|
Plagegeister aller Art und deren Bekämpfung: 500 Mails täglich von Outlook nach DHL TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.05.2015, 22:04 | #1 |
| 500 Mails täglich von Outlook nach DHL Trojaner Hallo zusammen, eins vorab: schön das es euch gibt Wie so viele habe auch ich den PDF Anhang mit dem Trojaner der "DHL" geöffnet. Ich konnte mit Kaspersky schon einige Sachen entfernen doch Outlook versendet, und das auch nur von einer einzigen Mail Adresse aus täglich knapp 500 Mails. Es nervt einfach nur noch und ich bitte um eure Hilfe. Hier auch gleich das FRST Log...hoffentlich im richtigen Code gepostet... FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015 Ran by s (administrator) on SR_HP_ULTRABOOK on 20-05-2015 22:18:52 Running from C:\Users\s\Desktop Loaded Profiles: s & Gast (Available profiles: s & Gast) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (FUJIFILM Corporation.) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe (Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe (Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (OrdinarySoft) C:\Program Files\Start Menu X\StartMenuX.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe (Spotify Ltd) C:\Users\s\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Dropbox, Inc.) C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Deutsche Telekom AG) C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Code:Aero Technologies) C:\Program Files (x86)\Password Memory 4\Keynote.exe (Code:Aero Technologies) C:\Program Files (x86)\Password Memory 4\Keynote.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-09] (IDT, Inc.) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-06-13] (Synaptics Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-31] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [74160 2014-01-29] (Check Point Software Technologies LTD) HKLM-x32\...\Run: [DATEVSetup] => C:\Users\s\AppData\Local\Temp\OYa04020\TLP\DATEVsetup.exe <===== ATTENTION HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] () HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH) HKLM-x32\...\Run: [DVCServ] => C:\Program Files (x86)\DATEV-SiPa-compact\DVCSERV HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SMB60StarMoneyRunEntry] => C:\Program Files (x86)\StarMoney Business 6.0\app\oflagent.exe [51856 2015-04-13] (Star Finanz-Software Entwicklung und Vertriebs GmbH) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [icq] => C:\Users\s\AppData\Roaming\ICQM\icq.exe [28698984 2013-08-31] (ICQ) HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [StartMenuX] => C:\Program Files\Start Menu X\StartMenuX.exe [7673664 2013-11-20] (OrdinarySoft) HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [Allway Sync] => C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe [94920 2015-04-21] () HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [Spotify Web Helper] => C:\Users\s\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-14] (Spotify Ltd) HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [GoogleChromeAutoLaunch_25B1D1BADDAEDB1571E4D008134EB6A3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-05-05] (Google Inc.) HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [EntscheiderClub Premium] => C:\Users\s\AppData\Local\EntscheiderClub Premium\EntscheiderClub Premium.exe [1121264 2015-01-29] (Wakoopa) HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [9c5bf01b358884ef955dbaaa237340c7] => "C:\Users\s\AppData\Local\9c5bf01b358884ef955dbaaa237340c7.exe" HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\MountPoints2: {edae7ff0-618c-11e3-beb2-8434978947f8} - "E:\AutoRun.exe" HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\E-POST MAILER.lnk [2015-03-03] ShortcutTarget: E-POST MAILER.lnk -> C:\Program Files (x86)\Deutsche Post AG\E-POST MAILER\EpostMailer.exe (Deutsche Post AG) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FUJIFILM PC AutoSave auf Standby.lnk [2015-04-05] ShortcutTarget: FUJIFILM PC AutoSave auf Standby.lnk -> C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\Manager.exe (FUJIFILM Corporation.) Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-09-30] ShortcutTarget: Dropbox.lnk -> C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk [2015-01-20] ShortcutTarget: Mediencenter.lnk -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [01Mediencenter_InSync] -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2014-06-12] (Deutsche Telekom AG) ShellIconOverlayIdentifiers: [02Mediencenter_ToSync] -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2014-06-12] (Deutsche Telekom AG) ShellIconOverlayIdentifiers: [03Mediencenter_Failed] -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2014-06-12] (Deutsche Telekom AG) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKU\S-1-5-21-2262038565-221129539-630273557-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.goodsyouneed.de/ HKU\S-1-5-21-2262038565-221129539-630273557-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4 HKU\S-1-5-21-2262038565-221129539-630273557-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM -> {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKLM-x32 -> {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKU\S-1-5-21-2262038565-221129539-630273557-1001 -> {13BCEA89-FB1C-45B8-8EE9-2900DCF75A39} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552&CUI=UN15775412304438150&UM=1 SearchScopes: HKU\S-1-5-21-2262038565-221129539-630273557-1001 -> {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-2262038565-221129539-630273557-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKU\S-1-5-21-2262038565-221129539-630273557-501 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2262038565-221129539-630273557-501 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) BHO: SCardBHOEvent Class -> {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} -> C:\Program Files (x86)\DATEV-SiPa-compact\DVCCSASCardBHO64002.dll [2014-05-12] (DATEV eG) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2015-01-13] (DVDVideoSoft Ltd.) BHO: EntscheiderClub Premium -> {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} -> C:\Users\s\AppData\Local\Wakoopa Shared\WakoopaBHO-x64.dll [2015-01-29] (Wakoopa) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-19] (Oracle Corporation) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-12-17] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) BHO-x32: SCardBHOEvent Class -> {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} -> C:\Program Files (x86)\DATEV-SiPa-compact\DVCCSASCardBHO002.dll [2014-05-12] (DATEV eG) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-19] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-01-13] (DVDVideoSoft Ltd.) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated) BHO-x32: EntscheiderClub Premium -> {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} -> C:\Users\s\AppData\Local\Wakoopa Shared\WakoopaBHO.dll [2015-01-29] (Wakoopa) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-2262038565-221129539-630273557-1001 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.43.1 FireFox: ======== FF ProfilePath: C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default FF Homepage: hxxp://t3n.de/|hxxp://www.logistik-watchblog.de/ FF NetworkProxy: "MM3ProxySwitch.type", 1 FF NetworkProxy: "ftp", "127.0.0.1" FF NetworkProxy: "ftp_port", 8080 FF NetworkProxy: "http", "127.0.0.1" FF NetworkProxy: "http_port", 8080 FF NetworkProxy: "no_proxies_on", "" FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-18] () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-18] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-06-13] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-06-13] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-19] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-19] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-07-24] (Nullsoft, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Extension: Avira Browser Safety - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\abs@avira.com [2015-04-27] FF Extension: YouTube Unblocker - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\youtubeunblocker@unblocker.yt [2014-11-05] FF Extension: Hide My Ass Proxy Extension - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\extension@hidemyass.com.xpi [2013-06-29] FF Extension: Soundcloud SUPER +2: Downloader and Recommender - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi [2013-08-23] FF Extension: SoundCloud Downloader - Technowise - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2013-08-23] FF Extension: Adblock Plus - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-19] FF Extension: {f5110906-1b93-4640-a7fe-12251b0b7b10} - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{f5110906-1b93-4640-a7fe-12251b0b7b10}.xpi [2014-12-08] FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com [2013-09-01] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2013-06-15] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-09-02] Chrome: ======= CHR HomePage: Default -> hxxp://www.goodsyouneed.de/plenty/ui/admin.html CHR StartupUrls: Default -> "hxxp://www.goodsyouneed.de/plenty/ui/admin.html" CHR Profile: C:\Users\s\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-29] CHR Extension: (Google Drive) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-29] CHR Extension: (EntscheiderClub Premium) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbojioefbafdanbjbdhhmoblcbikeia [2015-03-29] CHR Extension: (YouTube) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-29] CHR Extension: (Google Cast) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-05-30] CHR Extension: (Adblock Plus) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-30] CHR Extension: (Google Search) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-29] CHR Extension: (Bookmark Manager) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-23] CHR Extension: (DVDVideoSoft) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2014-04-29] CHR Extension: (Google Wallet) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-29] CHR Extension: (Gmail) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-29] CHR Profile: C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Slides) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06] CHR Extension: (Google Docs) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06] CHR Extension: (Google Drive) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-06] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-06] CHR Extension: (YouTube) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-06] CHR Extension: (Google Search) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-06] CHR Extension: (Google Sheets) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06] CHR Extension: (Skype Click to Call) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-06] CHR Extension: (DVDVideoSoft) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2015-02-06] CHR Extension: (Google Wallet) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-06] CHR Extension: (Gmail) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-06] CHR Profile: C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2 CHR Extension: (Google Slides) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06] CHR Extension: (Google Docs) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06] CHR Extension: (Google Drive) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-06] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-06] CHR Extension: (YouTube) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-06] CHR Extension: (Google Search) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-06] CHR Extension: (Google Sheets) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06] CHR Extension: (Avira Browser Safety) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-06] CHR Extension: (Skype Click to Call) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-06] CHR Extension: (DVDVideoSoft) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2015-02-06] CHR Extension: (Google Wallet) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-06] CHR Extension: (Gmail) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-06] CHR HKU\S-1-5-21-2262038565-221129539-630273557-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-06-15] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG) R2 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182784 2015-04-13] () [File not signed] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 FFPCAutoSave; C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe [94208 2013-02-28] (FUJIFILM Corporation.) [File not signed] R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-06-13] (Intel Corporation) R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-06-13] (Intel Corporation) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.) S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.) R2 StarMoney 10 OnlineUpdate; C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe [688272 2015-04-15] (Star Finanz-Software Entwicklung und Vertriebs GmbH) R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH) R2 StarMoney Business 6.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5491984 2015-05-13] (TeamViewer GmbH) R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2014-01-29] (Check Point Software Technologies LTD) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-30] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-06-24] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-12] (Avira Operations GmbH & Co. KG) S1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [46792 2013-09-17] (AnchorFree Inc.) R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-21] (Intel Corporation) R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-07-17] (Kaspersky Lab ZAO) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2013-02-21] (Kaspersky Lab) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-10-08] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [489056 2013-10-08] (Kaspersky Lab ZAO) S3 KOBCCID; C:\Windows\system32\drivers\KOBCCID.sys [116864 2014-03-18] (KOBIL Systems GmbH) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-13] (Synaptics Incorporated) R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-08-13] (Anchorfree Inc.) R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [454168 2013-10-23] (Check Point Software Technologies LTD) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) U0 dmboot; No ImagePath S3 ewusbnet; \SystemRoot\system32\DRIVERS\ewusbnet.sys [X] S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X] S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X] S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-20 22:18 - 2015-05-20 22:19 - 00043267 _____ () C:\Users\s\Desktop\FRST.txt 2015-05-20 22:18 - 2015-05-20 22:19 - 00000000 ____D () C:\FRST 2015-05-20 22:17 - 2015-05-20 22:17 - 02107904 _____ (Farbar) C:\Users\s\Desktop\FRST64.exe 2015-05-19 13:59 - 2015-05-19 13:59 - 00001255 _____ () C:\WINDOWS\system32\TeamViewer10_Hooks.log 2015-05-19 00:52 - 2015-05-19 00:51 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2015-05-19 00:51 - 2015-05-19 00:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-05-18 22:37 - 2015-05-18 22:37 - 00000000 ____D () C:\ProgramData\StarMoney 10 2015-05-18 22:37 - 2015-05-18 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 10 2015-05-18 22:30 - 2015-05-20 01:18 - 00000000 ____D () C:\Program Files (x86)\StarMoney 10 2015-05-18 16:13 - 2015-05-18 16:13 - 00000019 _____ () C:\Users\s\Desktop\buchhaltungssoftware.txt 2015-05-18 09:55 - 2015-05-18 10:37 - 00000000 ____D () C:\KVRT_Data 2015-05-14 16:14 - 2015-05-14 16:14 - 00000123 _____ () C:\Users\s\Desktop\Collmex.url 2015-05-02 03:04 - 2015-05-02 03:04 - 00000000 ____D () C:\Users\s\Documents\Hausverwalter 2015-05-02 03:04 - 2015-05-02 03:04 - 00000000 ____D () C:\Users\s\AppData\Roaming\Buhl Data Service 2015-05-02 03:04 - 2015-05-02 03:04 - 00000000 ____D () C:\Users\s\AppData\Local\Buhl Data Service 2015-05-02 03:03 - 2015-05-04 12:14 - 00000647 _____ () C:\WINDOWS\wiso.ini 2015-05-02 03:03 - 2015-05-02 03:03 - 00002131 _____ () C:\Users\Public\Desktop\WISO Hausverwalter 2015.lnk 2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\Users\s\AppData\Roaming\Buhl 2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\Users\s\AppData\Local\Buhl 2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Hausverwalter 2015 2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\Program Files (x86)\Buhl 2015-05-02 03:02 - 2015-05-02 03:03 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH 2015-04-28 23:55 - 2015-04-28 23:55 - 00001733 _____ () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Copy of plentymarkets.lnk 2015-04-28 23:49 - 2015-04-28 23:49 - 07810528 _____ (plentymarkets GmbH) C:\Users\s\plentymarkets_updater_windows_216.exe 2015-04-21 20:19 - 2015-05-19 13:59 - 00000985 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-04-21 20:19 - 2015-04-21 20:19 - 00000000 ____D () C:\Users\s\AppData\Local\TeamViewer ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-20 22:21 - 2013-05-14 23:57 - 00000000 ____D () C:\Users\s\Documents\Outlook-Dateien 2015-05-20 22:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-05-20 22:00 - 2015-02-27 21:25 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0 2015-05-20 21:59 - 2013-11-30 16:56 - 01072060 _____ () C:\WINDOWS\WindowsUpdate.log 2015-05-20 21:58 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-05-20 21:50 - 2014-04-29 13:07 - 00001150 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-20 20:00 - 2015-04-14 21:31 - 00000000 ____D () C:\Program Files (x86)\StarMoney Business 6.0 2015-05-20 19:42 - 2015-01-20 02:14 - 00000000 ___RD () C:\Users\s\Mediencenter 2015-05-20 17:49 - 2013-06-22 18:48 - 00000000 ____D () C:\Users\s\AppData\Roaming\FTPRush 2015-05-20 10:43 - 2014-05-27 17:55 - 00000000 ___RD () C:\Users\s\Dropbox 2015-05-19 19:28 - 2013-05-10 12:34 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2262038565-221129539-630273557-1001 2015-05-19 14:00 - 2014-08-28 21:12 - 00000408 _____ () C:\WINDOWS\Tasks\Allway Sync_{4E6949520858136489535401CF6DD6A8}.job 2015-05-19 14:00 - 2013-11-22 17:08 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2015-05-19 01:24 - 2013-08-07 14:13 - 00000000 ____D () C:\Users\s\AppData\Roaming\vlc 2015-05-19 00:52 - 2013-10-21 18:27 - 00000000 ____D () C:\ProgramData\Oracle 2015-05-19 00:51 - 2013-10-21 18:27 - 00000000 ____D () C:\Program Files (x86)\Java 2015-05-18 22:34 - 2013-08-22 15:25 - 00017486 _____ () C:\WINDOWS\system32\Drivers\etc\services 2015-05-18 22:15 - 2012-08-24 18:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-05-18 22:00 - 2014-09-02 12:01 - 00000000 ____D () C:\Users\s\AppData\Local\Adobe 2015-05-18 21:50 - 2013-09-30 06:14 - 01980934 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-05-18 21:50 - 2013-09-30 05:56 - 00842568 _____ () C:\WINDOWS\system32\perfh007.dat 2015-05-18 21:50 - 2013-09-30 05:56 - 00191764 _____ () C:\WINDOWS\system32\perfc007.dat 2015-05-18 21:46 - 2014-05-27 17:53 - 00000000 ____D () C:\Users\s\AppData\Roaming\Dropbox 2015-05-18 21:46 - 2012-08-24 18:00 - 00000000 ____D () C:\ProgramData\Temp 2015-05-18 21:45 - 2013-11-30 17:11 - 00000000 ___DO () C:\Users\s\SkyDrive 2015-05-18 21:43 - 2015-03-03 08:57 - 00000106 _____ () C:\WINDOWS\system32\mfilemon.log 2015-05-18 21:43 - 2014-04-29 13:07 - 00001146 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-18 21:43 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-05-18 21:42 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-05-18 11:15 - 2014-06-10 15:21 - 00000000 ____D () C:\Users\s\AppData\Local\Spotify 2015-05-18 10:52 - 2014-06-10 15:20 - 00000000 ____D () C:\Users\s\AppData\Roaming\Spotify 2015-05-18 01:43 - 2014-01-02 20:14 - 00003154 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleFors 2015-05-18 01:43 - 2014-01-02 20:14 - 00000348 _____ () C:\WINDOWS\Tasks\HPCeeScheduleFors.job 2015-05-18 00:39 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-05-17 15:31 - 2013-08-22 16:46 - 00336769 _____ () C:\WINDOWS\setupact.log 2015-05-17 13:16 - 2013-05-12 21:28 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log 2015-05-17 06:45 - 2014-04-29 13:07 - 00004122 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-17 06:45 - 2014-04-29 13:07 - 00003886 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-05 13:15 - 2015-03-05 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-05-05 13:12 - 2014-07-07 17:21 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2015-05-05 13:12 - 2014-07-07 17:21 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2015-05-04 12:29 - 2014-12-17 14:50 - 00000000 ____D () C:\WINDOWS\uninstall 2015-05-04 12:29 - 2014-12-17 14:50 - 00000000 ____D () C:\Program Files (x86)\CDN YabeOffice Daten 2015-05-04 12:29 - 2014-12-17 14:50 - 00000000 ____D () C:\Program Files (x86)\CDN YabeOffice 2015-05-04 12:18 - 2014-04-30 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Allway Sync 2015-05-04 12:18 - 2014-04-30 18:22 - 00000000 ____D () C:\Program Files (x86)\Allway Sync 2015-04-29 00:52 - 2013-09-29 21:04 - 00377164 _____ () C:\WINDOWS\PFRO.log 2015-04-28 23:55 - 2014-09-21 17:41 - 00001784 _____ () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\plentymarkets.lnk 2015-04-28 23:55 - 2014-03-03 14:32 - 00000000 ____D () C:\Program Files\plentymarkets 2015-04-28 23:49 - 2013-11-30 16:48 - 00000000 ____D () C:\Users\s 2015-04-23 18:53 - 2013-06-15 17:00 - 00000000 ____D () C:\Users\s\AppData\Roaming\WindSolutions 2015-04-22 16:18 - 2013-08-22 16:44 - 05142072 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-04-22 16:17 - 2013-05-14 23:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-04-21 23:34 - 2013-05-14 23:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-04-21 20:19 - 2013-10-20 16:25 - 00000000 ____D () C:\Users\s\AppData\Roaming\TeamViewer ==================== Files in the root of some directories ======= 2013-05-10 12:25 - 2013-06-08 12:51 - 0013930 _____ () C:\Users\s\AppData\Roaming\AbsoluteReminder.xml 2013-10-19 13:29 - 2013-10-19 13:58 - 0001796 _____ () C:\Users\s\AppData\Roaming\LiveSupport.exe_log.txt 2013-10-19 13:29 - 2013-10-19 14:48 - 0000092 _____ () C:\Users\s\AppData\Roaming\regsvr32.exe_log.txt 2014-03-18 16:19 - 2014-03-18 16:20 - 0000834 _____ () C:\Users\s\AppData\Local\belegtransfer_setup.log 2014-09-02 20:25 - 2014-09-02 20:25 - 0002273 _____ () C:\Users\s\AppData\Local\recently-used.xbel 2014-03-18 12:27 - 2015-01-14 11:46 - 0718262 _____ () C:\Users\s\AppData\Local\tempvcredist_x64.log 2014-02-09 18:25 - 2014-02-09 18:25 - 0000011 _____ () C:\ProgramData\.tv7 Files to move or delete: ==================== C:\Users\s\plentymarkets_updater_windows_207.exe C:\Users\s\plentymarkets_updater_windows_208.exe C:\Users\s\plentymarkets_updater_windows_209.exe C:\Users\s\plentymarkets_updater_windows_210.exe C:\Users\s\plentymarkets_updater_windows_213.exe C:\Users\s\plentymarkets_updater_windows_214.exe C:\Users\s\plentymarkets_updater_windows_215.exe C:\Users\s\plentymarkets_updater_windows_216.exe C:\Users\s\plentymarkets_windows_212.exe Some content of TEMP: ==================== C:\Users\Gast\AppData\Local\Temp\avgnt.exe C:\Users\s\AppData\Local\Temp\avgnt.exe C:\Users\s\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpv7tf4_.dll C:\Users\s\AppData\Local\Temp\FreeStudio.exe C:\Users\s\AppData\Local\Temp\i4jdel0.exe C:\Users\s\AppData\Local\Temp\jre-8u31-windows-au.exe C:\Users\s\AppData\Local\Temp\proxy_vole5753558156256649135.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-18 23:24 ==================== End Of Log ============================ |
21.05.2015, 06:55 | #2 |
/// the machine /// TB-Ausbilder | 500 Mails täglich von Outlook nach DHL Trojaner Hi,
__________________Addition.txt fehlt noch
__________________ |
21.05.2015, 21:54 | #3 |
| 500 Mails täglich von Outlook nach DHL Trojaner Ahhh....da ist sie..
