
=============
Error: (05/27/2015 07:29:59 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x0000000000000003, 0xffffe001aa1eb060, 0xfffff801f5814960, 0xffffe001aaa36cf0)C:\WINDOWS\MEMORY.DMP052715-12593-01

Error: (05/27/2015 07:29:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%14001

Error: (05/27/2015 07:28:14 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT-AUTORITÄT)
Description: Der Systemüberwachungszeitgeber wurde ausgelöst.

Error: (05/27/2015 07:28:39 PM) (Source: APPHOSTSVC) (EventID: 9010) (User: )
Description: Fehler im Anwendungshost-Hilfsdienst beim Zugriff auf das Verlaufsstammverzeichnis "C:\inetpub\history". Das Verzeichnis ist nicht vorhanden, oder die Berechtigungen für das Verzeichnis lassen den Zugriff des Verzeichnisdiensts auf das Verzeichnis nicht zu. Das Konfigurationsverlaufsfeature wird deaktiviert und erneut aktiviert, nachdem das Problem behoben wurde. Stellen Sie zum Beheben des Problems sicher, dass das Verzeichnis vorhanden ist und dass die Gruppe "Administratoren" über Lese- und Schreibzugriff auf das Verzeichnis verfügt. Das Datenfeld enthält die Fehlernummer.

Error: (05/27/2015 07:28:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎27.‎05.‎2015 um 17:13:50 unerwartet heruntergefahren.

Error: (05/27/2015 07:28:09 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 16) (User: NT-AUTORITÄT)
Description: 32212254731146016

Error: (05/27/2015 04:13:45 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (05/27/2015 04:13:45 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (05/27/2015 04:13:45 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (05/27/2015 04:13:45 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.


Microsoft Office:
=========================
Error: (05/27/2015 07:29:30 PM) (Source: SideBySide) (EventID: 79) (User: )
Description: hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNameC:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

Error: (05/27/2015 11:41:45 AM) (Source: SideBySide) (EventID: 79) (User: )
Description: hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNameC:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

Error: (05/27/2015 11:35:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.1.561155541a90mozalloc.dll38.0.1.561155540a1e8000000300001aa1365801d097b5fa1f7e0dC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllc6a58abd-0453-11e5-bf19-8434978947f8

Error: (05/27/2015 11:35:39 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\$Recycle.Bin\S-1-5-21-2262038565-221129539-630273557-1001\$RR288CK.exe

Error: (05/26/2015 00:06:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (05/25/2015 08:43:48 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\s\Desktop\esetsmartinstaller_deu.exe

Error: (05/25/2015 08:43:48 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\s\Desktop\esetsmartinstaller_deu.exe

Error: (05/25/2015 08:43:48 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\s\Desktop\esetsmartinstaller_deu.exe

Error: (05/25/2015 08:43:24 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\s\Desktop\esetsmartinstaller_deu.exe

Error: (05/25/2015 08:43:18 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\s\Desktop\esetsmartinstaller_deu.exe


CodeIntegrity Errors:
===================================
  Date: 2013-11-30 15:06:55.497
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-30 14:42:41.927
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-30 14:39:40.327
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-30 13:40:28.974
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-30 13:39:09.041
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-30 13:10:21.879
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll that did not meet the Microsoft signing level requirements.

  Date: 2013-11-30 13:10:21.754
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll that did not meet the Microsoft signing level requirements.

  Date: 2013-11-30 13:10:18.442
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll that did not meet the Microsoft signing level requirements.

  Date: 2013-11-30 13:10:09.332
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll that did not meet the Microsoft signing level requirements.

  Date: 2013-11-30 13:10:09.035
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 63%
Total physical RAM: 6036.28 MB
Available physical RAM: 2228.08 MB
Total Pagefile: 12180.28 MB
Available Pagefile: 7717.94 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:448.38 GB) (Free:80.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:16.27 GB) (Free:2.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive i: () (Removable) (Total:29.47 GB) (Free:29.47 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 466E2C46)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 6 GB) (Disk ID: C73F6553)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 29.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End of log ============================
         
Das Problem besteht leider immer noch

Alt 28.05.2015, 12:24   #12
schrauber
/// the machine
/// TB-Ausbilder
 

500 Mails täglich von Outlook nach DHL Trojaner - Standard

500 Mails täglich von Outlook nach DHL Trojaner



Passwort nochmal ändern vom Mail Account.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.05.2015, 12:54   #13
Sash1502
 
500 Mails täglich von Outlook nach DHL Trojaner - Standard

500 Mails täglich von Outlook nach DHL Trojaner



Habe am Donnerstag das Passwort geändert und seit dem zwar noch einige Mails erhalten (die nicht zugestellt werden konnten usw.) Heute, am Freitag kam noch eine Mail bei mir rein.

