Sash1502 | 25.05.2015 11:24 | Hallo Schrauber,
vielen Dank für deine Hilfe.
Nachfolgend die gewünschten Log Dateien
Malwarebytes Anti-Malware Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 24.05.2015
Suchlauf-Zeit: 12:35:36
Logdatei: mwam.txt
Administrator: Ja
Version: 0.00.0.0000
Malware Datenbank: v2015.05.24.01
Rootkit Datenbank: v2015.05.16.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: s
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 460741
Verstrichene Zeit: 17 Std, 50 Min, 56 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente gefunden)
Module: 0
(Keine schädliche Elemente gefunden)
Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)
Registrierungswerte: 0
(Keine schädliche Elemente gefunden)
Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)
Ordner: 0
(Keine schädliche Elemente gefunden)
Dateien: 0
(Keine schädliche Elemente gefunden)
Physische Sektoren: 0
(Keine schädliche Elemente gefunden)
(end)
AdwCleaner Code:
# AdwCleaner v4.205 - Bericht erstellt 25/05/2015 um 11:46:25
# Aktualisiert 21/05/2015 von Xplode
# Datenbank : 2015-05-24.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : s - SR_HP_ULTRABOOK
# Gestarted von : C:\Users\s\Desktop\AdwCleaner_4.205.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\s\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\s\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Ordner Gelöscht : C:\Users\s\AppData\Roaming\dvdvideosoftiehelpers
Datei Gelöscht : C:\Users\s\AppData\Roaming\LiveSupport.exe_log.txt
Datei Gelöscht : C:\Users\s\AppData\Roaming\regsvr32.exe_log.txt
Datei Gelöscht : C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_primeshare.tv_0.localstorage
Datei Gelöscht : C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_primeshare.tv_0.localstorage-journal
***** [ Geplante Tasks ] *****
Task Gelöscht : DSite
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\OCS
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v38.0.1 (x86 de)
-\\ Google Chrome v43.0.2357.65
*************************
AdwCleaner[R0].txt - [6114 Bytes] - [26/08/2013 15:44:01]
AdwCleaner[R1].txt - [1058 Bytes] - [26/08/2013 15:47:19]
AdwCleaner[R2].txt - [1119 Bytes] - [26/08/2013 15:48:12]
AdwCleaner[R3].txt - [1239 Bytes] - [26/08/2013 15:50:32]
AdwCleaner[R4].txt - [18632 Bytes] - [26/11/2013 22:34:44]
AdwCleaner[R5].txt - [1513 Bytes] - [27/11/2013 14:42:49]
AdwCleaner[R6].txt - [4354 Bytes] - [24/05/2015 12:09:35]
AdwCleaner[R7].txt - [3860 Bytes] - [25/05/2015 11:42:10]
AdwCleaner[S0].txt - [4511 Bytes] - [26/08/2013 15:45:15]
AdwCleaner[S1].txt - [1189 Bytes] - [26/08/2013 15:49:04]
AdwCleaner[S2].txt - [1309 Bytes] - [26/08/2013 15:51:07]
AdwCleaner[S3].txt - [18190 Bytes] - [26/11/2013 23:05:17]
AdwCleaner[S4].txt - [3722 Bytes] - [25/05/2015 11:46:25]
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [3781 Bytes] ##########
Junkware Removal Tool Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.9 (05.24.2015:1)
OS: Windows 8.1 x64
Ran by s on 25.05.2015 at 11:51:17,35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2262038565-221129539-630273557-1001
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2262038565-221129539-630273557-500
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2567798722-2426003216-117595747-500
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-4175652003-2738746085-1523831210-500
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_25B1D1BADDAEDB1571E4D008134EB6A3
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\s\appdata\local\{26D783D1-CA72-40B1-9141-AE4B71B7488B}
Successfully deleted: [Empty Folder] C:\Users\s\appdata\local\{766AA640-9A5E-4402-AAF4-86E11DD98D3F}
Successfully deleted: [Empty Folder] C:\Users\s\appdata\local\{9BFB4E64-E654-4773-9281-3EC69D20F8AA}
Successfully deleted: [Empty Folder] C:\Users\s\appdata\local\{A6310268-8B72-4B2D-A45A-ED7B50724B51}
~~~ FireFox
Emptied folder: C:\Users\s\AppData\Roaming\mozilla\firefox\profiles\ql894xzp.default\minidumps [18 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.05.2015 at 12:00:17,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01
Ran by s (administrator) on SR_HP_ULTRABOOK on 25-05-2015 12:10:00
Running from C:\Users\s\Desktop
Loaded Profiles: s (Available Profiles: s & Gast)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(FUJIFILM Corporation.) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(hxxp://www.wftpserver.com) C:\Program Files (x86)\FTPRush\ftprush.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-09] (IDT, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-06-13] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-31] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [74160 2014-01-29] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [DATEVSetup] => C:\Users\s\AppData\Local\Temp\OYa04020\TLP\DATEVsetup.exe <===== ATTENTION
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [DVCServ] => C:\Program Files (x86)\DATEV-SiPa-compact\DVCSERV
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SMB60StarMoneyRunEntry] => C:\Program Files (x86)\StarMoney Business 6.0\app\oflagent.exe [51856 2015-05-20] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [icq] => C:\Users\s\AppData\Roaming\ICQM\icq.exe [28698984 2013-08-31] (ICQ)
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [StartMenuX] => C:\Program Files\Start Menu X\StartMenuX.exe [7673664 2013-11-20] (OrdinarySoft)
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [Allway Sync] => C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe [94920 2015-04-21] ()
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [Spotify Web Helper] => C:\Users\s\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-14] (Spotify Ltd)
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [EntscheiderClub Premium] => C:\Users\s\AppData\Local\EntscheiderClub Premium\EntscheiderClub Premium.exe [1121264 2015-01-29] (Wakoopa)
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Run: [9c5bf01b358884ef955dbaaa237340c7] => "C:\Users\s\AppData\Local\9c5bf01b358884ef955dbaaa237340c7.exe"
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\MountPoints2: {edae7ff0-618c-11e3-beb2-8434978947f8} - "E:\AutoRun.exe"
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\E-POST MAILER.lnk [2015-03-03]
ShortcutTarget: E-POST MAILER.lnk -> C:\Program Files (x86)\Deutsche Post AG\E-POST MAILER\EpostMailer.exe (Deutsche Post AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FUJIFILM PC AutoSave auf Standby.lnk [2015-04-05]
ShortcutTarget: FUJIFILM PC AutoSave auf Standby.lnk -> C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\Manager.exe (FUJIFILM Corporation.)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-09-30]
ShortcutTarget: Dropbox.lnk -> C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk [2015-01-20]