__________________Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05-2015 Ran by s at 2015-05-20 22:21:26 Running from C:\Users\s\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2262038565-221129539-630273557-500 - Administrator - Disabled) fbwuser (S-1-5-21-2262038565-221129539-630273557-1005 - Limited - Disabled) Gast (S-1-5-21-2262038565-221129539-630273557-501 - Limited - Enabled) => C:\Users\Gast HomeGroupUser$ (S-1-5-21-2262038565-221129539-630273557-1003 - Limited - Enabled) s (S-1-5-21-2262038565-221129539-630273557-1001 - Administrator - Enabled) => C:\Users\s ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: ZoneAlarm Antivirus (Enabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D} FW: ZoneAlarm Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.13 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.) Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.) Allway Sync version 15.1.9 (HKLM-x32\...\Allway Sync_is1) (Version: - Botkind Inc) Ant Renamer (HKLM-x32\...\Ant Renamer 2_is1) (Version: 2.10.0 - Ant Software) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG) CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DATEV Belegtransfer V.3.22 (HKLM-x32\...\{EC561A24-754E-44F1-B76F-2FDA3DF9E912}) (Version: 2.03 - DATEV eG) DATEV Installation V.2.74 (HKLM-x32\...\DATEVB00000482.0) (Version: - ) DATEV Sicherheitspaket - compact (HKLM-x32\...\{13D2D749-7F84-4A63-A09E-3DFDBA4E03EF}) (Version: 2.40.0001 - DATEV eG) DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC) Dropbox (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.) DVS Video Downloader Addon for Mozilla Firefox version 4.3.4.15 (HKLM-x32\...\DVS Video Downloader Addon for Mozilla Firefox_is1) (Version: 4.3.4.15 - DVDVideoSoft Ltd.) Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard) EntscheiderClub Premium (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\EntscheiderClub Premium) (Version: - Wakoopa B.V.) E-POST MAILER (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\{6e991dbc-fbeb-434e-b0c0-20f336054450}) (Version: 2.0.1.1972 - Deutsche Post AG) E-POST MAILER (x32 Version: 2.0.1.1925 - Deutsche Post AG) Hidden E-POST MAILER Drucker (Version: 2.0.1.1925 - Deutsche Post AG) Hidden E-POST MAILER Start (x32 Version: 1.0.0.0 - Deutsche Post AG) Hidden etope Lister 2 (HKLM-x32\...\etope Lister_is1) (Version: - Freshworx GmbH & Co.KG) Evernote v. 5.8.1 (HKLM-x32\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.) Free Studio version 6.4.2.113 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.2.113 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.17.1125 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.17.1125 - DVDVideoSoft Ltd.) FTPRush 2.1.8 (HKLM-x32\...\FTP Rush_is1) (Version: 2.1.8 - wftpserver.com) FUJIFILM PC AutoSave (HKLM-x32\...\{872F1306-0DB6-45EC-832E-2F5D3A56CF99}) (Version: 1.0.0 - FUJIFILM) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP 3D DriveGuard (HKLM\...\{AB5BCC55-18E2-46C7-9405-FF61CB888F05}) (Version: 4.2.9.1 - Hewlett-Packard Company) HP CoolSense (HKLM-x32\...\{0D3A6808-82B8-4BB1-BE5A-AED75B3F6C02}) (Version: 2.20.11 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{D044EBE7-94E7-4C49-90FC-9069E3F374E1}) (Version: 1.1.0.0 - Hewlett-Packard) HP Quick Launch (HKLM-x32\...\{609B11CC-8CED-4116-AD8A-A72168894D39}) (Version: 3.0.4 - Hewlett-Packard Company) HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard) HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard) HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company) ICQ 8.1 (build 6337) (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\ICQ) (Version: 8.1.6337.0 - Mail.Ru) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation) Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) KOBIL CCID driver x64x86 (x32 Version: 1.013.02121 - KOBIL Systems) Hidden Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech) Mediencenter 3.9.1055.64 (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Mediencenter) (Version: 3.9.1055.64 - Deutsche Telekom AG) Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version: - Microsoft) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Mozilla Thunderbird 24.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla) Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich) Multi file port monitor (mfilemon) 1.5.1 (HKLM\...\{A932243F-381F-434C-B18E-4F09D2F015F8}_is1) (Version: 1.5.1 - Monti Lorenzo) OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation) Password Memory 4.1.2 (HKLM-x32\...\ca_keynote_is1) (Version: 4.1.2 - Code:Aero Technologies) PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) plentymarkets 216 (HKLM-x32\...\5841-3682-4824-5789) (Version: 216 - plentymarkets GmbH) Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.) Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - ) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Spotify) (Version: 1.0.5.178.g885b099b - Spotify AB) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.) StarMoney (x32 Version: 4.0.7.94 - StarFinanz) Hidden StarMoney (x32 Version: 5.0.0.226 - StarFinanz) Hidden StarMoney 10 (HKLM-x32\...\{F061A207-B07B-4E1D-8655-286BBBB3E2CC}) (Version: 10 - Star Finanz GmbH) StarMoney 9.0 (HKLM-x32\...\{E50EB864-0852-4249-A1B9-96CED146E52B}) (Version: 9.0 - Star Finanz GmbH) StarMoney Business 6.0 (HKLM-x32\...\{8BE45DD0-1BB0-4E3D-9940-9D92C5B52BAB}) (Version: 6.0 - Star Finanz GmbH) Start Menu X Version 5.02 (HKLM\...\{3E494002-985C-4908-B72C-5B4DD15BE090}_is1) (Version: 5.02 - OrdinarySoft) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.42650 - TeamViewer) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) Winamp (HKLM-x32\...\Winamp) (Version: 5.65 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) WISO Hausverwalter 2015 (HKLM-x32\...\{E821384E-D24C-4316-9D86-872F95ED92F0}) (Version: 9.00.8468 - Buhl Data Service GmbH) ZoneAlarm Antivirus (x32 Version: 12.0.121.000 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Firewall (x32 Version: 12.0.121.000 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 12.0.121.000 - Check Point) ZoneAlarm Security (x32 Version: 12.0.121.000 - Check Point Software Technologies Ltd.) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{268502F4-815D-4358-A8D6-B783FDB58EF0}\InprocServer32 -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.ContextMenuHandler.dll (Deutsche Telekom AG) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}\InprocServer32 -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}\InprocServer32 -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}\InprocServer32 -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Restore Points ========================= 18-05-2015 22:14:20 Installiert StarMoney ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {09A9D1BB-CC0A-45D0-B9A9-691712E9122D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {11512367-DAEA-4113-9F27-98A7BFA4A5AC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-05-16] (Safer-Networking Ltd.) Task: {17DEAEAD-5874-411D-B661-12F9FB3044D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard) Task: {2A196FE1-2322-4811-882B-905EAF8FB978} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-05-16] (Safer-Networking Ltd.) Task: {42FBFC55-ACCC-4121-AD29-71B8636EFE2A} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-08-19] (Hewlett-Packard Development Company, L.P.) Task: {898CD2B7-EF24-4ED8-A572-329FCF4AE92D} - System32\Tasks\{F6BBF5FB-2A3D-4BA1-853E-6C46DE6EFC5B} => pcalua.exe -a "C:\Program Files (x86)\MultiProxy\uninstall.exe" -d "C:\Program Files (x86)\MultiProxy" Task: {8DA74E5E-BF32-42FC-850C-5C8DFDD5E7CC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2013-05-16] (Safer-Networking Ltd.) Task: {9EE09341-E1F1-4B2D-A58E-9808BE8A8726} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink) Task: {9FACF286-E864-427A-A9F4-07E29BE178FA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {AB713B58-8184-413F-8BBF-7FFDFC895289} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard) Task: {AF9E4EA1-40E4-4098-9E62-E3C2BA309555} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-29] (Google Inc.) Task: {B65CC303-6A43-4666-AE7A-F6DD23051E52} - System32\Tasks\HPCeeScheduleFors => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard) Task: {B97EBAE3-14F0-462D-9768-EBB19F72BB80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-29] (Google Inc.) Task: {C56BD8AB-BF86-4FE9-9BBC-0DDE1420BDBA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {D43C1296-698F-4266-A542-E539473DB882} - \DSite No Task File <==== ATTENTION Task: {E8BFD69A-2607-4D93-8015-C28198CBF9F6} - System32\Tasks\Allway Sync_{4E6949520858136489535401CF6DD6A8} => C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe [2015-04-21] () Task: {F1624858-F5D9-439E-832B-0496983BEC90} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-07-20] (Intel) Task: C:\WINDOWS\Tasks\Allway Sync_{4E6949520858136489535401CF6DD6A8}.job => C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleFors.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Loaded Modules (Whitelisted) ============== 2014-04-30 18:22 - 2015-04-13 15:55 - 00182784 _____ () C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2013-10-04 00:42 - 2013-10-04 00:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-04-30 18:22 - 2015-04-21 00:37 - 00094920 _____ () C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf 2014-12-03 11:06 - 2014-12-03 11:06 - 03445656 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\PDFMaker\Common\X64\AdobePDFMakerX.dll 2014-12-03 20:07 - 2014-12-03 20:07 - 01446400 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\PDFMaker\AdobePDFMakerX.DEU 2010-12-21 04:30 - 2010-12-21 04:30 - 01549664 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll 2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-02-28 19:14 - 2013-02-28 19:14 - 00118784 _____ () C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\libFFIR.dll 2013-02-28 19:14 - 2013-02-28 19:14 - 00188416 _____ () C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\FFWB.dll 2013-02-28 19:14 - 2013-02-28 19:14 - 00135168 _____ () C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\libFTLPTPIP.dll 2013-08-26 15:02 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2013-08-26 15:02 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2013-08-26 15:02 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2013-08-26 15:02 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2013-08-26 15:02 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2015-02-27 21:27 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0\ouservice\PATCHW32.dll 2015-04-14 21:34 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney Business 6.0\ouservice\PATCHW32.dll 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2015-05-14 19:52 - 2015-05-05 06:06 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libglesv2.dll 2015-05-14 19:52 - 2015-05-05 06:06 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libegl.dll 2014-04-30 18:22 - 2015-04-13 15:55 - 08573952 _____ () C:\Program Files (x86)\Allway Sync\Bin\syncapp.dll 2015-05-18 21:44 - 2015-05-18 21:44 - 00043008 _____ () c:\users\s\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpv7tf4_.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\s\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\s\AppData\Roaming\Dropbox\bin\libEGL.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\s\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\s\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2014-12-03 20:07 - 2014-12-03 20:07 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu 2015-05-14 19:52 - 2015-05-05 06:06 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\PepperFlash\pepflashplayer.dll 2012-10-23 21:18 - 2013-06-13 23:27 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2015-05-18 22:35 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 10\ouservice\PATCHW32.dll 2015-05-19 00:51 - 2015-05-19 00:51 - 00019040 _____ () C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2native.dll 2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll 2013-05-11 12:37 - 2013-05-11 12:37 - 14588632 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\NPSWF32.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:0966080E AlternateDataStreams: C:\Users\s\SkyDrive:ms-properties ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2262038565-221129539-630273557-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\s\Pictures\photo-1415226620463-aedee27159c5.jpg HKU\S-1-5-21-2262038565-221129539-630273557-501\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.43.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "Twonky Server.lnk" HKLM\...\StartupApproved\StartupFolder: => "CDN Yabe Office.lnk" HKLM\...\StartupApproved\StartupFolder: => "E-POST MAILER.lnk" HKLM\...\StartupApproved\StartupFolder: => "FUJIFILM PC AutoSave auf Standby.lnk" HKLM\...\StartupApproved\Run: => "BCSSync" HKLM\...\StartupApproved\Run32: => "ZoneAlarm Installer" HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "PDFPrint" HKLM\...\StartupApproved\Run32: => "SDTray" HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher" HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager" HKLM\...\StartupApproved\Run32: => "DVCServ" HKLM\...\StartupApproved\Run32: => "DATEVSetup" HKLM\...\StartupApproved\Run32: => "SwitchBoard" HKLM\...\StartupApproved\Run32: => "DivXUpdate" HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\StartupApproved\Run: => "icq" HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\StartupApproved\Run: => "EntscheiderClub Premium" HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\StartupApproved\Run: => "9c5bf01b358884ef955dbaaa237340c7" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{E7394822-19FD-4263-8A5B-C56FC9586959}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [{9C1AA961-87D8-43C9-A409-B9075BA40BA0}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{62632452-45E0-4A04-90C7-731B2D587CB4}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{1FF59A7C-422C-4678-BFF6-DABFC2D8F96A}] => (Allow) C:\Users\s\AppData\Roaming\ICQM\icq.exe FirewallRules: [{D72A5104-3D6C-4A90-BD72-44C21639BD2C}] => (Allow) C:\Users\s\AppData\Roaming\ICQM\icq.exe FirewallRules: [{AD05BABA-6646-4C3A-986E-CC7BA770AD38}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exe FirewallRules: [{890D8DA8-AAD1-49CB-BCB0-2A21237F60D5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{B0CAB26B-7B5F-480E-8CA9-2285194FE692}] => (Allow) LPort=1900 FirewallRules: [{FCF99A43-9699-4020-8128-D1F18CF0D614}] => (Allow) LPort=2869 FirewallRules: [{5BEF5397-0FC8-49E3-9FC1-51B5F68A7DD0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [TCP Query User{23C78A46-DA51-4410-8FD7-B92D9CD0182F}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{20CADABF-5640-4640-AAD0-0FCB7C768A6D}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [{7919D2CD-2FBE-4047-AB76-C729ABC33759}] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [{E0CB3568-2010-42AF-9F86-0EFFCE56D4C9}] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [TCP Query User{F98A1208-C992-4820-BB99-EB19AA0AE8E1}C:\program files (x86)\ftprush\ftprush.exe] => (Allow) C:\program files (x86)\ftprush\ftprush.exe FirewallRules: [UDP Query User{797FCA2A-1C08-4917-849B-FDF7B93C63D8}C:\program files (x86)\ftprush\ftprush.exe] => (Allow) C:\program files (x86)\ftprush\ftprush.exe FirewallRules: [{A17DF673-784F-4FD7-9723-305EBE15D116}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe FirewallRules: [{C91441AD-8F11-47A0-BB59-AA7B1F65A330}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe FirewallRules: [{FFF639CC-4A34-4347-A8A8-41CD3587376F}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe FirewallRules: [{2E78FCC5-454A-40AE-AA7D-D8E42CE68DEE}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe FirewallRules: [{2CF1C950-CD39-4021-8BF7-579969943023}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{D824EF1C-3643-48B6-8124-CD6BACB04531}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{29B09A44-3E1B-4004-A26E-3B60B19074D5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [{862EEF92-8F16-4AA7-BE44-65ECECA6E968}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [TCP Query User{8E58FFEC-E106-4FC8-8ABB-CFD051248184}C:\program files (x86)\ftprush\ftprush.exe] => (Block) C:\program files (x86)\ftprush\ftprush.exe FirewallRules: [UDP Query User{4384D3B5-3319-4104-9995-38A628A32252}C:\program files (x86)\ftprush\ftprush.exe] => (Block) C:\program files (x86)\ftprush\ftprush.exe FirewallRules: [TCP Query User{B78A5B98-5FF3-459F-A408-9EF6FAE44ADB}C:\users\s\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\s\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{55ECA24A-5568-4287-BC3B-0AC17527631C}C:\users\s\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\s\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{AB5DD043-E289-4BD5-96D1-C6C36E485418}C:\users\s\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\s\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{F6A8BB49-2AF7-467A-94E4-C590CE0C0CE2}C:\users\s\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\s\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{56BC7622-B916-435E-A99E-B3F97DC2B7B2}C:\program files\plentymarkets\plentymarkets.exe] => (Allow) C:\program files\plentymarkets\plentymarkets.exe FirewallRules: [UDP Query User{AE302455-86AB-4369-BC73-705BE5491036}C:\program files\plentymarkets\plentymarkets.exe] => (Allow) C:\program files\plentymarkets\plentymarkets.exe FirewallRules: [{7FCF99BE-B64C-4253-9875-049FD6EE6AA9}] => (Allow) C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{77EE1C70-93F9-471C-AC16-B65023CD0F59}] => (Allow) C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [TCP Query User{EE98B557-949C-417A-930B-F7A073B7F3F7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{0C152529-6A25-4C14-B1B7-2CD6EF949FC2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{2948C0C7-1B75-4F31-A81B-E9A3248DEA61}C:\users\s\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\s\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{8EA478D7-4D10-4161-9219-926541B70169}C:\users\s\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\s\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{F14AC53E-5CEF-49FE-9CBB-0DF22A816B1D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{FDB4C01D-F4D9-4938-8095-2C74532A5B93}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{DC3DFE60-96C4-47C4-A493-981FF86CFA53}C:\program files\plentymarkets\plentymarkets.exe] => (Allow) C:\program files\plentymarkets\plentymarkets.exe FirewallRules: [UDP Query User{92A4DB3C-4104-4936-8AA3-F71440316A3E}C:\program files\plentymarkets\plentymarkets.exe] => (Allow) C:\program files\plentymarkets\plentymarkets.exe FirewallRules: [TCP Query User{C0129FFD-FFE5-422E-84E4-643D59C0C0F4}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{431F683D-E82A-4A6C-B687-E37281C041A0}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe FirewallRules: [{F0AD5292-DE10-4214-B6A5-447ED58AC720}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{379F69FE-3BC4-4C53-B85A-904B4114A44E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{792EDE5E-D31B-4320-9A52-CEE928322F1C}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe FirewallRules: [{6AC56DAE-8C18-4920-8EAC-1101786C3F3E}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe FirewallRules: [{33F25883-60DB-49D3-A745-F5F64C7C0560}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\app\StarMoney.exe FirewallRules: [{801CE9A9-9D86-4CD9-B237-E2CAD0A1F3D3}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\app\StarMoney.exe FirewallRules: [TCP Query User{6BB9E385-A916-4AE9-9ACB-E699B7747A9B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{037EDFE1-43DE-4272-B543-1C13CCC0D876}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{B63DAE1C-FE80-4F4B-A7AE-43644616C7AB}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PairingWizard.exe FirewallRules: [{4A7A5C9B-EED4-40B1-AD45-6960AA5648A1}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PairingWizard.exe FirewallRules: [{775848ED-0AC4-4EC6-93BA-1287B0787B13}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe FirewallRules: [{73F0DEAF-3EAC-44CD-B822-FD6026AEB483}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe FirewallRules: [{DFB9FE53-F7E1-4722-9045-7BE36A899B8A}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe FirewallRules: [{DA13A301-BC4D-4410-8E2E-C0A71DDA511E}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe FirewallRules: [{7EA59164-96B1-4AC8-B02B-9AE5D204C320}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\app\StarMoney.exe FirewallRules: [{44984E01-EA4E-4B26-A680-8F5CEC2E1BC9}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\app\StarMoney.exe FirewallRules: [{404D4D02-9942-438D-B5B3-73A380C233F4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe FirewallRules: [{78EBD91E-BE77-48D1-9C3D-69DEAE23945B}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe FirewallRules: [{695BCC07-367E-4D56-8799-C8042E5E9CC9}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe FirewallRules: [{D39A23BF-94FA-498F-A9C6-3E18E77E3519}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe FirewallRules: [{C6706BC1-2DF5-448D-BBE8-313A44848299}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe FirewallRules: [{31509B17-9DBE-4214-89B0-71BD92256E48}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{E5D41589-171C-4DB9-AB20-5C876F558093}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{00E4A3C8-9DCE-4AAB-A725-3E7D8AA2CBFE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{E549719D-2ADD-463E-AE7F-146D1FD3FD88}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{51781ACE-FC85-4D39-A795-41AF1A2764AB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7 StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7 StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3 ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (05/20/2015 01:16:59 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: Das Volume "\\?\Volume{57f9d638-36f8-48f8-a7aa-395529054261}\" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057) Error: (05/20/2015 01:16:59 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: Das Volume "WINRE" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057) Error: (05/19/2015 10:15:14 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_stisvc, Version: 6.3.9600.16384, Zeitstempel: 0x5215dfe3 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22 Ausnahmecode: 0xc0000008 Fehleroffset: 0x000000000009355a ID des fehlerhaften Prozesses: 0x9dc Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_stisvc0 Pfad der fehlerhaften Anwendung: svchost.exe_stisvc1 Pfad des fehlerhaften Moduls: svchost.exe_stisvc2 Berichtskennung: svchost.exe_stisvc3 Vollständiger Name des fehlerhaften Pakets: svchost.exe_stisvc4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_stisvc5 Error: (05/19/2015 01:24:58 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000052f0b ID des fehlerhaften Prozesses: 0xf78 Startzeit der fehlerhaften Anwendung: 0xvlc.exe0 Pfad der fehlerhaften Anwendung: vlc.exe1 Pfad des fehlerhaften Moduls: vlc.exe2 Berichtskennung: vlc.exe3 Vollständiger Name des fehlerhaften Pakets: vlc.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: vlc.exe5 Error: (05/19/2015 00:55:07 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 37.0.2.5583, Zeitstempel: 0x552ef76c Name des fehlerhaften Moduls: mozalloc.dll, Version: 37.0.2.5583, Zeitstempel: 0x552ee9ae Ausnahmecode: 0x80000003 Fehleroffset: 0x00001aa1 ID des fehlerhaften Prozesses: 0xc0 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5 Error: (05/19/2015 00:49:13 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: jre-8u45-windows-i586-iftw.exe, Version: 8.0.450.15, Zeitstempel: 0x5542981d Name des fehlerhaften Moduls: jre-8u45-windows-i586-iftw.exe, Version: 8.0.450.15, Zeitstempel: 0x5542981d Ausnahmecode: 0x40000015 Fehleroffset: 0x0005d386 ID des fehlerhaften Prozesses: 0xadc Startzeit der fehlerhaften Anwendung: 0xjre-8u45-windows-i586-iftw.exe0 Pfad der fehlerhaften Anwendung: jre-8u45-windows-i586-iftw.exe1 Pfad des fehlerhaften Moduls: jre-8u45-windows-i586-iftw.exe2 Berichtskennung: jre-8u45-windows-i586-iftw.exe3 Vollständiger Name des fehlerhaften Pakets: jre-8u45-windows-i586-iftw.