Seither ist ruhe...ich hoffe es bleibt so

Vielen vielen Dank Schrauber

Sollte sich das Problem noch einmal bemerkbar machen melde ich mich.

Gruß

Alt 30.05.2015, 08:59   #14
schrauber
/// the machine
/// TB-Ausbilder
 

500 Mails täglich von Outlook nach DHL Trojaner - Standard

500 Mails täglich von Outlook nach DHL Trojaner



ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.06.2015, 11:34   #15
Sash1502
 
500 Mails täglich von Outlook nach DHL Trojaner - Standard

500 Mails täglich von Outlook nach DHL Trojaner



Das Problem scheint gelöst zu sein
Bis heute kamen keine weiteren Mails mehr rein

Nochmals vielen vielen Dank für deine Hilfe.

Gruß

Antwort

Themen zu 500 Mails täglich von Outlook nach DHL Trojaner
adobe, antivir, avira, browser, defender, downloader, entfernen, failed, firefox, ftp, google, homepage, hotspot, installation, kaspersky, launch, mozilla, mp3, pdf anhang, realtek, registry, scan, services.exe, software, starmoney, super, svchost.exe, system, trojaner, windows, windowsapps




Ähnliche Themen: 500 Mails täglich von Outlook nach DHL Trojaner


  1. Outlook versendet automatisch Mails
    Plagegeister aller Art und deren Bekämpfung - 22.10.2015 (18)
  2. Outlook 2007 möchte mehrere Mails versenden obwohl keine Mails im Ausgangsordner existieren
    Alles rund um Windows - 05.08.2015 (25)
  3. GMail Konto versendet täglich hunderte Spam Mails an mir unbekannte Adressen
    Log-Analyse und Auswertung - 29.03.2015 (5)
  4. Täglich dutzende Spam-Mails (Mailer-Daemon etc.), jetzt Account gesperrt, 40 Infizierungen auf PC
    Plagegeister aller Art und deren Bekämpfung - 14.05.2014 (17)
  5. Mailer Daemon Mails von GMX-Konto - Spam oder sendet Outlook selbstständig Mails?
    Plagegeister aller Art und deren Bekämpfung - 12.12.2013 (8)
  6. Outlook versendet selbstständig Mails
    Plagegeister aller Art und deren Bekämpfung - 04.01.2013 (35)
  7. Trojaner? Mails werden automatisch von Outlook versendet
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (3)
  8. Outlook sendet selbständig Mails
    Log-Analyse und Auswertung - 22.11.2011 (5)
  9. Outlook Mails und Kontakte retten
    Alles rund um Windows - 22.04.2011 (3)
  10. Outlook verschickt hunderte Mails, Trojaner und Heuristicmalware
    Log-Analyse und Auswertung - 02.07.2009 (27)
  11. Outlook sendet 2 mails
    Log-Analyse und Auswertung - 27.07.2008 (5)
  12. Email-Problem: Undeliverable Mail (Re 0:) täglich 100 dieser Mails
    Plagegeister aller Art und deren Bekämpfung - 17.12.2006 (20)
  13. Outlook Express Zeitlimit für mails!
    Alles rund um Windows - 30.11.2005 (8)
  14. Zustand nach Trojan-Spy.HTML.Smitfraud.c..... Outlook express Mails nicht zu öffnen ?
    Plagegeister aller Art und deren Bekämpfung - 28.06.2005 (2)
  15. Outlook sendet unbekannte Mails
    Plagegeister aller Art und deren Bekämpfung - 31.05.2005 (0)
  16. Täglich 20 - 50 solche mails, was ist das?
    Mülltonne - 14.06.2004 (11)
  17. outlook Filter bei html-mails
    Alles rund um Windows - 31.05.2004 (19)

Zum Thema 500 Mails täglich von Outlook nach DHL Trojaner - Hallo zusammen, eins vorab: schön das es euch gibt Wie so viele habe auch ich den PDF Anhang mit dem Trojaner der "DHL" geöffnet. Ich konnte mit Kaspersky schon einige - 500 Mails täglich von Outlook nach DHL Trojaner...
Archiv
Du betrachtest: 500 Mails täglich von Outlook nach DHL Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.