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: jre-8u45-windows-i586-iftw.exe5 Error: (05/18/2015 09:43:35 PM) (Source: SideBySide) (EventID: 79) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1". Die Einstellung "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName" ist nicht registriert. Error: (05/18/2015 04:16:59 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.20856 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b430 Startzeit: 01d091749624d735 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: 8a03d776-fd68-11e4-bf16-8434978947f8 Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error: (05/18/2015 03:55:53 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.20856 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: bbd8 Startzeit: 01d091719fe3c72f Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: 9426f154-fd65-11e4-bf16-8434978947f8 Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error: (05/18/2015 10:48:32 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4 System errors: ============= Error: (05/20/2015 00:45:47 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 43. Der Windows-SChannel-Fehlerstatus lautet: 252. Error: (05/20/2015 10:47:24 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 43. Der Windows-SChannel-Fehlerstatus lautet: 252. Error: (05/20/2015 10:47:24 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 43. Der Windows-SChannel-Fehlerstatus lautet: 252. Error: (05/20/2015 10:41:16 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 43. Der Windows-SChannel-Fehlerstatus lautet: 252. Error: (05/20/2015 10:41:14 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 43. Der Windows-SChannel-Fehlerstatus lautet: 252. Error: (05/19/2015 10:47:05 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252. Error: (05/19/2015 10:47:05 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252. Error: (05/19/2015 10:47:05 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252. Error: (05/19/2015 10:47:05 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252. Error: (05/19/2015 10:48:59 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252. Microsoft Office Sessions: ========================= Error: (05/20/2015 01:16:59 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: \\?\Volume{57f9d638-36f8-48f8-a7aa-395529054261}\Falscher Parameter. (0x80070057) Error: (05/20/2015 01:16:59 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: WINREFalscher Parameter. (0x80070057) Error: (05/19/2015 10:15:14 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: svchost.exe_stisvc6.3.9600.163845215dfe3ntdll.dll6.3.9600.1727853eebd22c0000008000000000009355a9dc01d091a2ea8430a8C:\WINDOWS\system32\svchost.exeC:\WINDOWS\SYSTEM32\ntdll.dll2c6091a1-fdff-11e4-bf17-8434978947f8 Error: (05/19/2015 01:24:58 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: vlc.exe2.1.5.000000000ntdll.dll6.3.9600.1727853eebd22c00000050000000000052f0bf7801d091c19add12fbC:\Program Files\VideoLAN\VLC\vlc.exeC:\WINDOWS\SYSTEM32\ntdll.dll18ac1534-fdb5-11e4-bf17-8434978947f8 Error: (05/19/2015 00:55:07 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe37.0.2.5583552ef76cmozalloc.dll37.0.2.5583552ee9ae8000000300001aa1c001d091bd2af897d8C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlled66422c-fdb0-11e4-bf17-8434978947f8 Error: (05/19/2015 00:49:13 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: jre-8u45-windows-i586-iftw.exe8.0.450.155542981djre-8u45-windows-i586-iftw.exe8.0.450.155542981d400000150005d386adc01d091bb8fc133fdC:\Users\s\Desktop\Downloads\jre-8u45-windows-i586-iftw.exeC:\Users\s\Desktop\Downloads\jre-8u45-windows-i586-iftw.exe1a0576c9-fdb0-11e4-bf17-8434978947f8 Error: (05/18/2015 09:43:35 PM) (Source: SideBySide) (EventID: 79) (User: ) Description: hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNameC:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe Error: (05/18/2015 04:16:59 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: LiveComm.exe17.5.9600.20856b43001d091749624d7354294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe8a03d776-fd68-11e4-bf16-8434978947f8microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (05/18/2015 03:55:53 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: LiveComm.exe17.5.9600.20856bbd801d091719fe3c72f4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe9426f154-fd65-11e4-bf16-8434978947f8microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (05/18/2015 10:48:32 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4 CodeIntegrity Errors: =================================== Date: 2013-11-30 15:06:55.497 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-30 14:42:41.927 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-30 14:39:40.327 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-30 13:40:28.974 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-30 13:39:09.041 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-30 13:10:21.879 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll that did not meet the Microsoft signing level requirements. Date: 2013-11-30 13:10:21.754 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll that did not meet the Microsoft signing level requirements. Date: 2013-11-30 13:10:18.442 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll that did not meet the Microsoft signing level requirements. Date: 2013-11-30 13:10:09.332 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll that did not meet the Microsoft signing level requirements. Date: 2013-11-30 13:10:09.035 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz Percentage of memory in use: 74% Total physical RAM: 6036.28 MB Available physical RAM: 1512.66 MB Total Pagefile: 11668.28 MB Available Pagefile: 5388.29 MB Total Virtual: 131072 MB Available Virtual: 131071.8 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:448.38 GB) (Free:87.61 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:16.27 GB) (Free:2.05 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive i: () (Removable) (Total:29.47 GB) (Free:29.47 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 466E2C46) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 6 GB) (Disk ID: C73F6553) Partition: GPT Partition Type. ======================================================== Disk: 2 (Size: 29.5 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ |
22.05.2015, 19:59 | #4 |
/// the machine /// TB-Ausbilder | 500 Mails täglich von Outlook nach DHL Trojaner Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
25.05.2015, 11:24 | #5 |
| 500 Mails täglich von Outlook nach DHL Trojaner Hallo Schrauber, vielen Dank für deine Hilfe. Nachfolgend die gewünschten Log Dateien Malwarebytes Anti-Malware Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 24.05.2015 Suchlauf-Zeit: 12:35:36 Logdatei: mwam.txt Administrator: Ja Version: 0.00.0.0000 Malware Datenbank: v2015.05.24.01 Rootkit Datenbank: v2015.05.16.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: s Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 460741 Verstrichene Zeit: 17 Std, 50 Min, 56 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) AdwCleaner Code:
ATTFilter # AdwCleaner v4.205 - Bericht erstellt 25/05/2015 um 11:46:25 # Aktualisiert 21/05/2015 von Xplode # Datenbank : 2015-05-24.1 [Server] # Betriebssystem : Windows 8.1 (x64) # Benutzername : s - SR_HP_ULTRABOOK # Gestarted von : C:\Users\s\Desktop\AdwCleaner_4.205.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Users\s\AppData\Local\Temp\OCS Ordner Gelöscht : C:\Users\s\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar Ordner Gelöscht : C:\Users\s\AppData\Roaming\dvdvideosoftiehelpers Datei Gelöscht : C:\Users\s\AppData\Roaming\LiveSupport.exe_log.txt Datei Gelöscht : C:\Users\s\AppData\Roaming\regsvr32.exe_log.txt Datei Gelöscht : C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\foxydeal.sqlite Datei Gelöscht : C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_primeshare.tv_0.localstorage Datei Gelöscht : C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_primeshare.tv_0.localstorage-journal ***** [ Geplante Tasks ] ***** Task Gelöscht : DSite ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}] Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\OCS ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Mozilla Firefox v38.0.1 (x86 de) -\\ Google Chrome v43.0.2357.65 ************************* AdwCleaner[R0].txt - [6114 Bytes] - [26/08/2013 15:44:01] AdwCleaner[R1].txt - [1058 Bytes] - [26/08/2013 15:47:19] AdwCleaner[R2].txt - [1119 Bytes] - [26/08/2013 15:48:12] AdwCleaner[R3].txt - [1239 Bytes] - [26/08/2013 15:50:32] AdwCleaner[R4].txt - [18632 Bytes] - [26/11/2013 22:34:44] AdwCleaner[R5].txt - [1513 Bytes] - [27/11/2013 14:42:49] AdwCleaner[R6].txt - [4354 Bytes] - [24/05/2015 12:09:35] AdwCleaner[R7].txt - [3860 Bytes] - [25/05/2015 11:42:10] AdwCleaner[S0].txt - [4511 Bytes] - [26/08/2013 15:45:15] AdwCleaner[S1].txt - [1189 Bytes] - [26/08/2013 15:49:04] AdwCleaner[S2].txt - [1309 Bytes] - [26/08/2013 15:51:07] AdwCleaner[S3].txt - [18190 Bytes] - [26/11/2013 23:05:17] AdwCleaner[S4].txt - [3722 Bytes] - [25/05/2015 11:46:25] ########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [3781 Bytes] ########## Junkware Removal Tool Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.7.9 (05.24.2015:1) OS: Windows 8.1 x64 Ran by s on 25.05.2015 at 11:51:17,35 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2262038565-221129539-630273557-1001 Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2262038565-221129539-630273557-500 Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2567798722-2426003216-117595747-500 Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-4175652003-2738746085-1523831210-500 ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_25B1D1BADDAEDB1571E4D008134EB6A3 ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\s\appdata\local\{26D783D1-CA72-40B1-9141-AE4B71B7488B} Successfully deleted: [Empty Folder] C:\Users\s\appdata\local\{766AA640-9A5E-4402-AAF4-86E11DD98D3F} Successfully deleted: [Empty Folder] C:\Users\s\appdata\local\{9BFB4E64-E654-4773-9281-3EC69D20F8AA} Successfully deleted: [Empty Folder] C:\Users\s\appdata\local\{A6310268-8B72-4B2D-A45A-ED7B50724B51} ~~~ FireFox Emptied folder: C:\Users\s\AppData\Roaming\mozilla\firefox\profiles\ql894xzp.default\minidumps [18 files] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 25.05.2015 at 12:00:17,41 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01 Ran by s (administrator) on SR_HP_ULTRABOOK on 25-05-2015 12:10:00 Running from C:\Users\s\Desktop Loaded Profiles: s (Available Profiles: s & Gast) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (FUJIFILM Corporation.) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (hxxp://www.wftpserver.com) C:\Program Files (x86)\FTPRush\ftprush.exe (Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-09] (IDT, Inc.) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-06-13] (Synaptics Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-31] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [74160 2014-01-29] (Check Point Software Technologies LTD) HKLM-x32\...\Run: [DATEVSetup] => C:\Users\s\AppData\Local\Temp\OYa04020\TLP\DATEVsetup.exe <===== ATTENTION HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] () HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH) HKLM-x32\...\Run: [DVCServ] => C:\Program Files (x86)\DATEV-SiPa-compact\DVCSERV HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SMB60StarMoneyRunEntry] => C:\Program Files (x86)\StarMoney Business 6.0\app\oflagent.exe [51856 2015-05-20] (Star Finanz-Software Entwicklung und Vertriebs GmbH) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [icq] => C:\Users\s\AppData\Roaming\ICQM\icq.exe [28698984 2013-08-31] (ICQ) HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [StartMenuX] => C:\Program Files\Start Menu X\StartMenuX.exe [7673664 2013-11-20] (OrdinarySoft) HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [Allway Sync] => C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe [94920 2015-04-21] () HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [Spotify Web Helper] => C:\Users\s\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-14] (Spotify Ltd) HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [EntscheiderClub Premium] => C:\Users\s\AppData\Local\EntscheiderClub Premium\EntscheiderClub Premium.exe [1121264 2015-01-29] (Wakoopa) HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [9c5bf01b358884ef955dbaaa237340c7] => "C:\Users\s\AppData\Local\9c5bf01b358884ef955dbaaa237340c7.exe" HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\MountPoints2: {edae7ff0-618c-11e3-beb2-8434978947f8} - "E:\AutoRun.exe" HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\E-POST MAILER.lnk [2015-03-03] ShortcutTarget: E-POST MAILER.lnk -> C:\Program Files (x86)\Deutsche Post AG\E-POST MAILER\EpostMailer.exe (Deutsche Post AG) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FUJIFILM PC AutoSave auf Standby.lnk [2015-04-05] ShortcutTarget: FUJIFILM PC AutoSave auf Standby.lnk -> C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\Manager.exe (FUJIFILM Corporation.) Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-09-30] ShortcutTarget: Dropbox.lnk -> C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk [2015-01-20] ShortcutTarget: Mediencenter.lnk -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [01Mediencenter_InSync] -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2014-06-12] (Deutsche Telekom AG) ShellIconOverlayIdentifiers: [02Mediencenter_ToSync] -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2014-06-12] (Deutsche Telekom AG) ShellIconOverlayIdentifiers: [03Mediencenter_Failed] -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2014-06-12] (Deutsche Telekom AG) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKU\S-1-5-21-2262038565-221129539-630273557-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.goodsyouneed.de/ SearchScopes: HKLM -> {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 -> {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2262038565-221129539-630273557-1001 -> {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-2262038565-221129539-630273557-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) BHO: SCardBHOEvent Class -> {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} -> C:\Program Files (x86)\DATEV-SiPa-compact\DVCCSASCardBHO64002.dll [2014-05-12] (DATEV eG) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO: EntscheiderClub Premium -> {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} -> C:\Users\s\AppData\Local\Wakoopa Shared\WakoopaBHO-x64.dll [2015-01-29] (Wakoopa) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-19] (Oracle Corporation) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-12-17] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) BHO-x32: SCardBHOEvent Class -> {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} -> C:\Program Files (x86)\DATEV-SiPa-compact\DVCCSASCardBHO002.dll [2014-05-12] (DATEV eG) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-19] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated) BHO-x32: EntscheiderClub Premium -> {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} -> C:\Users\s\AppData\Local\Wakoopa Shared\WakoopaBHO.dll [2015-01-29] (Wakoopa) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-2262038565-221129539-630273557-1001 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default FF Homepage: hxxp://t3n.de/|hxxp://www.logistik-watchblog.de/ FF NetworkProxy: "MM3ProxySwitch.type", 1 FF NetworkProxy: "ftp", "127.0.0.1" FF NetworkProxy: "ftp_port", 8080 FF NetworkProxy: "http", "127.0.0.1" FF NetworkProxy: "http_port", 8080 FF NetworkProxy: "no_proxies_on", "" FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-18] () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-18] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-06-13] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-06-13] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-19] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-19] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-07-24] (Nullsoft, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Extension: Avira Browser Safety - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\abs@avira.com [2015-04-27] FF Extension: YouTube Unblocker - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\youtubeunblocker@unblocker.yt [2014-11-05] FF Extension: Hide My Ass Proxy Extension - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\extension@hidemyass.com.xpi [2013-06-29] FF Extension: Soundcloud SUPER +2: Downloader and Recommender - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi [2013-08-23] FF Extension: SoundCloud Downloader - Technowise - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2013-08-23] FF Extension: Adblock Plus - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-19] FF Extension: {f5110906-1b93-4640-a7fe-12251b0b7b10} - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{f5110906-1b93-4640-a7fe-12251b0b7b10}.xpi [2014-12-08] FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com [2013-09-01] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-09-02] Chrome: ======= CHR Profile: C:\Users\s\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-29] CHR Extension: (Google Drive) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-29] CHR Extension: (EntscheiderClub Premium) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbojioefbafdanbjbdhhmoblcbikeia [2015-03-29] CHR Extension: (YouTube) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-29] CHR Extension: (Google Cast) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-05-30] CHR Extension: (Adblock Plus) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-30] CHR Extension: (Google Search) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-29] CHR Extension: (Bookmark Manager) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-23] CHR Extension: (Google Wallet) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-29] CHR Extension: (Gmail) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-29] CHR Profile: C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Slides) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06] CHR Extension: (Google Docs) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06] CHR Extension: (Google Drive) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-06] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-06] CHR Extension: (YouTube) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-06] CHR Extension: (Google Search) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-06] CHR Extension: (Google Sheets) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06] CHR Extension: (Skype Click to Call) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-06] CHR Extension: (DVDVideoSoft) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2015-02-06] CHR Extension: (Google Wallet) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-06] CHR Extension: (Gmail) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-06] CHR Profile: C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2 CHR Extension: (Google Slides) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06] CHR Extension: (Google Docs) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06] CHR Extension: (Google Drive) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-06] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-06] CHR Extension: (YouTube) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-06] CHR Extension: (Google Search) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-06] CHR Extension: (Google Sheets) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06] CHR Extension: (Avira Browser Safety) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-06] CHR Extension: (Skype Click to Call) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-06] CHR Extension: (DVDVideoSoft) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2015-02-06] CHR Extension: (Google Wallet) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-06] CHR Extension: (Gmail) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-06] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG) S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [109568 2013-09-30] (Microsoft Corporation) [] S2 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182784 2015-04-13] () [] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 FFPCAutoSave; C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe [94208 2013-02-28] (FUJIFILM Corporation.) [] R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [] R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-06-13] (Intel Corporation) S2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation) S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-06-13] (Intel Corporation) S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.) S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.) S2 StarMoney 10 OnlineUpdate; C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe [688272 2015-04-15] (Star Finanz-Software Entwicklung und Vertriebs GmbH) S2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH) S2 StarMoney Business 6.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5491984 2015-05-13] (TeamViewer GmbH) R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2014-01-29] (Check Point Software Technologies LTD) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-30] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-06-24] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-12] (Avira Operations GmbH & Co. KG) S1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [46792 2013-09-17] (AnchorFree Inc.) R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-21] (Intel Corporation) R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-07-17] (Kaspersky Lab ZAO) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2013-02-21] (Kaspersky Lab) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-10-08] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [489056 2013-10-08] (Kaspersky Lab ZAO) R3 KOBCCID; C:\Windows\system32\drivers\KOBCCID.sys [116864 2014-03-18] (KOBIL Systems GmbH) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-25] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-13] (Synaptics Incorporated) R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-08-13] (Anchorfree Inc.) R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [454168 2013-10-23] (Check Point Software Technologies LTD) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) U0 dmboot; No ImagePath S3 ewusbnet; \SystemRoot\system32\DRIVERS\ewusbnet.sys [X] S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X] S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X] S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-25 12:10 - 2015-05-25 12:11 - 00036503 _____ () C:\Users\s\Desktop\FRST.txt 2015-05-25 12:09 - 2015-05-25 12:09 - 00000000 ____D () C:\Users\s\Desktop\FRST-OlderVersion 2015-05-25 12:00 - 2015-05-25 12:00 - 00001820 _____ () C:\Users\s\Desktop\JRT.txt 2015-05-25 11:53 - 2015-05-25 11:53 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2262038565-221129539-630273557-1001 2015-05-25 11:51 - 2015-05-25 11:51 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-SR_HP_ULTRABOOK-Windows-8.1-(64-bit).dat 2015-05-25 11:51 - 2015-05-25 11:51 - 00000000 ____D () C:\RegBackup 2015-05-25 11:50 - 2015-05-24 19:35 - 02945770 _____ (Thisisu) C:\Users\s\Desktop\JRT_NEW.exe 2015-05-24 12:38 - 2015-05-24 12:38 - 00001200 _____ () C:\Users\s\Desktop\mwam.txt 2015-05-24 12:37 - 2015-05-24 12:37 - 00000054 _____ () C:\Users\s\Desktop\boxen.txt 2015-05-23 17:57 - 2015-05-25 11:48 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-05-23 17:56 - 2015-05-23 17:56 - 02222592 _____ () C:\Users\s\Desktop\AdwCleaner_4.205.exe 2015-05-23 17:55 - 2015-05-23 17:55 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-05-23 17:55 - 2015-05-23 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-05-23 17:55 - 2015-05-23 17:55 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-05-23 17:55 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-05-23 17:55 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-05-23 17:55 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-05-23 17:50 - 2015-05-23 17:51 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\s\Desktop\mbam-setup-2.1.6.1022.exe 2015-05-20 22:18 - 2015-05-25 12:10 - 00000000 ____D () C:\FRST 2015-05-20 22:17 - 2015-05-25 12:09 - 02108416 _____ (Farbar) C:\Users\s\Desktop\FRST64.exe 2015-05-19 13:59 - 2015-05-19 13:59 - 00001255 _____ () C:\WINDOWS\system32\TeamViewer10_Hooks.log 2015-05-19 00:52 - 2015-05-19 00:51 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2015-05-19 00:51 - 2015-05-19 00:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-05-18 22:37 - 2015-05-18 22:37 - 00000000 ____D () C:\ProgramData\StarMoney 10 2015-05-18 22:37 - 2015-05-18 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 10 2015-05-18 22:30 - 2015-05-25 11:38 - 00000000 ____D () C:\Program Files (x86)\StarMoney 10 2015-05-18 09:55 - 2015-05-18 10:37 - 00000000 ____D () C:\KVRT_Data 2015-05-14 16:14 - 2015-05-14 16:14 - 00000123 _____ () C:\Users\s\Desktop\Collmex.url 2015-05-02 03:04 - 2015-05-02 03:04 - 00000000 ____D () C:\Users\s\Documents\Hausverwalter 2015-05-02 03:04 - 2015-05-02 03:04 - 00000000 ____D () C:\Users\s\AppData\Roaming\Buhl Data Service 2015-05-02 03:04 - 2015-05-02 03:04 - 00000000 ____D () C:\Users\s\AppData\Local\Buhl Data Service 2015-05-02 03:03 - 2015-05-04 12:14 - 00000647 _____ () C:\WINDOWS\wiso.ini 2015-05-02 03:03 - 2015-05-02 03:03 - 00002131 _____ () C:\Users\Public\Desktop\WISO Hausverwalter 2015.lnk 2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\Users\s\AppData\Roaming\Buhl 2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\Users\s\AppData\Local\Buhl 2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Hausverwalter 2015 2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\Program Files (x86)\Buhl 2015-05-02 03:02 - 2015-05-02 03:03 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH 2015-04-28 23:55 - 2015-04-28 23:55 - 00001733 _____ () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Copy of plentymarkets.lnk 2015-04-28 23:49 - 2015-04-28 23:49 - 07810528 _____ (plentymarkets GmbH) C:\Users\s\plentymarkets_updater_windows_216.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-25 12:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-05-25 11:53 - 2015-03-03 08:57 - 00000106 _____ () C:\WINDOWS\system32\mfilemon.log 2015-05-25 11:53 - 2013-06-22 18:48 - 00000000 ____D () C:\Users\s\AppData\Roaming\FTPRush 2015-05-25 11:51 - 2014-04-29 13:07 - 00001150 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-25 11:49 - 2015-01-20 02:14 - 00000000 ___RD () C:\Users\s\Mediencenter 2015-05-25 11:49 - 2014-05-27 17:55 - 00000000 ___RD () C:\Users\s\Dropbox 2015-05-25 11:49 - 2014-05-27 17:53 - 00000000 ____D () C:\Users\s\AppData\Roaming\Dropbox 2015-05-25 11:49 - 2013-11-30 16:56 - 01580319 _____ () C:\WINDOWS\WindowsUpdate.log 2015-05-25 11:48 - 2014-04-29 13:07 - 00001146 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-25 11:48 - 2013-11-30 17:11 - 00000000 ___DO () C:\Users\s\SkyDrive 2015-05-25 11:47 - 2013-09-29 21:04 - 00378580 _____ () C:\WINDOWS\PFRO.log 2015-05-25 11:47 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-05-25 11:47 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-05-25 11:47 - 2013-05-14 23:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-05-25 11:46 - 2013-08-26 15:43 - 00000000 ____D () C:\AdwCleaner 2015-05-25 11:46 - 2013-05-11 16:48 - 00000000 ____D () C:\Users\s\AppData\Roaming\CheckPoint 2015-05-25 11:42 - 2013-05-14 23:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-05-25 11:38 - 2015-04-14 21:31 - 00000000 ____D () C:\Program Files (x86)\StarMoney Business 6.0 2015-05-25 11:38 - 2015-02-27 21:25 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0 2015-05-24 12:42 - 2013-08-22 16:44 - 05142448 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-05-24 12:41 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2015-05-24 12:40 - 2013-05-14 23:57 - 00000000 ____D () C:\Users\s\Documents\Outlook-Dateien 2015-05-24 12:35 - 2014-06-10 15:20 - 00000000 ____D () C:\Users\s\AppData\Roaming\Spotify 2015-05-23 18:28 - 2015-02-11 19:16 - 00000000 ____D () C:\Users\s\AppData\Local\Windows Live 2015-05-23 18:23 - 2013-08-07 14:13 - 00000000 ____D () C:\Users\s\AppData\Roaming\vlc 2015-05-23 17:55 - 2013-11-26 22:39 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-05-23 15:17 - 2013-09-30 06:14 - 01980934 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-05-23 15:17 - 2013-09-30 05:56 - 00842568 _____ () C:\WINDOWS\system32\perfh007.dat 2015-05-23 15:17 - 2013-09-30 05:56 - 00191764 _____ () C:\WINDOWS\system32\perfc007.dat 2015-05-23 12:05 - 2014-06-10 15:21 - 00000000 ____D () C:\Users\s\AppData\Local\Spotify 2015-05-22 14:00 - 2014-08-28 21:12 - 00000408 _____ () C:\WINDOWS\Tasks\Allway Sync_{4E6949520858136489535401CF6DD6A8}.job 2015-05-22 01:43 - 2014-01-02 20:14 - 00003154 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleFors 2015-05-22 01:43 - 2014-01-02 20:14 - 00000348 _____ () C:\WINDOWS\Tasks\HPCeeScheduleFors.job 2015-05-20 21:58 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-05-19 14:00 - 2013-11-22 17:08 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2015-05-19 13:59 - 2015-04-21 20:19 - 00000985 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-05-19 00:52 - 2013-10-21 18:27 - 00000000 ____D () C:\ProgramData\Oracle 2015-05-19 00:51 - 2013-10-21 18:27 - 00000000 ____D () C:\Program Files (x86)\Java 2015-05-18 22:34 - 2013-08-22 15:25 - 00017486 _____ () C:\WINDOWS\system32\Drivers\etc\services 2015-05-18 22:15 - 2012-08-24 18:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-05-18 22:00 - 2014-09-02 12:01 - 00000000 ____D () C:\Users\s\AppData\Local\Adobe 2015-05-18 21:46 - 2012-08-24 18:00 - 00000000 ____D () C:\ProgramData\Temp 2015-05-18 00:39 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-05-17 15:31 - 2013-08-22 16:46 - 00336769 _____ () C:\WINDOWS\setupact.log 2015-05-17 13:16 - 2013-05-12 21:28 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log 2015-05-17 06:45 - 2014-04-29 13:07 - 00004122 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-17 06:45 - 2014-04-29 13:07 - 00003886 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-05 13:15 - 2015-03-05 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-05-05 13:12 - 2014-07-07 17:21 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2015-05-05 13:12 - 2014-07-07 17:21 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2015-05-04 12:29 - 2014-12-17 14:50 - 00000000 ____D () C:\WINDOWS\uninstall 2015-05-04 12:29 - 2014-12-17 14:50 - 00000000 ____D () C:\Program Files (x86)\CDN YabeOffice Daten 2015-05-04 12:29 - 2014-12-17 14:50 - 00000000 ____D () C:\Program Files (x86)\CDN YabeOffice 2015-05-04 12:18 - 2014-04-30 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Allway Sync 2015-05-04 12:18 - 2014-04-30 18:22 - 00000000 ____D () C:\Program Files (x86)\Allway Sync 2015-04-28 23:55 - 2014-09-21 17:41 - 00001784 _____ () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\plentymarkets.lnk 2015-04-28 23:55 - 2014-03-03 14:32 - 00000000 ____D () C:\Program Files\plentymarkets 2015-04-28 23:49 - 2013-11-30 16:48 - 00000000 ____D () C:\Users\s ==================== Files in the root of some directories ======= 2013-05-10 12:25 - 2013-06-08 12:51 - 0013930 _____ () C:\Users\s\AppData\Roaming\AbsoluteReminder.xml 2014-03-18 16:19 - 2014-03-18 16:20 - 0000834 _____ () C:\Users\s\AppData\Local\belegtransfer_setup.log 2014-09-02 20:25 - 2014-09-02 20:25 - 0002273 _____ () C:\Users\s\AppData\Local\recently-used.xbel 2014-03-18 12:27 - 2015-01-14 11:46 - 0718262 _____ () C:\Users\s\AppData\Local\tempvcredist_x64.log 2014-02-09 18:25 - 2014-02-09 18:25 - 0000011 _____ () C:\ProgramData\.tv7 Files to move or delete: ==================== C:\Users\s\plentymarkets_updater_windows_207.exe C:\Users\s\plentymarkets_updater_windows_208.exe C:\Users\s\plentymarkets_updater_windows_209.exe C:\Users\s\plentymarkets_updater_windows_210.exe C:\Users\s\plentymarkets_updater_windows_213.exe C:\Users\s\plentymarkets_updater_windows_214.exe C:\Users\s\plentymarkets_updater_windows_215.exe C:\Users\s\plentymarkets_updater_windows_216.exe C:\Users\s\plentymarkets_windows_212.exe Some files in TEMP: ==================== C:\Users\Gast\AppData\Local\Temp\avgnt.exe C:\Users\s\AppData\Local\Temp\avgnt.exe C:\Users\s\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvybihd.dll C:\Users\s\AppData\Local\Temp\FreeStudio.exe C:\Users\s\AppData\Local\Temp\i4jdel0.exe C:\Users\s\AppData\Local\Temp\jre-8u31-windows-au.exe C:\Users\s\AppData\Local\Temp\proxy_vole5753558156256649135.dll C:\Users\s\AppData\Local\Temp\Quarantine.exe C:\Users\s\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-24 12:53 ==================== End of log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01 Ran by s at 2015-05-25 12:12:39 Running from C:\Users\s\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2262038565-221129539-630273557-500 - Administrator - Disabled) fbwuser (S-1-5-21-2262038565-221129539-630273557-1005 - Limited - Disabled) Gast (S-1-5-21-2262038565-221129539-630273557-501 - Limited - Enabled) => C:\Users\Gast HomeGroupUser$ (S-1-5-21-2262038565-221129539-630273557-1003 - Limited - Enabled) s (S-1-5-21-2262038565-221129539-630273557-1001 - Administrator - Enabled) => C:\Users\s ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: ZoneAlarm Antivirus (Enabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D} FW: ZoneAlarm Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.13 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.) Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.) Allway Sync version 15.1.9 (HKLM-x32\...\Allway Sync_is1) (Version: - Botkind Inc) Ant Renamer (HKLM-x32\...\Ant Renamer 2_is1) (Version: 2.10.0 - Ant Software) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG) CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DATEV Belegtransfer V.3.22 (HKLM-x32\...\{EC561A24-754E-44F1-B76F-2FDA3DF9E912}) (Version: 2.03 - DATEV eG) DATEV Installation V.2.74 (HKLM-x32\...\DATEVB00000482.0) (Version: - ) DATEV Sicherheitspaket - compact (HKLM-x32\...\{13D2D749-7F84-4A63-A09E-3DFDBA4E03EF}) (Version: 2.40.0001 - DATEV eG) DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC) Dropbox (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.) DVS Video Downloader Addon for Mozilla Firefox version 4.3.4.15 (HKLM-x32\...\DVS Video Downloader Addon for Mozilla Firefox_is1) (Version: 4.3.4.15 - DVDVideoSoft Ltd.) Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard) EntscheiderClub Premium (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\EntscheiderClub Premium) (Version: - Wakoopa B.V.) E-POST MAILER (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\{6e991dbc-fbeb-434e-b0c0-20f336054450}) (Version: 2.0.1.1972 - Deutsche Post AG) E-POST MAILER (x32 Version: 2.0.1.1925 - Deutsche Post AG) Hidden E-POST MAILER Drucker (Version: 2.0.1.1925 - Deutsche Post AG) Hidden E-POST MAILER Start (x32 Version: 1.0.0.0 - Deutsche Post AG) Hidden etope Lister 2 (HKLM-x32\...\etope Lister_is1) (Version: - Freshworx GmbH & Co.KG) Evernote v. 5.8.1 (HKLM-x32\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.) Free Studio version 6.4.2.113 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.2.113 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.17.1125 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.17.1125 - DVDVideoSoft Ltd.) FTPRush 2.1.8 (HKLM-x32\...\FTP Rush_is1) (Version: 2.1.8 - wftpserver.com) FUJIFILM PC AutoSave (HKLM-x32\...\{872F1306-0DB6-45EC-832E-2F5D3A56CF99}) (Version: 1.0.0 - FUJIFILM) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP 3D DriveGuard (HKLM\...\{AB5BCC55-18E2-46C7-9405-FF61CB888F05}) (Version: 4.2.9.1 - Hewlett-Packard Company) HP CoolSense (HKLM-x32\...\{0D3A6808-82B8-4BB1-BE5A-AED75B3F6C02}) (Version: 2.20.11 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{D044EBE7-94E7-4C49-90FC-9069E3F374E1}) (Version: 1.1.0.0 - Hewlett-Packard) HP Quick Launch (HKLM-x32\...\{609B11CC-8CED-4116-AD8A-A72168894D39}) (Version: 3.0.4 - Hewlett-Packard Company) HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard) HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard) HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company) ICQ 8.1 (build 6337) (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\ICQ) (Version: 8.1.6337.0 - Mail.Ru) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation) Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) KOBIL CCID driver x64x86 (x32 Version: 1.013.02121 - KOBIL Systems) Hidden Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech) Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Mediencenter 3.9.1055.64 (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Mediencenter) (Version: 3.9.1055.64 - Deutsche Telekom AG) Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version: - Microsoft) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Mozilla Thunderbird 24.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla) Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich) Multi file port monitor (mfilemon) 1.5.1 (HKLM\...\{A932243F-381F-434C-B18E-4F09D2F015F8}_is1) (Version: 1.5.1 - Monti Lorenzo) OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation) Password Memory 4.1.2 (HKLM-x32\...\ca_keynote_is1) (Version: 4.1.2 - Code:Aero Technologies) PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) plentymarkets 216 (HKLM-x32\...\5841-3682-4824-5789) (Version: 216 - plentymarkets GmbH) Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.) Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - ) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Spotify) (Version: 1.0.5.178.g885b099b - Spotify AB) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.) StarMoney (x32 Version: 4.0.7.94 - StarFinanz) Hidden StarMoney (x32 Version: 5.0.0.226 - StarFinanz) Hidden StarMoney 10 (HKLM-x32\...\{F061A207-B07B-4E1D-8655-286BBBB3E2CC}) (Version: 10 - Star Finanz GmbH) StarMoney 9.0 (HKLM-x32\...\{E50EB864-0852-4249-A1B9-96CED146E52B}) (Version: 9.0 - Star Finanz GmbH) StarMoney Business 6.0 (HKLM-x32\...\{8BE45DD0-1BB0-4E3D-9940-9D92C5B52BAB}) (Version: 6.0 - Star Finanz GmbH) Start Menu X Version 5.02 (HKLM\...\{3E494002-985C-4908-B72C-5B4DD15BE090}_is1) (Version: 5.02 - OrdinarySoft) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.42650 - TeamViewer) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) Winamp (HKLM-x32\...\Winamp) (Version: 5.65 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) WISO Hausverwalter 2015 (HKLM-x32\...\{E821384E-D24C-4316-9D86-872F95ED92F0}) (Version: 9.00.8468 - Buhl Data Service GmbH) ZoneAlarm Antivirus (x32 Version: 12.0.121.000 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Firewall (x32 Version: 12.0.121.000 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 12.0.121.000 - Check Point) ZoneAlarm Security (x32 Version: 12.0.121.000 - Check Point Software Technologies Ltd.) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{268502F4-815D-4358-A8D6-B783FDB58EF0}\InprocServer32 -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.ContextMenuHandler.dll (Deutsche Telekom AG) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}\InprocServer32 -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}\InprocServer32 -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}\InprocServer32 -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Restore Points ========================= 18-05-2015 22:14:20 Installiert StarMoney ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {09A9D1BB-CC0A-45D0-B9A9-691712E9122D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {11512367-DAEA-4113-9F27-98A7BFA4A5AC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-05-16] (Safer-Networking Ltd.) Task: {17DEAEAD-5874-411D-B661-12F9FB3044D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard) Task: {2A196FE1-2322-4811-882B-905EAF8FB978} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-05-16] (Safer-Networking Ltd.) Task: {42FBFC55-ACCC-4121-AD29-71B8636EFE2A} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-08-19] (Hewlett-Packard Development Company, L.P.) Task: {8157EF01-0930-4747-A3E2-054BB4278C09} - \Optimize Start Menu Cache Files-S-1-5-21-2262038565-221129539-630273557-500 No Task File <==== ATTENTION Task: {898CD2B7-EF24-4ED8-A572-329FCF4AE92D} - System32\Tasks\{F6BBF5FB-2A3D-4BA1-853E-6C46DE6EFC5B} => pcalua.exe -a "C:\Program Files (x86)\MultiProxy\uninstall.exe" -d "C:\Program Files (x86)\MultiProxy" Task: {8DA74E5E-BF32-42FC-850C-5C8DFDD5E7CC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2013-05-16] (Safer-Networking Ltd.) Task: {9EE09341-E1F1-4B2D-A58E-9808BE8A8726} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink) Task: {9FACF286-E864-427A-A9F4-07E29BE178FA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {AB713B58-8184-413F-8BBF-7FFDFC895289} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard) Task: {AF9E4EA1-40E4-4098-9E62-E3C2BA309555} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-29] (Google Inc.) Task: {B65CC303-6A43-4666-AE7A-F6DD23051E52} - System32\Tasks\HPCeeScheduleFors => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard) Task: {B97EBAE3-14F0-462D-9768-EBB19F72BB80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-29] (Google Inc.) Task: {C56BD8AB-BF86-4FE9-9BBC-0DDE1420BDBA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {E8BFD69A-2607-4D93-8015-C28198CBF9F6} - System32\Tasks\Allway Sync_{4E6949520858136489535401CF6DD6A8} => C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe [2015-04-21] () Task: {F1624858-F5D9-439E-832B-0496983BEC90} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-07-20] (Intel) Task: C:\WINDOWS\Tasks\Allway Sync_{4E6949520858136489535401CF6DD6A8}.job => C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleFors.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Loaded Modules (Whitelisted) ============== 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-08-26 15:02 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2013-08-26 15:02 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2013-08-26 15:02 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2013-08-26 15:02 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2013-08-26 15:02 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2013-02-28 19:14 - 2013-02-28 19:14 - 00118784 _____ () C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\libFFIR.dll 2013-02-28 19:14 - 2013-02-28 19:14 - 00188416 _____ () C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\FFWB.dll 2013-02-28 19:14 - 2013-02-28 19:14 - 00135168 _____ () C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\libFTLPTPIP.dll 2013-08-31 10:20 - 2013-08-31 10:20 - 00308048 _____ () C:\Users\s\AppData\Roaming\ICQM\ICQ\dll\mramenu.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:0966080E AlternateDataStreams: C:\Users\s\SkyDrive:ms-properties ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2262038565-221129539-630273557-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\s\Pictures\photo-1415226620463-aedee27159c5.jpg DNS Servers: 192.168.178.1 ==================== MSCONFIG/TASK MANAGER Error getting == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "Twonky Server.lnk" HKLM\...\StartupApproved\StartupFolder: => "CDN Yabe Office.lnk" HKLM\...\StartupApproved\StartupFolder: => "E-POST MAILER.lnk" HKLM\...\StartupApproved\StartupFolder: => "FUJIFILM PC AutoSave auf Standby.lnk" HKLM\...\StartupApproved\Run: => "BCSSync" HKLM\...\StartupApproved\Run32: => "ZoneAlarm Installer" HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "PDFPrint" HKLM\...\StartupApproved\Run32: => "SDTray" HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher" HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager" HKLM\...\StartupApproved\Run32: => "DVCServ" HKLM\...\StartupApproved\Run32: => "DATEVSetup" HKLM\...\StartupApproved\Run32: => "SwitchBoard" HKLM\...\StartupApproved\Run32: => "DivXUpdate" HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\StartupApproved\Run: => "icq" HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\StartupApproved\Run: => "EntscheiderClub Premium" HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\StartupApproved\Run: => "9c5bf01b358884ef955dbaaa237340c7" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{E7394822-19FD-4263-8A5B-C56FC9586959}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [{9C1AA961-87D8-43C9-A409-B9075BA40BA0}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{62632452-45E0-4A04-90C7-731B2D587CB4}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{1FF59A7C-422C-4678-BFF6-DABFC2D8F96A}] => (Allow) C:\Users\s\AppData\Roaming\ICQM\icq.exe FirewallRules: [{D72A5104-3D6C-4A90-BD72-44C21639BD2C}] => (Allow) C:\Users\s\AppData\Roaming\ICQM\icq.exe FirewallRules: [{AD05BABA-6646-4C3A-986E-CC7BA770AD38}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exe FirewallRules: [{890D8DA8-AAD1-49CB-BCB0-2A21237F60D5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{B0CAB26B-7B5F-480E-8CA9-2285194FE692}] => (Allow) LPort=1900 FirewallRules: [{FCF99A43-9699-4020-8128-D1F18CF0D614}] => (Allow) LPort=2869 FirewallRules: [{5BEF5397-0FC8-49E3-9FC1-51B5F68A7DD0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [TCP Query User{23C78A46-DA51-4410-8FD7-B92D9CD0182F}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{20CADABF-5640-4640-AAD0-0FCB7C768A6D}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [{7919D2CD-2FBE-4047-AB76-C729ABC33759}] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [{E0CB3568-2010-42AF-9F86-0EFFCE56D4C9}] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [TCP Query User{F98A1208-C992-4820-BB99-EB19AA0AE8E1}C:\program files (x86)\ftprush\ftprush.exe] => (Allow) C:\program files (x86)\ftprush\ftprush.exe FirewallRules: [UDP Query User{797FCA2A-1C08-4917-849B-FDF7B93C63D8}C:\program files (x86)\ftprush\ftprush.exe] => (Allow) C:\program files (x86)\ftprush\ftprush.exe FirewallRules: [{A17DF673-784F-4FD7-9723-305EBE15D116}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe FirewallRules: [{C91441AD-8F11-47A0-BB59-AA7B1F65A330}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe FirewallRules: [{FFF639CC-4A34-4347-A8A8-41CD3587376F}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe FirewallRules: [{2E78FCC5-454A-40AE-AA7D-D8E42CE68DEE}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe FirewallRules: [{2CF1C950-CD39-4021-8BF7-579969943023}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{D824EF1C-3643-48B6-8124-CD6BACB04531}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{29B09A44-3E1B-4004-A26E-3B60B19074D5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [{862EEF92-8F16-4AA7-BE44-65ECECA6E968}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [TCP Query User{8E58FFEC-E106-4FC8-8ABB-CFD051248184}C:\program files (x86)\ftprush\ftprush.exe] => (Block) C:\program files (x86)\ftprush\ftprush.exe FirewallRules: [UDP Query User{4384D3B5-3319-4104-9995-38A628A32252}C:\program files (x86)\ftprush\ftprush.exe] => (Block) C:\program files (x86)\ftprush\ftprush.exe FirewallRules: [TCP Query User{B78A5B98-5FF3-459F-A408-9EF6FAE44ADB}C:\users\s\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\s\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{55ECA24A-5568-4287-BC3B-0AC17527631C}C:\users\s\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\s\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{AB5DD043-E289-4BD5-96D1-C6C36E485418}C:\users\s\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\s\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{F6A8BB49-2AF7-467A-94E4-C590CE0C0CE2}C:\users\s\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\s\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{56BC7622-B916-435E-A99E-B3F97DC2B7B2}C:\program files\plentymarkets\plentymarkets.exe] => (Allow) C:\program files\plentymarkets\plentymarkets.exe FirewallRules: [UDP Query User{AE302455-86AB-4369-BC73-705BE5491036}C:\program files\plentymarkets\plentymarkets.exe] => (Allow) C:\program files\plentymarkets\plentymarkets.exe FirewallRules: [{7FCF99BE-B64C-4253-9875-049FD6EE6AA9}] => (Allow) C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{77EE1C70-93F9-471C-AC16-B65023CD0F59}] => (Allow) C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [TCP Query User{EE98B557-949C-417A-930B-F7A073B7F3F7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{0C152529-6A25-4C14-B1B7-2CD6EF949FC2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{2948C0C7-1B75-4F31-A81B-E9A3248DEA61}C:\users\s\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\s\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{8EA478D7-4D10-4161-9219-926541B70169}C:\users\s\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\s\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{F14AC53E-5CEF-49FE-9CBB-0DF22A816B1D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{FDB4C01D-F4D9-4938-8095-2C74532A5B93}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{DC3DFE60-96C4-47C4-A493-981FF86CFA53}C:\program files\plentymarkets\plentymarkets.exe] => (Allow) C:\program files\plentymarkets\plentymarkets.exe FirewallRules: [UDP Query User{92A4DB3C-4104-4936-8AA3-F71440316A3E}C:\program files\plentymarkets\plentymarkets.exe] => (Allow) C:\program files\plentymarkets\plentymarkets.exe FirewallRules: [TCP Query User{C0129FFD-FFE5-422E-84E4-643D59C0C0F4}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{431F683D-E82A-4A6C-B687-E37281C041A0}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe FirewallRules: [{F0AD5292-DE10-4214-B6A5-447ED58AC720}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{379F69FE-3BC4-4C53-B85A-904B4114A44E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{792EDE5E-D31B-4320-9A52-CEE928322F1C}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe FirewallRules: [{6AC56DAE-8C18-4920-8EAC-1101786C3F3E}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe FirewallRules: [{33F25883-60DB-49D3-A745-F5F64C7C0560}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\app\StarMoney.exe FirewallRules: [{801CE9A9-9D86-4CD9-B237-E2CAD0A1F3D3}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\app\StarMoney.exe FirewallRules: [TCP Query User{6BB9E385-A916-4AE9-9ACB-E699B7747A9B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{037EDFE1-43DE-4272-B543-1C13CCC0D876}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{B63DAE1C-FE80-4F4B-A7AE-43644616C7AB}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PairingWizard.exe FirewallRules: [{4A7A5C9B-EED4-40B1-AD45-6960AA5648A1}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PairingWizard.exe FirewallRules: [{775848ED-0AC4-4EC6-93BA-1287B0787B13}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe FirewallRules: [{73F0DEAF-3EAC-44CD-B822-FD6026AEB483}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe FirewallRules: [{DFB9FE53-F7E1-4722-9045-7BE36A899B8A}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe FirewallRules: [{DA13A301-BC4D-4410-8E2E-C0A71DDA511E}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe FirewallRules: [{7EA59164-96B1-4AC8-B02B-9AE5D204C320}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\app\StarMoney.exe FirewallRules: [{44984E01-EA4E-4B26-A680-8F5CEC2E1BC9}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\app\StarMoney.exe FirewallRules: [{404D4D02-9942-438D-B5B3-73A380C233F4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe FirewallRules: [{78EBD91E-BE77-48D1-9C3D-69DEAE23945B}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe FirewallRules: [{695BCC07-367E-4D56-8799-C8042E5E9CC9}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe FirewallRules: [{D39A23BF-94FA-498F-A9C6-3E18E77E3519}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe FirewallRules: [{C6706BC1-2DF5-448D-BBE8-313A44848299}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe FirewallRules: [{31509B17-9DBE-4214-89B0-71BD92256E48}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{E5D41589-171C-4DB9-AB20-5C876F558093}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{00E4A3C8-9DCE-4AAB-A725-3E7D8AA2CBFE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{E549719D-2ADD-463E-AE7F-146D1FD3FD88}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{51781ACE-FC85-4D39-A795-41AF1A2764AB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7 StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7 StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3 ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (05/25/2015 11:47:29 AM) (Source: SideBySide) (EventID: 79) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1". Die Einstellung "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName" ist nicht registriert. Error: (05/25/2015 11:42:04 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Explorer.EXE, Version 6.3.9600.17284 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f18 Startzeit: 01d0960ffc0fa0ed Endzeit: 0 Anwendungspfad: C:\WINDOWS\Explorer.EXE Berichts-ID: 30e688d5-02c2-11e5-bf18-8434978947f8 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (05/25/2015 11:39:11 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm LiveComm.exe, Version 17.5.9600.20856 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b10 Startzeit: 01d09610078fd03e Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: e4a24f5b-02c1-11e5-bf18-8434978947f8 Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error: (05/24/2015 00:42:58 PM) (Source: SideBySide) (EventID: 79) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1". Die Einstellung "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName" ist nicht registriert. Error: (05/20/2015 01:16:59 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: Das Volume "\\?\Volume{57f9d638-36f8-48f8-a7aa-395529054261}\" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057) Error: (05/20/2015 01:16:59 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: Das Volume "WINRE" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057) Error: (05/19/2015 10:15:14 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_stisvc, Version: 6.3.9600.16384, Zeitstempel: 0x5215dfe3 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22 Ausnahmecode: 0xc0000008 Fehleroffset: 0x000000000009355a ID des fehlerhaften Prozesses: 0x9dc Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_stisvc0 Pfad der fehlerhaften Anwendung: svchost.exe_stisvc1 Pfad des fehlerhaften Moduls: svchost.exe_stisvc2 Berichtskennung: svchost.exe_stisvc3 Vollständiger Name des fehlerhaften Pakets: svchost.exe_stisvc4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_stisvc5 Error: (05/19/2015 01:24:58 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000052f0b ID des fehlerhaften Prozesses: 0xf78 Startzeit der fehlerhaften Anwendung: 0xvlc.exe0 Pfad der fehlerhaften Anwendung: vlc.exe1 Pfad des fehlerhaften Moduls: vlc.exe2 Berichtskennung: vlc.exe3 Vollständiger Name des fehlerhaften Pakets: vlc.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: vlc.exe5 Error: (05/19/2015 00:55:07 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 37.0.2.5583, Zeitstempel: 0x552ef76c Name des fehlerhaften Moduls: mozalloc.dll, Version: 37.0.2.5583, Zeitstempel: 0x552ee9ae Ausnahmecode: 0x80000003 Fehleroffset: 0x00001aa1 ID des fehlerhaften Prozesses: 0xc0 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5 Error: (05/19/2015 00:49:13 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: jre-8u45-windows-i586-iftw.exe, Version: 8.0.450.15, Zeitstempel: 0x5542981d Name des fehlerhaften Moduls: jre-8u45-windows-i586-iftw.exe, Version: 8.0.450.15, Zeitstempel: 0x5542981d Ausnahmecode: 0x40000015 Fehleroffset: 0x0005d386 ID des fehlerhaften Prozesses: 0xadc Startzeit der fehlerhaften Anwendung: 0xjre-8u45-windows-i586-iftw.exe0 Pfad der fehlerhaften Anwendung: jre-8u45-windows-i586-iftw.exe1 Pfad des fehlerhaften Moduls: jre-8u45-windows-i586-iftw.exe2 Berichtskennung: jre-8u45-windows-i586-iftw.exe3 Vollständiger Name des fehlerhaften Pakets: jre-8u45-windows-i586-iftw.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: jre-8u45-windows-i586-iftw.exe5 System errors: ============= Error: (05/25/2015 11:53:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (05/25/2015 11:53:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Intel(R) ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (05/25/2015 11:53:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "IconMan_R" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (05/25/2015 11:53:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "HP Support Assistant Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (05/25/2015 11:53:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "HP Software Framework Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (05/25/2015 11:52:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Spybot-S&D 2 Updating Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (05/25/2015 11:52:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (05/25/2015 11:52:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "ZoneAlarm Privacy Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (05/25/2015 11:52:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "StarMoney 10 OnlineUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (05/25/2015 11:52:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "StarMoney Business 6.0 OnlineUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Microsoft Office: ========================= Error: (05/25/2015 11:47:29 AM) (Source: SideBySide) (EventID: 79) (User: ) Description: hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNameC:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe Error: (05/25/2015 11:42:04 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Explorer.EXE6.3.9600.17284f1801d0960ffc0fa0ed0C:\WINDOWS\Explorer.EXE30e688d5-02c2-11e5-bf18-8434978947f8 Error: (05/25/2015 11:39:11 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: LiveComm.exe17.5.9600.20856b1001d09610078fd03e4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exee4a24f5b-02c1-11e5-bf18-8434978947f8microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (05/24/2015 00:42:58 PM) (Source: SideBySide) (EventID: 79) (User: ) Description: hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNameC:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe Error: (05/20/2015 01:16:59 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: \\?\Volume{57f9d638-36f8-48f8-a7aa-395529054261}\Falscher Parameter. (0x80070057) Error: (05/20/2015 01:16:59 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: WINREFalscher Parameter. (0x80070057) Error: (05/19/2015 10:15:14 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: svchost.exe_stisvc6.3.9600.163845215dfe3ntdll.dll6.3.9600.1727853eebd22c0000008000000000009355a9dc01d091a2ea8430a8C:\WINDOWS\system32\svchost.exeC:\WINDOWS\SYSTEM32\ntdll.dll2c6091a1-fdff-11e4-bf17-8434978947f8 Error: (05/19/2015 01:24:58 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: vlc.exe2.1.5.000000000ntdll.dll6.3.9600.1727853eebd22c00000050000000000052f0bf7801d091c19add12fbC:\Program Files\VideoLAN\VLC\vlc.exeC:\WINDOWS\SYSTEM32\ntdll.dll18ac1534-fdb5-11e4-bf17-8434978947f8 Error: (05/19/2015 00:55:07 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe37.0.2.5583552ef76cmozalloc.dll37.0.2.5583552ee9ae8000000300001aa1c001d091bd2af897d8C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlled66422c-fdb0-11e4-bf17-8434978947f8 Error: (05/19/2015 00:49:13 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: jre-8u45-windows-i586-iftw.exe8.0.450.155542981djre-8u45-windows-i586-iftw.exe8.0.450.155542981d400000150005d386adc01d091bb8fc133fdC:\Users\s\Desktop\Downloads\jre-8u45-windows-i586-iftw.exeC:\Users\s\Desktop\Downloads\jre-8u45-windows-i586-iftw.exe1a0576c9-fdb0-11e4-bf17-8434978947f8 CodeIntegrity Errors: =================================== Date: 2013-11-30 15:06:55.497 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-30 14:42:41.927 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-30 14:39:40.327 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-30 13:40:28.974 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-30 13:39:09.041 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-30 13:10:21.879 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll that did not meet the Microsoft signing level requirements. Date: 2013-11-30 13:10:21.754 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll that did not meet the Microsoft signing level requirements. Date: 2013-11-30 13:10:18.442 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll that did not meet the Microsoft signing level requirements. Date: 2013-11-30 13:10:09.332 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll that did not meet the Microsoft signing level requirements. Date: 2013-11-30 13:10:09.035 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz Percentage of memory in use: 25% Total physical RAM: 6036.28 MB Available physical RAM: 4500.05 MB Total Pagefile: 11668.28 MB Available Pagefile: 9739.39 MB Total Virtual: 131072 MB Available Virtual: 131071.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:448.38 GB) (Free:44.59 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:16.27 GB) (Free:2.05 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive i: () (Removable) (Total:29.47 GB) (Free:29.47 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 466E2C46) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 6 GB) (Disk ID: C73F6553) Partition: GPT Partition Type. ======================================================== Disk: 2 (Size: 29.5 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End of log ============================ |
25.05.2015, 19:33 | #6 |
/// the machine /// TB-Ausbilder | 500 Mails täglich von Outlook nach DHL TrojanerESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> 500 Mails täglich von Outlook nach DHL Trojaner |
26.05.2015, 11:22 | #7 |
| 500 Mails täglich von Outlook nach DHL Trojaner Hier die Logs...bisher werden keine Mails mehr verschickt Eset Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=bcb72c0ede7b084ab7b808e85ce434e9 # engine=24017 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-05-25 08:59:28 # local_time=2015-05-25 10:59:28 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 13748602 40913889 0 0 # scanned=387036 # found=7 # cleaned=7 # scan_time=7953 sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir" sh=5BF0BED25279CA1F3F14DB1F18364EDFB9AB0C86 ft=1 fh=b14befa4627c35fa vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\hotspot shield\ConduitUninstaller.exe.vir" sh=2D5A89662E964AEAE12D6AB3886E965DE43921AF ft=1 fh=351d5799861e0142 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\Plugins\npConduitFirefoxPlugin.dll.vir" sh=1DA7E55B7B8609994368D0C56A7B76474F882B6A ft=1 fh=6342ba6251261b43 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir" sh=C25E453070C795849C94FCB0311ED1DDD4F7B74D ft=1 fh=a07ba6255bd749e6 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe" sh=DF507CE26573850D2EF424E58C2793B3A64C3748 ft=1 fh=5bbafaa53f163c41 vn="Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\CheckPoint\Install\zatb.exe" sh=F08EB755731C1E3F3492137F0C648241838F91ED ft=1 fh=3ac8e72c6a2b6537 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\s\Desktop\Downloads\HSS-3.13-install-chip-389-conduit.exe" Code:
ATTFilter Results of screen317's Security Check version 1.001 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Antivirus ZoneAlarm Antivirus Windows Defender Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Java 8 Update 45 Adobe Flash Player 17.0.0.188 Adobe Reader XI Mozilla Firefox (38.0.1) Mozilla Thunderbird 24.3.0 Thunderbird out of Date! Google Chrome (43.0.2357.65) Google Chrome (43.0.2357.81) ````````Process Check: objlist.exe by Laurent```````` Spybot Teatimer.exe is disabled! Avira Antivir avgnt.exe Avira Antivir avguard.exe StarMoney 10 ouservice StarMoneyOnlineUpdate.exe CheckPoint ZoneAlarm ZAPrivacyService.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2015 Ran by s (administrator) on SR_HP_ULTRABOOK on 26-05-2015 12:10:54 Running from C:\Users\s\Desktop Loaded Profiles: s (Available Profiles: s & Gast) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (FUJIFILM Corporation.) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Code:Aero Technologies) C:\Program Files (x86)\Password Memory 4\Keynote.exe (Code:Aero Technologies) C:\Program Files (x86)\Password Memory 4\Keynote.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (OrdinarySoft) C:\Program Files\Start Menu X\StartMenuX.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Spotify Ltd) C:\Users\s\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Spotify Ltd) C:\Users\s\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) C:\Users\s\AppData\Roaming\Spotify\SpotifyCrashService.exe (Spotify Ltd) C:\Users\s\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) C:\Users\s\AppData\Roaming\Spotify\Spotify.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe () C:\Users\s\Desktop\SecurityCheck.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-09] (IDT, Inc.) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-06-13] (Synaptics Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-31] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [74160 2014-01-29] (Check Point Software Technologies LTD) HKLM-x32\...\Run: [DATEVSetup] => C:\Users\s\AppData\Local\Temp\OYa04020\TLP\DATEVsetup.exe <===== ATTENTION HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] () HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH) HKLM-x32\...\Run: [DVCServ] => C:\Program Files (x86)\DATEV-SiPa-compact\DVCSERV HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SMB60StarMoneyRunEntry] => C:\Program Files (x86)\StarMoney Business 6.0\app\oflagent.exe [51856 2015-05-20] (Star Finanz-Software Entwicklung und Vertriebs GmbH) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [icq] => C:\Users\s\AppData\Roaming\ICQM\icq.exe [28698984 2013-08-31] (ICQ) HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [StartMenuX] => C:\Program Files\Start Menu X\StartMenuX.exe [7673664 2013-11-20] (OrdinarySoft) HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [Allway Sync] => C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe [94920 2015-04-21] () HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [Spotify Web Helper] => C:\Users\s\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-25] (Spotify Ltd) HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [EntscheiderClub Premium] => C:\Users\s\AppData\Local\EntscheiderClub Premium\EntscheiderClub Premium.exe [1121264 2015-01-29] (Wakoopa) HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [9c5bf01b358884ef955dbaaa237340c7] => "C:\Users\s\AppData\Local\9c5bf01b358884ef955dbaaa237340c7.exe" HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [GoogleChromeAutoLaunch_25B1D1BADDAEDB1571E4D008134EB6A3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-13] (Google Inc.) HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\MountPoints2: {edae7ff0-618c-11e3-beb2-8434978947f8} - "E:\AutoRun.exe" HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\E-POST MAILER.lnk [2015-03-03] ShortcutTarget: E-POST MAILER.lnk -> C:\Program Files (x86)\Deutsche Post AG\E-POST MAILER\EpostMailer.exe (Deutsche Post AG) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FUJIFILM PC AutoSave auf Standby.lnk [2015-04-05] ShortcutTarget: FUJIFILM PC AutoSave auf Standby.lnk -> C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\Manager.exe (FUJIFILM Corporation.) Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-09-30] ShortcutTarget: Dropbox.lnk -> C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk [2015-01-20] ShortcutTarget: Mediencenter.lnk -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [01Mediencenter_InSync] -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2014-06-12] (Deutsche Telekom AG) ShellIconOverlayIdentifiers: [02Mediencenter_ToSync] -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2014-06-12] (Deutsche Telekom AG) ShellIconOverlayIdentifiers: [03Mediencenter_Failed] -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2014-06-12] (Deutsche Telekom AG) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKU\S-1-5-21-2262038565-221129539-630273557-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.goodsyouneed.de/ SearchScopes: HKLM -> {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 -> {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2262038565-221129539-630273557-1001 -> {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-2262038565-221129539-630273557-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) BHO: SCardBHOEvent Class -> {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} -> C:\Program Files (x86)\DATEV-SiPa-compact\DVCCSASCardBHO64002.dll [2014-05-12] (DATEV eG) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO: EntscheiderClub Premium -> {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} -> C:\Users\s\AppData\Local\Wakoopa Shared\WakoopaBHO-x64.dll [2015-01-29] (Wakoopa) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-19] (Oracle Corporation) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-12-17] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) BHO-x32: SCardBHOEvent Class -> {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} -> C:\Program Files (x86)\DATEV-SiPa-compact\DVCCSASCardBHO002.dll [2014-05-12] (DATEV eG) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-19] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated) BHO-x32: EntscheiderClub Premium -> {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} -> C:\Users\s\AppData\Local\Wakoopa Shared\WakoopaBHO.dll [2015-01-29] (Wakoopa) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-2262038565-221129539-630273557-1001 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default FF Homepage: hxxp://t3n.de/|hxxp://www.logistik-watchblog.de/ FF NetworkProxy: "MM3ProxySwitch.type", 1 FF NetworkProxy: "ftp", "127.0.0.1" FF NetworkProxy: "ftp_port", 8080 FF NetworkProxy: "http", "127.0.0.1" FF NetworkProxy: "http_port", 8080 FF NetworkProxy: "no_proxies_on", "" FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-18] () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-18] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-06-13] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-06-13] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-19] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-19] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-07-24] (Nullsoft, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Extension: Avira Browser Safety - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\abs@avira.com [2015-04-27] FF Extension: YouTube Unblocker - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\youtubeunblocker@unblocker.yt [2014-11-05] FF Extension: Hide My Ass Proxy Extension - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\extension@hidemyass.com.xpi [2013-06-29] FF Extension: Soundcloud SUPER +2: Downloader and Recommender - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi [2013-08-23] FF Extension: SoundCloud Downloader - Technowise - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2013-08-23] FF Extension: Adblock Plus - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-19] FF Extension: {f5110906-1b93-4640-a7fe-12251b0b7b10} - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{f5110906-1b93-4640-a7fe-12251b0b7b10}.xpi [2014-12-08] FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com [2013-09-01] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-09-02] Chrome: ======= CHR Profile: C:\Users\s\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-29] CHR Extension: (Google Drive) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-29] CHR Extension: (EntscheiderClub Premium) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbojioefbafdanbjbdhhmoblcbikeia [2015-03-29] CHR Extension: (YouTube) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-29] CHR Extension: (Google Cast) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-05-30] CHR Extension: (Adblock Plus) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-30] CHR Extension: (Google Search) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-29] CHR Extension: (Bookmark Manager) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-23] CHR Extension: (Google Wallet) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-29] CHR Extension: (Gmail) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-29] CHR Profile: C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Slides) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06] CHR Extension: (Google Docs) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06] CHR Extension: (Google Drive) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-06] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-06] CHR Extension: (YouTube) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-06] CHR Extension: (Google Search) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-06] CHR Extension: (Google Sheets) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06] CHR Extension: (Skype Click to Call) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-06] CHR Extension: (DVDVideoSoft) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2015-02-06] CHR Extension: (Google Wallet) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-06] CHR Extension: (Gmail) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-06] CHR Profile: C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2 CHR Extension: (Google Slides) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06] CHR Extension: (Google Docs) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06] CHR Extension: (Google Drive) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-06] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-06] CHR Extension: (YouTube) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-06] CHR Extension: (Google Search) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-06] CHR Extension: (Google Sheets) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06] CHR Extension: (Avira Browser Safety) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-06] CHR Extension: (Skype Click to Call) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-06] CHR Extension: (DVDVideoSoft) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2015-02-06] CHR Extension: (Google Wallet) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-06] CHR Extension: (Gmail) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-06] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG) S2 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182784 2015-04-13] () [] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 FFPCAutoSave; C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe [94208 2013-02-28] (FUJIFILM Corporation.) [] R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [] R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-06-13] (Intel Corporation) S2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation) S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-06-13] (Intel Corporation) S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.) S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.) S2 StarMoney 10 OnlineUpdate; C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe [688272 2015-04-15] (Star Finanz-Software Entwicklung und Vertriebs GmbH) S2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH) S2 StarMoney Business 6.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5491984 2015-05-13] (TeamViewer GmbH) S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2014-01-29] (Check Point Software Technologies LTD) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-30] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-06-24] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-12] (Avira Operations GmbH & Co. KG) S1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [46792 2013-09-17] (AnchorFree Inc.) R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-21] (Intel Corporation) R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-07-17] (Kaspersky Lab ZAO) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2013-02-21] (Kaspersky Lab) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-10-08] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [489056 2013-10-08] (Kaspersky Lab ZAO) S3 KOBCCID; C:\Windows\system32\drivers\KOBCCID.sys [116864 2014-03-18] (KOBIL Systems GmbH) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-25] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-13] (Synaptics Incorporated) R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-08-13] (Anchorfree Inc.) R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [454168 2013-10-23] (Check Point Software Technologies LTD) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) U0 dmboot; No ImagePath S3 ewusbnet; \SystemRoot\system32\DRIVERS\ewusbnet.sys [X] S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X] S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X] S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-25 20:43 - 2015-05-25 20:43 - 02347384 _____ (ESET) C:\Users\s\Desktop\esetsmartinstaller_deu.exe 2015-05-25 20:43 - 2015-05-25 20:43 - 00852630 _____ () C:\Users\s\Desktop\SecurityCheck.exe 2015-05-25 12:12 - 2015-05-25 12:14 - 00055807 _____ () C:\Users\s\Desktop\Addition.txt 2015-05-25 12:10 - 2015-05-26 12:10 - 00040234 _____ () C:\Users\s\Desktop\FRST.txt 2015-05-25 12:09 - 2015-05-26 12:10 - 00000000 ____D () C:\Users\s\Desktop\FRST-OlderVersion 2015-05-25 12:00 - 2015-05-25 12:00 - 00001820 _____ () C:\Users\s\Desktop\JRT.txt 2015-05-25 11:53 - 2015-05-25 20:38 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2262038565-221129539-630273557-1001 2015-05-25 11:51 - 2015-05-25 11:51 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-SR_HP_ULTRABOOK-Windows-8.1-(64-bit).dat 2015-05-25 11:51 - 2015-05-25 11:51 - 00000000 ____D () C:\RegBackup 2015-05-25 11:50 - 2015-05-24 19:35 - 02945770 _____ (Thisisu) C:\Users\s\Desktop\JRT_NEW.exe 2015-05-24 12:38 - 2015-05-24 12:38 - 00001200 _____ () C:\Users\s\Desktop\mwam.txt 2015-05-24 12:37 - 2015-05-24 12:37 - 00000054 _____ () C:\Users\s\Desktop\boxen.txt 2015-05-23 17:57 - 2015-05-25 11:48 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-05-23 17:55 - 2015-05-23 17:55 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-05-23 17:55 - 2015-05-23 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-05-23 17:55 - 2015-05-23 17:55 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-05-23 17:55 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-05-23 17:55 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-05-23 17:55 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-05-20 22:18 - 2015-05-26 12:11 - 00000000 ____D () C:\FRST 2015-05-20 22:17 - 2015-05-26 12:10 - 02108928 _____ (Farbar) C:\Users\s\Desktop\FRST64.exe 2015-05-19 13:59 - 2015-05-19 13:59 - 00001255 _____ () C:\WINDOWS\system32\TeamViewer10_Hooks.log 2015-05-19 00:52 - 2015-05-19 00:51 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2015-05-19 00:51 - 2015-05-19 00:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-05-18 22:37 - 2015-05-18 22:37 - 00000000 ____D () C:\ProgramData\StarMoney 10 2015-05-18 22:37 - 2015-05-18 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 10 2015-05-18 22:30 - 2015-05-25 11:38 - 00000000 ____D () C:\Program Files (x86)\StarMoney 10 2015-05-18 09:55 - 2015-05-18 10:37 - 00000000 ____D () C:\KVRT_Data 2015-05-14 16:14 - 2015-05-14 16:14 - 00000123 _____ () C:\Users\s\Desktop\Collmex.url 2015-05-02 03:04 - 2015-05-02 03:04 - 00000000 ____D () C:\Users\s\Documents\Hausverwalter 2015-05-02 03:04 - 2015-05-02 03:04 - 00000000 ____D () C:\Users\s\AppData\Roaming\Buhl Data Service 2015-05-02 03:04 - 2015-05-02 03:04 - 00000000 ____D () C:\Users\s\AppData\Local\Buhl Data Service 2015-05-02 03:03 - 2015-05-04 12:14 - 00000647 _____ () C:\WINDOWS\wiso.ini 2015-05-02 03:03 - 2015-05-02 03:03 - 00002131 _____ () C:\Users\Public\Desktop\WISO Hausverwalter 2015.lnk 2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\Users\s\AppData\Roaming\Buhl 2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\Users\s\AppData\Local\Buhl 2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Hausverwalter 2015 2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\Program Files (x86)\Buhl 2015-05-02 03:02 - 2015-05-02 03:03 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH 2015-04-28 23:55 - 2015-04-28 23:55 - 00001733 _____ () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Copy of plentymarkets.lnk 2015-04-28 23:49 - 2015-04-28 23:49 - 07810528 _____ (plentymarkets GmbH) C:\Users\s\plentymarkets_updater_windows_216.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-26 12:11 - 2013-05-14 23:57 - 00000000 ____D () C:\Users\s\Documents\Outlook-Dateien 2015-05-26 12:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-05-26 12:01 - 2013-11-30 16:56 - 01800086 _____ () C:\WINDOWS\WindowsUpdate.log 2015-05-26 11:54 - 2014-06-10 15:20 - 00000000 ____D () C:\Users\s\AppData\Roaming\Spotify 2015-05-26 11:50 - 2014-04-29 13:07 - 00001150 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-26 11:49 - 2014-06-10 15:21 - 00000000 ____D () C:\Users\s\AppData\Local\Spotify 2015-05-25 19:50 - 2013-11-30 17:11 - 00000000 ___DO () C:\Users\s\SkyDrive 2015-05-25 14:00 - 2014-08-28 21:12 - 00000408 _____ () C:\WINDOWS\Tasks\Allway Sync_{4E6949520858136489535401CF6DD6A8}.job 2015-05-25 12:21 - 2012-08-24 18:00 - 00000000 ____D () C:\ProgramData\Temp 2015-05-25 12:17 - 2013-06-22 18:48 - 00000000 ____D () C:\Users\s\AppData\Roaming\FTPRush 2015-05-25 11:53 - 2015-03-03 08:57 - 00000106 _____ () C:\WINDOWS\system32\mfilemon.log 2015-05-25 11:49 - 2015-01-20 02:14 - 00000000 ___RD () C:\Users\s\Mediencenter 2015-05-25 11:49 - 2014-05-27 17:55 - 00000000 ___RD () C:\Users\s\Dropbox 2015-05-25 11:49 - 2014-05-27 17:53 - 00000000 ____D () C:\Users\s\AppData\Roaming\Dropbox 2015-05-25 11:48 - 2014-04-29 13:07 - 00001146 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-25 11:47 - 2013-09-29 21:04 - 00378580 _____ () C:\WINDOWS\PFRO.log 2015-05-25 11:47 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-05-25 11:47 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-05-25 11:47 - 2013-05-14 23:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-05-25 11:46 - 2013-08-26 15:43 - 00000000 ____D () C:\AdwCleaner 2015-05-25 11:46 - 2013-05-11 16:48 - 00000000 ____D () C:\Users\s\AppData\Roaming\CheckPoint 2015-05-25 11:42 - 2013-05-14 23:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-05-25 11:38 - 2015-04-14 21:31 - 00000000 ____D () C:\Program Files (x86)\StarMoney Business 6.0 2015-05-25 11:38 - 2015-02-27 21:25 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0 2015-05-24 12:42 - 2013-08-22 16:44 - 05142448 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-05-24 12:41 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2015-05-23 18:28 - 2015-02-11 19:16 - 00000000 ____D () C:\Users\s\AppData\Local\Windows Live 2015-05-23 18:23 - 2013-08-07 14:13 - 00000000 ____D () C:\Users\s\AppData\Roaming\vlc 2015-05-23 17:55 - 2013-11-26 22:39 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-05-23 15:17 - 2013-09-30 06:14 - 01980934 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-05-23 15:17 - 2013-09-30 05:56 - 00842568 _____ () C:\WINDOWS\system32\perfh007.dat 2015-05-23 15:17 - 2013-09-30 05:56 - 00191764 _____ () C:\WINDOWS\system32\perfc007.dat 2015-05-22 01:43 - 2014-01-02 20:14 - 00003154 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleFors 2015-05-22 01:43 - 2014-01-02 20:14 - 00000348 _____ () C:\WINDOWS\Tasks\HPCeeScheduleFors.job 2015-05-20 21:58 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-05-19 14:00 - 2013-11-22 17:08 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2015-05-19 13:59 - 2015-04-21 20:19 - 00000985 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-05-19 00:52 - 2013-10-21 18:27 - 00000000 ____D () C:\ProgramData\Oracle 2015-05-19 00:51 - 2013-10-21 18:27 - 00000000 ____D () C:\Program Files (x86)\Java 2015-05-18 22:34 - 2013-08-22 15:25 - 00017486 _____ () C:\WINDOWS\system32\Drivers\etc\services 2015-05-18 22:15 - 2012-08-24 18:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-05-18 22:00 - 2014-09-02 12:01 - 00000000 ____D () C:\Users\s\AppData\Local\Adobe 2015-05-18 00:39 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-05-17 15:31 - 2013-08-22 16:46 - 00336769 _____ () C:\WINDOWS\setupact.log 2015-05-17 13:16 - 2013-05-12 21:28 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log 2015-05-17 06:45 - 2014-04-29 13:07 - 00004122 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-17 06:45 - 2014-04-29 13:07 - 00003886 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-05 13:15 - 2015-03-05 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-05-05 13:12 - 2014-07-07 17:21 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2015-05-05 13:12 - 2014-07-07 17:21 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2015-05-04 12:29 - 2014-12-17 14:50 - 00000000 ____D () C:\WINDOWS\uninstall 2015-05-04 12:29 - 2014-12-17 14:50 - 00000000 ____D () C:\Program Files (x86)\CDN YabeOffice Daten 2015-05-04 12:29 - 2014-12-17 14:50 - 00000000 ____D () C:\Program Files (x86)\CDN YabeOffice 2015-05-04 12:18 - 2014-04-30 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Allway Sync 2015-05-04 12:18 - 2014-04-30 18:22 - 00000000 ____D () C:\Program Files (x86)\Allway Sync 2015-04-28 23:55 - 2014-09-21 17:41 - 00001784 _____ () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\plentymarkets.lnk 2015-04-28 23:55 - 2014-03-03 14:32 - 00000000 ____D () C:\Program Files\plentymarkets 2015-04-28 23:49 - 2013-11-30 16:48 - 00000000 ____D () C:\Users\s ==================== Files in the root of some directories ======= 2013-05-10 12:25 - 2013-06-08 12:51 - 0013930 _____ () C:\Users\s\AppData\Roaming\AbsoluteReminder.xml 2014-03-18 16:19 - 2014-03-18 16:20 - 0000834 _____ () C:\Users\s\AppData\Local\belegtransfer_setup.log 2014-09-02 20:25 - 2014-09-02 20:25 - 0002273 _____ () C:\Users\s\AppData\Local\recently-used.xbel 2014-03-18 12:27 - 2015-01-14 11:46 - 0718262 _____ () C:\Users\s\AppData\Local\tempvcredist_x64.log 2014-02-09 18:25 - 2014-02-09 18:25 - 0000011 _____ () C:\ProgramData\.tv7 Files to move or delete: ==================== C:\Users\s\plentymarkets_updater_windows_207.exe C:\Users\s\plentymarkets_updater_windows_208.exe C:\Users\s\plentymarkets_updater_windows_209.exe C:\Users\s\plentymarkets_updater_windows_210.exe C:\Users\s\plentymarkets_updater_windows_213.exe C:\Users\s\plentymarkets_updater_windows_214.exe C:\Users\s\plentymarkets_updater_windows_215.exe C:\Users\s\plentymarkets_updater_windows_216.exe C:\Users\s\plentymarkets_windows_212.exe Some files in TEMP: ==================== C:\Users\Gast\AppData\Local\Temp\avgnt.exe C:\Users\s\AppData\Local\Temp\avgnt.exe C:\Users\s\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvybihd.dll C:\Users\s\AppData\Local\Temp\FreeStudio.exe C:\Users\s\AppData\Local\Temp\i4jdel0.exe C:\Users\s\AppData\Local\Temp\jre-8u31-windows-au.exe C:\Users\s\AppData\Local\Temp\proxy_vole5753558156256649135.dll C:\Users\s\AppData\Local\Temp\Quarantine.exe C:\Users\s\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-25 19:48 ==================== End of log ============================ Wie gesagt...es werden keine Mails mehr verschickt. Kann ich sicher sein das nun auch alles vom System runter ist? Vielen vielen Dank für deine Hilfe Ich war wohl etwas voreilig....Anscheinend hatte der Trojaner auch Wochenende :/ Es wurden kurz bevor ich den Post gemacht habe knapp 100 Mail im laufe des Vormittags verschickt. Über das ganze Wochenende wurde nichts verschickt. Gruß |
27.05.2015, 06:02 | #8 |
/// the machine /// TB-Ausbilder | 500 Mails täglich von Outlook nach DHL Trojaner Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [9c5bf01b358884ef955dbaaa237340c7] => "C:\Users\s\AppData\Local\9c5bf01b358884ef955dbaaa237340c7.exe" C:\Users\s\AppData\Local\9c5bf01b358884ef955dbaaa237340c7.exe FF NetworkProxy: "MM3ProxySwitch.type", 1 FF NetworkProxy: "ftp", "127.0.0.1" FF NetworkProxy: "ftp_port", 8080 FF NetworkProxy: "http", "127.0.0.1" FF NetworkProxy: "http_port", 8080 FF NetworkProxy: "no_proxies_on", "" FF NetworkProxy: "type", 0 Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
27.05.2015, 10:49 | #9 |
| 500 Mails täglich von Outlook nach DHL Trojaner Fixlog Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015 Ran by s at 2015-05-27 11:35:55 Run:1 Running from C:\Users\s\Desktop Loaded Profiles: s & Gast (Available Profiles: s & Gast) Boot Mode: Normal ============================================== fixlist content: ***************** HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [9c5bf01b358884ef955dbaaa237340c7] => "C:\Users\s\AppData\Local\9c5bf01b358884ef955dbaaa237340c7.exe" C:\Users\s\AppData\Local\9c5bf01b358884ef955dbaaa237340c7.exe FF NetworkProxy: "MM3ProxySwitch.type", 1 FF NetworkProxy: "ftp", "127.0.0.1" FF NetworkProxy: "ftp_port", 8080 FF NetworkProxy: "http", "127.0.0.1" FF NetworkProxy: "http_port", 8080 FF NetworkProxy: "no_proxies_on", "" FF NetworkProxy: "type", 0 Emptytemp: ***************** HKU\S-1-5-21-2262038565-221129539-630273557-1001\Software\Microsoft\Windows\CurrentVersion\Run\\9c5bf01b358884ef955dbaaa237340c7 => value Removed successfully "C:\Users\s\AppData\Local\9c5bf01b358884ef955dbaaa237340c7.exe" => File/Folder not found. Firefox Proxy settings were reset. Firefox Proxy settings were reset. Firefox Proxy settings were reset. Firefox Proxy settings were reset. Firefox Proxy settings were reset. Firefox Proxy settings were reset. Firefox Proxy settings were reset. EmptyTemp: => Removed 4.1 GB temporary data. The system needed a reboot. ==== End of Fixlog 11:40:44 ==== |
27.05.2015, 18:34 | #10 |
/// the machine /// TB-Ausbilder | 500 Mails täglich von Outlook nach DHL Trojaner frisches FRST log bitte noch. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
27.05.2015, 19:09 | #11 |
| 500 Mails täglich von Outlook nach DHL Trojaner hier die Logs... Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2015 Ran by s (administrator) on SR_HP_ULTRABOOK on 27-05-2015 19:42:54 Running from C:\Users\s\Desktop Loaded Profiles: s (Available Profiles: s & Gast) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (FUJIFILM Corporation.) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (OrdinarySoft) C:\Program Files\Start Menu X\StartMenuX.exe () C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe (Spotify Ltd) C:\Users\s\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Dropbox, Inc.) C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Deutsche Telekom AG) C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Code:Aero Technologies) C:\Program Files (x86)\Password Memory 4\Keynote.exe (Code:Aero Technologies) C:\Program Files (x86)\Password Memory 4\Keynote.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-09] (IDT, Inc.) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-06-13] (Synaptics Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-31] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [74160 2014-01-29] (Check Point Software Technologies LTD) HKLM-x32\...\Run: [DATEVSetup] => C:\Users\s\AppData\Local\Temp\OYa04020\TLP\DATEVsetup.exe <===== ATTENTION HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] () HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH) HKLM-x32\...\Run: [DVCServ] => C:\Program Files (x86)\DATEV-SiPa-compact\DVCSERV HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SMB60StarMoneyRunEntry] => C:\Program Files (x86)\StarMoney Business 6.0\app\oflagent.exe [51856 2015-05-20] (Star Finanz-Software Entwicklung und Vertriebs GmbH) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [icq] => C:\Users\s\AppData\Roaming\ICQM\icq.exe [28698984 2013-08-31] (ICQ) HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [StartMenuX] => C:\Program Files\Start Menu X\StartMenuX.exe [7673664 2013-11-20] (OrdinarySoft) HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [Allway Sync] => C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe [94920 2015-04-21] () HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [Spotify Web Helper] => C:\Users\s\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-25] (Spotify Ltd) HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [EntscheiderClub Premium] => C:\Users\s\AppData\Local\EntscheiderClub Premium\EntscheiderClub Premium.exe [1121264 2015-01-29] (Wakoopa) HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [GoogleChromeAutoLaunch_25B1D1BADDAEDB1571E4D008134EB6A3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.) HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\MountPoints2: {edae7ff0-618c-11e3-beb2-8434978947f8} - "E:\AutoRun.exe" HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\E-POST MAILER.lnk [2015-03-03] ShortcutTarget: E-POST MAILER.lnk -> C:\Program Files (x86)\Deutsche Post AG\E-POST MAILER\EpostMailer.exe (Deutsche Post AG) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FUJIFILM PC AutoSave auf Standby.lnk [2015-04-05] ShortcutTarget: FUJIFILM PC AutoSave auf Standby.lnk -> C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\Manager.exe (FUJIFILM Corporation.) Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-09-30] ShortcutTarget: Dropbox.lnk -> C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk [2015-01-20] ShortcutTarget: Mediencenter.lnk -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [01Mediencenter_InSync] -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2014-06-12] (Deutsche Telekom AG) ShellIconOverlayIdentifiers: [02Mediencenter_ToSync] -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2014-06-12] (Deutsche Telekom AG) ShellIconOverlayIdentifiers: [03Mediencenter_Failed] -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2014-06-12] (Deutsche Telekom AG) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKU\S-1-5-21-2262038565-221129539-630273557-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.goodsyouneed.de/ SearchScopes: HKLM -> {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 -> {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2262038565-221129539-630273557-1001 -> {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-2262038565-221129539-630273557-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) BHO: SCardBHOEvent Class -> {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} -> C:\Program Files (x86)\DATEV-SiPa-compact\DVCCSASCardBHO64002.dll [2014-05-12] (DATEV eG) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO: EntscheiderClub Premium -> {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} -> C:\Users\s\AppData\Local\Wakoopa Shared\WakoopaBHO-x64.dll [2015-01-29] (Wakoopa) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-19] (Oracle Corporation) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-12-17] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) BHO-x32: SCardBHOEvent Class -> {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} -> C:\Program Files (x86)\DATEV-SiPa-compact\DVCCSASCardBHO002.dll [2014-05-12] (DATEV eG) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-19] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated) BHO-x32: EntscheiderClub Premium -> {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} -> C:\Users\s\AppData\Local\Wakoopa Shared\WakoopaBHO.dll [2015-01-29] (Wakoopa) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-2262038565-221129539-630273557-1001 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default FF Homepage: hxxp://t3n.de/|hxxp://www.logistik-watchblog.de/ FF NetworkProxy: "MM3ProxySwitch.type", 1 FF NetworkProxy: "ftp", "127.0.0.1" FF NetworkProxy: "ftp_port", 8080 FF NetworkProxy: "http", "127.0.0.1" FF NetworkProxy: "http_port", 8080 FF NetworkProxy: "no_proxies_on", "" FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-18] () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-18] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-06-13] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-06-13] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-19] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-19] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-07-24] (Nullsoft, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Extension: Avira Browser Safety - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\abs@avira.com [2015-05-27] FF Extension: YouTube Unblocker - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\youtubeunblocker@unblocker.yt [2014-11-05] FF Extension: Hide My Ass Proxy Extension - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\extension@hidemyass.com.xpi [2013-06-29] FF Extension: Soundcloud SUPER +2: Downloader and Recommender - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi [2013-08-23] FF Extension: SoundCloud Downloader - Technowise - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2013-08-23] FF Extension: Adblock Plus - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-19] FF Extension: {f5110906-1b93-4640-a7fe-12251b0b7b10} - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{f5110906-1b93-4640-a7fe-12251b0b7b10}.xpi [2014-12-08] FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com [2013-09-01] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-09-02] Chrome: ======= CHR Profile: C:\Users\s\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-29] CHR Extension: (Google Drive) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-29] CHR Extension: (EntscheiderClub Premium) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbojioefbafdanbjbdhhmoblcbikeia [2015-03-29] CHR Extension: (YouTube) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-29] CHR Extension: (Google Cast) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-05-30] CHR Extension: (Adblock Plus) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-30] CHR Extension: (Google Search) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-29] CHR Extension: (Bookmark Manager) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-23] CHR Extension: (Google Wallet) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-29] CHR Extension: (Gmail) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-29] CHR Profile: C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Slides) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06] CHR Extension: (Google Docs) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06] CHR Extension: (Google Drive) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-06] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-06] CHR Extension: (YouTube) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-06] CHR Extension: (Google Search) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-06] CHR Extension: (Google Sheets) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06] CHR Extension: (Skype Click to Call) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-06] CHR Extension: (DVDVideoSoft) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2015-02-06] CHR Extension: (Google Wallet) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-06] CHR Extension: (Gmail) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-06] CHR Profile: C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2 CHR Extension: (Google Slides) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06] CHR Extension: (Google Docs) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06] CHR Extension: (Google Drive) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-06] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-06] CHR Extension: (YouTube) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-06] CHR Extension: (Google Search) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-06] CHR Extension: (Google Sheets) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06] CHR Extension: (Avira Browser Safety) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-06] CHR Extension: (Skype Click to Call) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-06] CHR Extension: (DVDVideoSoft) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2015-02-06] CHR Extension: (Google Wallet) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-06] CHR Extension: (Gmail) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-06] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG) R2 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182784 2015-04-13] () [] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) R2 FFPCAutoSave; C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe [94208 2013-02-28] (FUJIFILM Corporation.) [] R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [] R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-06-13] (Intel Corporation) R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-06-13] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.) S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.) R2 StarMoney 10 OnlineUpdate; C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe [688272 2015-04-15] (Star Finanz-Software Entwicklung und Vertriebs GmbH) R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH) R2 StarMoney Business 6.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5491984 2015-05-20] (TeamViewer GmbH) R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2014-01-29] (Check Point Software Technologies LTD) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-30] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-06-24] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-12] (Avira Operations GmbH & Co. KG) S1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [46792 2013-09-17] (AnchorFree Inc.) R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-21] (Intel Corporation) R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-07-17] (Kaspersky Lab ZAO) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2013-02-21] (Kaspersky Lab) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-10-08] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [489056 2013-10-08] (Kaspersky Lab ZAO) S3 KOBCCID; C:\Windows\system32\drivers\KOBCCID.sys [116864 2014-03-18] (KOBIL Systems GmbH) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-27] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-13] (Synaptics Incorporated) R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-08-13] (Anchorfree Inc.) R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [454168 2013-10-23] (Check Point Software Technologies LTD) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) U0 dmboot; No ImagePath S3 ewusbnet; \SystemRoot\system32\DRIVERS\ewusbnet.sys [X] S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X] S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X] S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-27 19:42 - 2015-05-27 19:43 - 00040427 _____ () C:\Users\s\Desktop\FRST.txt 2015-05-27 19:28 - 2015-05-27 19:29 - 00847824 _____ () C:\WINDOWS\Minidump\052715-12593-01.dmp 2015-05-25 11:53 - 2015-05-27 11:24 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2262038565-221129539-630273557-1001 2015-05-25 11:51 - 2015-05-25 11:51 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-SR_HP_ULTRABOOK-Windows-8.1-(64-bit).dat 2015-05-25 11:51 - 2015-05-25 11:51 - 00000000 ____D () C:\RegBackup 2015-05-24 12:37 - 2015-05-24 12:37 - 00000054 _____ () C:\Users\s\Desktop\boxen.txt 2015-05-23 17:57 - 2015-05-27 19:30 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-05-23 17:55 - 2015-05-23 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-05-23 17:55 - 2015-05-23 17:55 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-05-23 17:55 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-05-23 17:55 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-05-23 17:55 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-05-20 22:18 - 2015-05-27 19:43 - 00000000 ____D () C:\FRST 2015-05-20 22:17 - 2015-05-26 12:10 - 02108928 _____ (Farbar) C:\Users\s\Desktop\FRST64.exe 2015-05-19 13:59 - 2015-05-26 19:54 - 00002514 _____ () C:\WINDOWS\system32\TeamViewer10_Hooks.log 2015-05-19 00:52 - 2015-05-19 00:51 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2015-05-19 00:51 - 2015-05-19 00:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-05-18 22:37 - 2015-05-18 22:37 - 00000000 ____D () C:\ProgramData\StarMoney 10 2015-05-18 22:37 - 2015-05-18 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 10 2015-05-18 22:30 - 2015-05-27 11:52 - 00000000 ____D () C:\Program Files (x86)\StarMoney 10 2015-05-18 09:55 - 2015-05-18 10:37 - 00000000 ____D () C:\KVRT_Data 2015-05-02 03:04 - 2015-05-02 03:04 - 00000000 ____D () C:\Users\s\Documents\Hausverwalter 2015-05-02 03:04 - 2015-05-02 03:04 - 00000000 ____D () C:\Users\s\AppData\Roaming\Buhl Data Service 2015-05-02 03:04 - 2015-05-02 03:04 - 00000000 ____D () C:\Users\s\AppData\Local\Buhl Data Service 2015-05-02 03:03 - 2015-05-04 12:14 - 00000647 _____ () C:\WINDOWS\wiso.ini 2015-05-02 03:03 - 2015-05-02 03:03 - 00002131 _____ () C:\Users\Public\Desktop\WISO Hausverwalter 2015.lnk 2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\Users\s\AppData\Roaming\Buhl 2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\Users\s\AppData\Local\Buhl 2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Hausverwalter 2015 2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\Program Files (x86)\Buhl 2015-05-02 03:02 - 2015-05-02 03:03 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH 2015-04-28 23:55 - 2015-04-28 23:55 - 00001733 _____ () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Copy of plentymarkets.lnk 2015-04-28 23:49 - 2015-04-28 23:49 - 07810528 _____ (plentymarkets GmbH) C:\Users\s\plentymarkets_updater_windows_216.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-27 19:44 - 2013-05-14 23:57 - 00000000 ____D () C:\Users\s\Documents\Outlook-Dateien 2015-05-27 19:34 - 2012-08-24 18:00 - 00000000 ____D () C:\ProgramData\Temp 2015-05-27 19:33 - 2013-11-30 16:56 - 01123751 _____ () C:\WINDOWS\WindowsUpdate.log 2015-05-27 19:31 - 2015-01-20 02:14 - 00000000 ___RD () C:\Users\s\Mediencenter 2015-05-27 19:31 - 2014-05-27 17:55 - 00000000 ___RD () C:\Users\s\Dropbox 2015-05-27 19:31 - 2014-05-27 17:53 - 00000000 ____D () C:\Users\s\AppData\Roaming\Dropbox 2015-05-27 19:31 - 2013-11-30 17:11 - 00000000 ___DO () C:\Users\s\SkyDrive 2015-05-27 19:30 - 2015-03-03 08:57 - 00000106 _____ () C:\WINDOWS\system32\mfilemon.log 2015-05-27 19:29 - 2015-04-14 21:31 - 00000000 ____D () C:\Program Files (x86)\StarMoney Business 6.0 2015-05-27 19:29 - 2014-04-29 13:07 - 00001146 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-27 19:29 - 2013-11-30 16:48 - 00000000 ____D () C:\Users\s 2015-05-27 19:28 - 2015-02-27 21:25 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0 2015-05-27 19:28 - 2014-07-07 17:12 - 706576322 _____ () C:\WINDOWS\MEMORY.DMP 2015-05-27 19:28 - 2014-07-07 17:12 - 00000000 ____D () C:\WINDOWS\Minidump 2015-05-27 19:28 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-05-27 17:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-05-27 16:50 - 2014-04-29 13:07 - 00001150 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-27 14:00 - 2014-08-28 21:12 - 00000408 _____ () C:\WINDOWS\Tasks\Allway Sync_{4E6949520858136489535401CF6DD6A8}.job 2015-05-27 13:57 - 2013-09-30 06:14 - 01980934 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-05-27 13:57 - 2013-09-30 05:56 - 00842568 _____ () C:\WINDOWS\system32\perfh007.dat 2015-05-27 13:57 - 2013-09-30 05:56 - 00191764 _____ () C:\WINDOWS\system32\perfc007.dat 2015-05-27 13:52 - 2013-08-22 16:46 - 00337564 _____ () C:\WINDOWS\setupact.log 2015-05-27 11:42 - 2014-04-25 10:34 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-05-27 11:41 - 2013-09-29 21:04 - 00393256 _____ () C:\WINDOWS\PFRO.log 2015-05-27 11:41 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-05-26 20:47 - 2014-06-10 15:21 - 00000000 ____D () C:\Users\s\AppData\Local\Spotify 2015-05-26 19:54 - 2013-11-22 17:08 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2015-05-26 19:53 - 2015-04-21 20:19 - 00000985 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-05-26 15:45 - 2014-06-10 15:20 - 00000000 ____D () C:\Users\s\AppData\Roaming\Spotify 2015-05-26 13:43 - 2014-01-02 20:14 - 00003154 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleFors 2015-05-26 13:43 - 2014-01-02 20:14 - 00000348 _____ () C:\WINDOWS\Tasks\HPCeeScheduleFors.job 2015-05-25 12:17 - 2013-06-22 18:48 - 00000000 ____D () C:\Users\s\AppData\Roaming\FTPRush 2015-05-25 11:47 - 2013-05-14 23:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-05-25 11:46 - 2013-08-26 15:43 - 00000000 ____D () C:\AdwCleaner 2015-05-25 11:46 - 2013-05-11 16:48 - 00000000 ____D () C:\Users\s\AppData\Roaming\CheckPoint 2015-05-25 11:42 - 2013-05-14 23:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-05-24 12:42 - 2013-08-22 16:44 - 05142448 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-05-24 12:41 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2015-05-23 18:28 - 2015-02-11 19:16 - 00000000 ____D () C:\Users\s\AppData\Local\Windows Live 2015-05-23 18:23 - 2013-08-07 14:13 - 00000000 ____D () C:\Users\s\AppData\Roaming\vlc 2015-05-23 17:55 - 2013-11-26 22:39 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-05-20 21:58 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-05-19 00:52 - 2013-10-21 18:27 - 00000000 ____D () C:\ProgramData\Oracle 2015-05-19 00:51 - 2013-10-21 18:27 - 00000000 ____D () C:\Program Files (x86)\Java 2015-05-18 22:34 - 2013-08-22 15:25 - 00017486 _____ () C:\WINDOWS\system32\Drivers\etc\services 2015-05-18 22:15 - 2012-08-24 18:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-05-18 22:00 - 2014-09-02 12:01 - 00000000 ____D () C:\Users\s\AppData\Local\Adobe 2015-05-18 00:39 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-05-17 13:16 - 2013-05-12 21:28 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log 2015-05-17 06:45 - 2014-04-29 13:07 - 00004122 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-17 06:45 - 2014-04-29 13:07 - 00003886 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-05 13:15 - 2015-03-05 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-05-05 13:12 - 2014-07-07 17:21 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2015-05-05 13:12 - 2014-07-07 17:21 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2015-05-04 12:29 - 2014-12-17 14:50 - 00000000 ____D () C:\WINDOWS\uninstall 2015-05-04 12:29 - 2014-12-17 14:50 - 00000000 ____D () C:\Program Files (x86)\CDN YabeOffice Daten 2015-05-04 12:29 - 2014-12-17 14:50 - 00000000 ____D () C:\Program Files (x86)\CDN YabeOffice 2015-05-04 12:18 - 2014-04-30 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Allway Sync 2015-05-04 12:18 - 2014-04-30 18:22 - 00000000 ____D () C:\Program Files (x86)\Allway Sync 2015-04-28 23:55 - 2014-09-21 17:41 - 00001784 _____ () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\plentymarkets.lnk 2015-04-28 23:55 - 2014-03-03 14:32 - 00000000 ____D () C:\Program Files\plentymarkets ==================== Files in the root of some directories ======= 2013-05-10 12:25 - 2013-06-08 12:51 - 0013930 _____ () C:\Users\s\AppData\Roaming\AbsoluteReminder.xml 2014-03-18 16:19 - 2014-03-18 16:20 - 0000834 _____ () C:\Users\s\AppData\Local\belegtransfer_setup.log 2014-09-02 20:25 - 2014-09-02 20:25 - 0002273 _____ () C:\Users\s\AppData\Local\recently-used.xbel 2014-03-18 12:27 - 2015-01-14 11:46 - 0718262 _____ () C:\Users\s\AppData\Local\tempvcredist_x64.log 2014-02-09 18:25 - 2014-02-09 18:25 - 0000011 _____ () C:\ProgramData\.tv7 Files to move or delete: ==================== C:\Users\s\plentymarkets_updater_windows_207.exe C:\Users\s\plentymarkets_updater_windows_208.exe C:\Users\s\plentymarkets_updater_windows_209.exe C:\Users\s\plentymarkets_updater_windows_210.exe C:\Users\s\plentymarkets_updater_windows_213.exe C:\Users\s\plentymarkets_updater_windows_214.exe C:\Users\s\plentymarkets_updater_windows_215.exe C:\Users\s\plentymarkets_updater_windows_216.exe C:\Users\s\plentymarkets_windows_212.exe Some files in TEMP: ==================== C:\Users\s\AppData\Local\Temp\avgnt.exe C:\Users\s\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg4nh9r.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-25 19:48 ==================== End of log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015 Ran by s at 2015-05-27 19:45:20 Running from C:\Users\s\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2262038565-221129539-630273557-500 - Administrator - Disabled) fbwuser (S-1-5-21-2262038565-221129539-630273557-1005 - Limited - Disabled) Gast (S-1-5-21-2262038565-221129539-630273557-501 - Limited - Enabled) => C:\Users\Gast HomeGroupUser$ (S-1-5-21-2262038565-221129539-630273557-1003 - Limited - Enabled) s (S-1-5-21-2262038565-221129539-630273557-1001 - Administrator - Enabled) => C:\Users\s ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: ZoneAlarm Antivirus (Enabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D} FW: ZoneAlarm Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.13 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.) Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.) Allway Sync version 15.1.9 (HKLM-x32\...\Allway Sync_is1) (Version: - Botkind Inc) Ant Renamer (HKLM-x32\...\Ant Renamer 2_is1) (Version: 2.10.0 - Ant Software) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG) CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DATEV Belegtransfer V.3.22 (HKLM-x32\...\{EC561A24-754E-44F1-B76F-2FDA3DF9E912}) (Version: 2.03 - DATEV eG) DATEV Installation V.2.74 (HKLM-x32\...\DATEVB00000482.0) (Version: - ) DATEV Sicherheitspaket - compact (HKLM-x32\...\{13D2D749-7F84-4A63-A09E-3DFDBA4E03EF}) (Version: 2.40.0001 - DATEV eG) DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC) Dropbox (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.) DVS Video Downloader Addon for Mozilla Firefox version 4.3.4.15 (HKLM-x32\...\DVS Video Downloader Addon for Mozilla Firefox_is1) (Version: 4.3.4.15 - DVDVideoSoft Ltd.) Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard) EntscheiderClub Premium (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\EntscheiderClub Premium) (Version: - Wakoopa B.V.) E-POST MAILER (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\{6e991dbc-fbeb-434e-b0c0-20f336054450}) (Version: 2.0.1.1972 - Deutsche Post AG) E-POST MAILER (x32 Version: 2.0.1.1925 - Deutsche Post AG) Hidden E-POST MAILER Drucker (Version: 2.0.1.1925 - Deutsche Post AG) Hidden E-POST MAILER Start (x32 Version: 1.0.0.0 - Deutsche Post AG) Hidden etope Lister 2 (HKLM-x32\...\etope Lister_is1) (Version: - Freshworx GmbH & Co.KG) Evernote v. 5.8.1 (HKLM-x32\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.) Free Studio version 6.4.2.113 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.2.113 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.17.1125 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.17.1125 - DVDVideoSoft Ltd.) FTPRush 2.1.8 (HKLM-x32\...\FTP Rush_is1) (Version: 2.1.8 - wftpserver.com) FUJIFILM PC AutoSave (HKLM-x32\...\{872F1306-0DB6-45EC-832E-2F5D3A56CF99}) (Version: 1.0.0 - FUJIFILM) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP 3D DriveGuard (HKLM\...\{AB5BCC55-18E2-46C7-9405-FF61CB888F05}) (Version: 4.2.9.1 - Hewlett-Packard Company) HP CoolSense (HKLM-x32\...\{0D3A6808-82B8-4BB1-BE5A-AED75B3F6C02}) (Version: 2.20.11 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{D044EBE7-94E7-4C49-90FC-9069E3F374E1}) (Version: 1.1.0.0 - Hewlett-Packard) HP Quick Launch (HKLM-x32\...\{609B11CC-8CED-4116-AD8A-A72168894D39}) (Version: 3.0.4 - Hewlett-Packard Company) HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard) HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard) HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company) ICQ 8.1 (build 6337) (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\ICQ) (Version: 8.1.6337.0 - Mail.Ru) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation) Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) KOBIL CCID driver x64x86 (x32 Version: 1.013.02121 - KOBIL Systems) Hidden Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech) Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Mediencenter 3.9.1055.64 (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Mediencenter) (Version: 3.9.1055.64 - Deutsche Telekom AG) Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version: - Microsoft) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Mozilla Thunderbird 24.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla) Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich) Multi file port monitor (mfilemon) 1.5.1 (HKLM\...\{A932243F-381F-434C-B18E-4F09D2F015F8}_is1) (Version: 1.5.1 - Monti Lorenzo) OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation) Password Memory 4.1.2 (HKLM-x32\...\ca_keynote_is1) (Version: 4.1.2 - Code:Aero Technologies) PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) plentymarkets 216 (HKLM-x32\...\5841-3682-4824-5789) (Version: 216 - plentymarkets GmbH) Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.) Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - ) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Spotify) (Version: 1.0.5.186.ga9c24d6a - Spotify AB) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.) StarMoney (x32 Version: 4.0.7.94 - StarFinanz) Hidden StarMoney (x32 Version: 5.0.0.226 - StarFinanz) Hidden StarMoney 10 (HKLM-x32\...\{F061A207-B07B-4E1D-8655-286BBBB3E2CC}) (Version: 10 - Star Finanz GmbH) StarMoney 9.0 (HKLM-x32\...\{E50EB864-0852-4249-A1B9-96CED146E52B}) (Version: 9.0 - Star Finanz GmbH) StarMoney Business 6.0 (HKLM-x32\...\{8BE45DD0-1BB0-4E3D-9940-9D92C5B52BAB}) (Version: 6.0 - Star Finanz GmbH) Start Menu X Version 5.02 (HKLM\...\{3E494002-985C-4908-B72C-5B4DD15BE090}_is1) (Version: 5.02 - OrdinarySoft) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.42849 - TeamViewer) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) Winamp (HKLM-x32\...\Winamp) (Version: 5.65 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) WISO Hausverwalter 2015 (HKLM-x32\...\{E821384E-D24C-4316-9D86-872F95ED92F0}) (Version: 9.00.8468 - Buhl Data Service GmbH) ZoneAlarm Antivirus (x32 Version: 12.0.121.000 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Firewall (x32 Version: 12.0.121.000 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 12.0.121.000 - Check Point) ZoneAlarm Security (x32 Version: 12.0.121.000 - Check Point Software Technologies Ltd.) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{268502F4-815D-4358-A8D6-B783FDB58EF0}\InprocServer32 -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.ContextMenuHandler.dll (Deutsche Telekom AG) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}\InprocServer32 -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}\InprocServer32 -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}\InprocServer32 -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Restore Points ========================= 18-05-2015 22:14:20 Installiert StarMoney ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {09A9D1BB-CC0A-45D0-B9A9-691712E9122D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {11512367-DAEA-4113-9F27-98A7BFA4A5AC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-05-16] (Safer-Networking Ltd.) Task: {17DEAEAD-5874-411D-B661-12F9FB3044D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard) Task: {2A196FE1-2322-4811-882B-905EAF8FB978} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-05-16] (Safer-Networking Ltd.) Task: {42FBFC55-ACCC-4121-AD29-71B8636EFE2A} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-08-19] (Hewlett-Packard Development Company, L.P.) Task: {8157EF01-0930-4747-A3E2-054BB4278C09} - \Optimize Start Menu Cache Files-S-1-5-21-2262038565-221129539-630273557-500 No Task File <==== ATTENTION Task: {898CD2B7-EF24-4ED8-A572-329FCF4AE92D} - System32\Tasks\{F6BBF5FB-2A3D-4BA1-853E-6C46DE6EFC5B} => pcalua.exe -a "C:\Program Files (x86)\MultiProxy\uninstall.exe" -d "C:\Program Files (x86)\MultiProxy" Task: {8DA74E5E-BF32-42FC-850C-5C8DFDD5E7CC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2013-05-16] (Safer-Networking Ltd.) Task: {9EE09341-E1F1-4B2D-A58E-9808BE8A8726} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink) Task: {9FACF286-E864-427A-A9F4-07E29BE178FA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {AB713B58-8184-413F-8BBF-7FFDFC895289} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard) Task: {AF9E4EA1-40E4-4098-9E62-E3C2BA309555} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-29] (Google Inc.) Task: {B65CC303-6A43-4666-AE7A-F6DD23051E52} - System32\Tasks\HPCeeScheduleFors => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard) Task: {B97EBAE3-14F0-462D-9768-EBB19F72BB80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-29] (Google Inc.) Task: {C56BD8AB-BF86-4FE9-9BBC-0DDE1420BDBA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {E8BFD69A-2607-4D93-8015-C28198CBF9F6} - System32\Tasks\Allway Sync_{4E6949520858136489535401CF6DD6A8} => C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe [2015-04-21] () Task: {F1624858-F5D9-439E-832B-0496983BEC90} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-07-20] (Intel) Task: C:\WINDOWS\Tasks\Allway Sync_{4E6949520858136489535401CF6DD6A8}.job => C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleFors.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Loaded Modules (Whitelisted) ============== 2015-05-26 19:54 - 2015-05-20 19:15 - 00020240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll 2014-04-30 18:22 - 2015-04-13 15:55 - 00182784 _____ () C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe 2013-10-04 00:42 - 2013-10-04 00:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-04-30 18:22 - 2015-04-21 00:37 - 00094920 _____ () C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf 2014-12-03 11:06 - 2014-12-03 11:06 - 03445656 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\PDFMaker\Common\X64\AdobePDFMakerX.dll 2014-12-03 20:07 - 2014-12-03 20:07 - 01446400 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\PDFMaker\AdobePDFMakerX.DEU 2010-12-21 04:30 - 2010-12-21 04:30 - 01549664 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll 2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-02-28 19:14 - 2013-02-28 19:14 - 00118784 _____ () C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\libFFIR.dll 2013-02-28 19:14 - 2013-02-28 19:14 - 00188416 _____ () C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\FFWB.dll 2013-02-28 19:14 - 2013-02-28 19:14 - 00135168 _____ () C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\libFTLPTPIP.dll 2013-08-26 15:02 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2013-08-26 15:02 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2013-08-26 15:02 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2013-08-26 15:02 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2013-08-26 15:02 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2015-05-18 22:35 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 10\ouservice\PATCHW32.dll 2015-02-27 21:27 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0\ouservice\PATCHW32.dll 2015-04-14 21:34 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney Business 6.0\ouservice\PATCHW32.dll 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2014-04-30 18:22 - 2015-04-13 15:55 - 08573952 _____ () C:\Program Files (x86)\Allway Sync\Bin\syncapp.dll 2015-05-27 19:31 - 2015-05-27 19:31 - 00043008 _____ () c:\users\s\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg4nh9r.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\s\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\s\AppData\Roaming\Dropbox\bin\libEGL.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\s\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\s\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2015-05-25 23:02 - 2015-05-22 22:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll 2015-05-25 23:02 - 2015-05-22 22:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll 2014-12-03 20:07 - 2014-12-03 20:07 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu 2012-10-23 21:18 - 2013-06-13 23:27 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:0966080E AlternateDataStreams: C:\Users\s\SkyDrive:ms-properties ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2262038565-221129539-630273557-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\s\Pictures\photo-1415226620463-aedee27159c5.jpg DNS Servers: 192.168.178.1 ==================== MSCONFIG/TASK MANAGER Error getting == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "Twonky Server.lnk" HKLM\...\StartupApproved\StartupFolder: => "CDN Yabe Office.lnk" HKLM\...\StartupApproved\StartupFolder: => "E-POST MAILER.lnk" HKLM\...\StartupApproved\StartupFolder: => "FUJIFILM PC AutoSave auf Standby.lnk" HKLM\...\StartupApproved\Run: => "BCSSync" HKLM\...\StartupApproved\Run32: => "ZoneAlarm Installer" HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "PDFPrint" HKLM\...\StartupApproved\Run32: => "SDTray" HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher" HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager" HKLM\...\StartupApproved\Run32: => "DVCServ" HKLM\...\StartupApproved\Run32: => "DATEVSetup" HKLM\...\StartupApproved\Run32: => "SwitchBoard" HKLM\...\StartupApproved\Run32: => "DivXUpdate" HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\StartupApproved\Run: => "icq" HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_25B1D1BADDAEDB1571E4D008134EB6A3" HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\StartupApproved\Run: => "EntscheiderClub Premium" HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\StartupApproved\Run: => "Spotify Web Helper" HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\StartupApproved\Run: => "9c5bf01b358884ef955dbaaa237340c7" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{E7394822-19FD-4263-8A5B-C56FC9586959}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [{9C1AA961-87D8-43C9-A409-B9075BA40BA0}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{62632452-45E0-4A04-90C7-731B2D587CB4}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{1FF59A7C-422C-4678-BFF6-DABFC2D8F96A}] => (Allow) C:\Users\s\AppData\Roaming\ICQM\icq.exe FirewallRules: [{D72A5104-3D6C-4A90-BD72-44C21639BD2C}] => (Allow) C:\Users\s\AppData\Roaming\ICQM\icq.exe FirewallRules: [{AD05BABA-6646-4C3A-986E-CC7BA770AD38}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exe FirewallRules: [{890D8DA8-AAD1-49CB-BCB0-2A21237F60D5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{B0CAB26B-7B5F-480E-8CA9-2285194FE692}] => (Allow) LPort=1900 FirewallRules: [{FCF99A43-9699-4020-8128-D1F18CF0D614}] => (Allow) LPort=2869 FirewallRules: [{5BEF5397-0FC8-49E3-9FC1-51B5F68A7DD0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [TCP Query User{23C78A46-DA51-4410-8FD7-B92D9CD0182F}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{20CADABF-5640-4640-AAD0-0FCB7C768A6D}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [{7919D2CD-2FBE-4047-AB76-C729ABC33759}] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [{E0CB3568-2010-42AF-9F86-0EFFCE56D4C9}] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [TCP Query User{F98A1208-C992-4820-BB99-EB19AA0AE8E1}C:\program files (x86)\ftprush\ftprush.exe] => (Allow) C:\program files (x86)\ftprush\ftprush.exe FirewallRules: [UDP Query User{797FCA2A-1C08-4917-849B-FDF7B93C63D8}C:\program files (x86)\ftprush\ftprush.exe] => (Allow) C:\program files (x86)\ftprush\ftprush.exe FirewallRules: [{A17DF673-784F-4FD7-9723-305EBE15D116}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe FirewallRules: [{C91441AD-8F11-47A0-BB59-AA7B1F65A330}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe FirewallRules: [{FFF639CC-4A34-4347-A8A8-41CD3587376F}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe FirewallRules: [{2E78FCC5-454A-40AE-AA7D-D8E42CE68DEE}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe FirewallRules: [{2CF1C950-CD39-4021-8BF7-579969943023}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{D824EF1C-3643-48B6-8124-CD6BACB04531}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{29B09A44-3E1B-4004-A26E-3B60B19074D5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [{862EEF92-8F16-4AA7-BE44-65ECECA6E968}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [TCP Query User{8E58FFEC-E106-4FC8-8ABB-CFD051248184}C:\program files (x86)\ftprush\ftprush.exe] => (Block) C:\program files (x86)\ftprush\ftprush.exe FirewallRules: [UDP Query User{4384D3B5-3319-4104-9995-38A628A32252}C:\program files (x86)\ftprush\ftprush.exe] => (Block) C:\program files (x86)\ftprush\ftprush.exe FirewallRules: [TCP Query User{B78A5B98-5FF3-459F-A408-9EF6FAE44ADB}C:\users\s\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\s\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{55ECA24A-5568-4287-BC3B-0AC17527631C}C:\users\s\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\s\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{AB5DD043-E289-4BD5-96D1-C6C36E485418}C:\users\s\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\s\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{F6A8BB49-2AF7-467A-94E4-C590CE0C0CE2}C:\users\s\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\s\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{56BC7622-B916-435E-A99E-B3F97DC2B7B2}C:\program files\plentymarkets\plentymarkets.exe] => (Allow) C:\program files\plentymarkets\plentymarkets.exe FirewallRules: [UDP Query User{AE302455-86AB-4369-BC73-705BE5491036}C:\program files\plentymarkets\plentymarkets.exe] => (Allow) C:\program files\plentymarkets\plentymarkets.exe FirewallRules: [{7FCF99BE-B64C-4253-9875-049FD6EE6AA9}] => (Allow) C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{77EE1C70-93F9-471C-AC16-B65023CD0F59}] => (Allow) C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [TCP Query User{EE98B557-949C-417A-930B-F7A073B7F3F7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{0C152529-6A25-4C14-B1B7-2CD6EF949FC2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{2948C0C7-1B75-4F31-A81B-E9A3248DEA61}C:\users\s\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\s\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{8EA478D7-4D10-4161-9219-926541B70169}C:\users\s\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\s\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{F14AC53E-5CEF-49FE-9CBB-0DF22A816B1D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{FDB4C01D-F4D9-4938-8095-2C74532A5B93}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{DC3DFE60-96C4-47C4-A493-981FF86CFA53}C:\program files\plentymarkets\plentymarkets.exe] => (Allow) C:\program files\plentymarkets\plentymarkets.exe FirewallRules: [UDP Query User{92A4DB3C-4104-4936-8AA3-F71440316A3E}C:\program files\plentymarkets\plentymarkets.exe] => (Allow) C:\program files\plentymarkets\plentymarkets.exe FirewallRules: [TCP Query User{C0129FFD-FFE5-422E-84E4-643D59C0C0F4}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{431F683D-E82A-4A6C-B687-E37281C041A0}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe FirewallRules: [{F0AD5292-DE10-4214-B6A5-447ED58AC720}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{379F69FE-3BC4-4C53-B85A-904B4114A44E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{792EDE5E-D31B-4320-9A52-CEE928322F1C}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe FirewallRules: [{6AC56DAE-8C18-4920-8EAC-1101786C3F3E}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe FirewallRules: [{33F25883-60DB-49D3-A745-F5F64C7C0560}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\app\StarMoney.exe FirewallRules: [{801CE9A9-9D86-4CD9-B237-E2CAD0A1F3D3}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\app\StarMoney.exe FirewallRules: [TCP Query User{6BB9E385-A916-4AE9-9ACB-E699B7747A9B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{037EDFE1-43DE-4272-B543-1C13CCC0D876}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{B63DAE1C-FE80-4F4B-A7AE-43644616C7AB}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PairingWizard.exe FirewallRules: [{4A7A5C9B-EED4-40B1-AD45-6960AA5648A1}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PairingWizard.exe FirewallRules: [{775848ED-0AC4-4EC6-93BA-1287B0787B13}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe FirewallRules: [{73F0DEAF-3EAC-44CD-B822-FD6026AEB483}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe FirewallRules: [{DFB9FE53-F7E1-4722-9045-7BE36A899B8A}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe FirewallRules: [{DA13A301-BC4D-4410-8E2E-C0A71DDA511E}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe FirewallRules: [{7EA59164-96B1-4AC8-B02B-9AE5D204C320}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\app\StarMoney.exe FirewallRules: [{44984E01-EA4E-4B26-A680-8F5CEC2E1BC9}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\app\StarMoney.exe FirewallRules: [{78EBD91E-BE77-48D1-9C3D-69DEAE23945B}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe FirewallRules: [{695BCC07-367E-4D56-8799-C8042E5E9CC9}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe FirewallRules: [{D39A23BF-94FA-498F-A9C6-3E18E77E3519}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe FirewallRules: [{C6706BC1-2DF5-448D-BBE8-313A44848299}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe FirewallRules: [{82742D6B-DF99-4D44-AA09-289ACDB37316}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe FirewallRules: [{6418332D-6F4D-40F3-B766-9CB43D5207FC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{46CA8FF4-F56E-48AD-9640-97598D0FC971}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{43005283-9479-4BF6-A0D6-3E66D6901BC6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{58041001-C0BD-483C-B87F-5EBD33FE09CC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{78679A20-E125-45C9-9478-F1EC5D1097E2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7 StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7 StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3 ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (05/27/2015 07:29:30 PM) (Source: SideBySide) (EventID: 79) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1". Die Einstellung "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName" ist nicht registriert. Error: (05/27/2015 11:41:45 AM) (Source: SideBySide) (EventID: 79) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1". Die Einstellung "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName" ist nicht registriert. Error: (05/27/2015 11:35:57 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 38.0.1.5611, Zeitstempel: 0x55541a90 Name des fehlerhaften Moduls: mozalloc.dll, Version: 38.0.1.5611, Zeitstempel: 0x55540a1e Ausnahmecode: 0x80000003 Fehleroffset: 0x00001aa1 ID des fehlerhaften Prozesses: 0x3658 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5 Error: (05/27/2015 11:35:39 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (05/26/2015 00:06:56 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (05/25/2015 08:43:48 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (05/25/2015 08:43:48 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (05/25/2015 08:43:48 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (05/25/2015 08:43:24 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (05/25/2015 08:43:18 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. System errors: ============= Error: (05/27/2015 07:29:59 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x0000009f (0x0000000000000003, 0xffffe001aa1eb060, 0xfffff801f5814960, 0xffffe001aaa36cf0)C:\WINDOWS\MEMORY.DMP052715-12593-01 Error: (05/27/2015 07:29:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%14001 Error: (05/27/2015 07:28:14 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT-AUTORITÄT) Description: Der Systemüberwachungszeitgeber wurde ausgelöst. Error: (05/27/2015 07:28:39 PM) (Source: APPHOSTSVC) (EventID: 9010) (User: ) Description: Fehler im Anwendungshost-Hilfsdienst beim Zugriff auf das Verlaufsstammverzeichnis "C:\inetpub\history". Das Verzeichnis ist nicht vorhanden, oder die Berechtigungen für das Verzeichnis lassen den Zugriff des Verzeichnisdiensts auf das Verzeichnis nicht zu. Das Konfigurationsverlaufsfeature wird deaktiviert und erneut aktiviert, nachdem das Problem behoben wurde. Stellen Sie zum Beheben des Problems sicher, dass das Verzeichnis vorhanden ist und dass die Gruppe "Administratoren" über Lese- und Schreibzugriff auf das Verzeichnis verfügt. Das Datenfeld enthält die Fehlernummer. Error: (05/27/2015 07:28:22 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 27.05.2015 um 17:13:50 unerwartet heruntergefahren. Error: (05/27/2015 07:28:09 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 16) (User: NT-AUTORITÄT) Description: 32212254731146016 Error: (05/27/2015 04:13:45 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252. Error: (05/27/2015 04:13:45 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252. Error: (05/27/2015 04:13:45 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252. Error: (05/27/2015 04:13:45 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252. Microsoft Office: ========================= Error: (05/27/2015 07:29:30 PM) (Source: SideBySide) (EventID: 79) (User: ) Description: hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNameC:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe Error: (05/27/2015 11:41:45 AM) (Source: SideBySide) (EventID: 79) (User: ) Description: hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNameC:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe Error: (05/27/2015 11:35:57 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe38.0.1.561155541a90mozalloc.dll38.0.1.561155540a1e8000000300001aa1365801d097b5fa1f7e0dC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllc6a58abd-0453-11e5-bf19-8434978947f8 Error: (05/27/2015 11:35:39 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\$Recycle.Bin\S-1-5-21-2262038565-221129539-630273557-1001\$RR288CK.exe Error: (05/26/2015 00:06:56 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (05/25/2015 08:43:48 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\s\Desktop\esetsmartinstaller_deu.exe Error: (05/25/2015 08:43:48 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\s\Desktop\esetsmartinstaller_deu.exe Error: (05/25/2015 08:43:48 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\s\Desktop\esetsmartinstaller_deu.exe Error: (05/25/2015 08:43:24 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\s\Desktop\esetsmartinstaller_deu.exe Error: (05/25/2015 08:43:18 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\s\Desktop\esetsmartinstaller_deu.exe CodeIntegrity Errors: =================================== Date: 2013-11-30 15:06:55.497 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-30 14:42:41.927 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-30 14:39:40.327 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-30 13:40:28.974 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-30 13:39:09.041 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-30 13:10:21.879 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll that did not meet the Microsoft signing level requirements. Date: 2013-11-30 13:10:21.754 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll that did not meet the Microsoft signing level requirements. Date: 2013-11-30 13:10:18.442 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll that did not meet the Microsoft signing level requirements. Date: 2013-11-30 13:10:09.332 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll that did not meet the Microsoft signing level requirements. Date: 2013-11-30 13:10:09.035 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz Percentage of memory in use: 63% Total physical RAM: 6036.28 MB Available physical RAM: 2228.08 MB Total Pagefile: 12180.28 MB Available Pagefile: 7717.94 MB Total Virtual: 131072 MB Available Virtual: 131071.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:448.38 GB) (Free:80.05 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:16.27 GB) (Free:2.05 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive i: () (Removable) (Total:29.47 GB) (Free:29.47 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 466E2C46) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 6 GB) (Disk ID: C73F6553) Partition: GPT Partition Type. ======================================================== Disk: 2 (Size: 29.5 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End of log ============================ |
28.05.2015, 12:24 | #12 |
/// the machine /// TB-Ausbilder | 500 Mails täglich von Outlook nach DHL Trojaner Passwort nochmal ändern vom Mail Account.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
29.05.2015, 12:54 | #13 |
| 500 Mails täglich von Outlook nach DHL Trojaner Habe am Donnerstag das Passwort geändert und seit dem zwar noch einige Mails erhalten (die nicht zugestellt werden konnten usw.) Heute, am Freitag kam noch eine Mail bei mir rein. Seither ist ruhe...ich hoffe es bleibt so Vielen vielen Dank Schrauber Sollte sich das Problem noch einmal bemerkbar machen melde ich mich. Gruß |
30.05.2015, 08:59 | #14 |
/// the machine /// TB-Ausbilder | 500 Mails täglich von Outlook nach DHL Trojaner ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
01.06.2015, 11:34 | #15 |
| 500 Mails täglich von Outlook nach DHL Trojaner Das Problem scheint gelöst zu sein Bis heute kamen keine weiteren Mails mehr rein Nochmals vielen vielen Dank für deine Hilfe. Gruß |
Themen zu 500 Mails täglich von Outlook nach DHL Trojaner |
adobe, antivir, avira, browser, defender, downloader, entfernen, failed, firefox, ftp, google, homepage, hotspot, installation, kaspersky, launch, mozilla, mp3, pdf anhang, realtek, registry, scan, services.exe, software, starmoney, super, svchost.exe, system, trojaner, windows, windowsapps |