ShortcutTarget: Mediencenter.lnk -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [01Mediencenter_InSync] -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2014-06-12] (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [02Mediencenter_ToSync] -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2014-06-12] (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: [03Mediencenter_Failed] -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll [2014-06-12] (Deutsche Telekom AG)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKU\S-1-5-21-2262038565-221129539-630273557-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.goodsyouneed.de/
SearchScopes: HKLM -> {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2262038565-221129539-630273557-1001 -> {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2262038565-221129539-630273557-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: SCardBHOEvent Class -> {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} -> C:\Program Files (x86)\DATEV-SiPa-compact\DVCCSASCardBHO64002.dll [2014-05-12] (DATEV eG)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: EntscheiderClub Premium -> {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} -> C:\Users\s\AppData\Local\Wakoopa Shared\WakoopaBHO-x64.dll [2015-01-29] (Wakoopa)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-19] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-12-17] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: SCardBHOEvent Class -> {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} -> C:\Program Files (x86)\DATEV-SiPa-compact\DVCCSASCardBHO002.dll [2014-05-12] (DATEV eG)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-19] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: EntscheiderClub Premium -> {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} -> C:\Users\s\AppData\Local\Wakoopa Shared\WakoopaBHO.dll [2015-01-29] (Wakoopa)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2262038565-221129539-630273557-1001 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default
FF Homepage: hxxp://t3n.de/|hxxp://www.logistik-watchblog.de/
FF NetworkProxy: "MM3ProxySwitch.type", 1
FF NetworkProxy: "ftp", "127.0.0.1"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-18] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-18] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-06-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-06-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-19] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-07-24] (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\abs@avira.com [2015-04-27]
FF Extension: YouTube Unblocker - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\youtubeunblocker@unblocker.yt [2014-11-05]
FF Extension: Hide My Ass Proxy Extension - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\extension@hidemyass.com.xpi [2013-06-29]
FF Extension: Soundcloud SUPER +2: Downloader and Recommender - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi [2013-08-23]
FF Extension: SoundCloud Downloader - Technowise - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2013-08-23]
FF Extension: Adblock Plus - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-19]
FF Extension: {f5110906-1b93-4640-a7fe-12251b0b7b10} - C:\Users\s\AppData\Roaming\Mozilla\Firefox\Profiles\ql894xzp.default\Extensions\{f5110906-1b93-4640-a7fe-12251b0b7b10}.xpi [2014-12-08]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com [2013-09-01]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-09-02]
Chrome:
=======
CHR Profile: C:\Users\s\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-29]
CHR Extension: (Google Drive) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-29]
CHR Extension: (EntscheiderClub Premium) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbojioefbafdanbjbdhhmoblcbikeia [2015-03-29]
CHR Extension: (YouTube) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-29]
CHR Extension: (Google Cast) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-05-30]
CHR Extension: (Adblock Plus) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-30]
CHR Extension: (Google Search) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-29]
CHR Extension: (Bookmark Manager) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-23]
CHR Extension: (Google Wallet) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-29]
CHR Extension: (Gmail) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-29]
CHR Profile: C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06]
CHR Extension: (Google Docs) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google Drive) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-06]
CHR Extension: (YouTube) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-06]
CHR Extension: (Google Search) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-06]
CHR Extension: (Google Sheets) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06]
CHR Extension: (Skype Click to Call) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-06]
CHR Extension: (DVDVideoSoft) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2015-02-06]
CHR Extension: (Google Wallet) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-06]
CHR Extension: (Gmail) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-06]
CHR Profile: C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06]
CHR Extension: (Google Docs) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google Drive) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-06]
CHR Extension: (YouTube) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-06]
CHR Extension: (Google Search) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-06]
CHR Extension: (Google Sheets) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06]
CHR Extension: (Avira Browser Safety) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-06]
CHR Extension: (Skype Click to Call) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-06]
CHR Extension: (DVDVideoSoft) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2015-02-06]
CHR Extension: (Google Wallet) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-06]
CHR Extension: (Gmail) - C:\Users\s\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-06]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [109568 2013-09-30] (Microsoft Corporation) []
S2 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182784 2015-04-13] () []
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 FFPCAutoSave; C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe [94208 2013-02-28] (FUJIFILM Corporation.) []
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) []
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) []
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) []
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-06-13] (Intel Corporation)
S2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-06-13] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S2 StarMoney 10 OnlineUpdate; C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe [688272 2015-04-15] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S2 StarMoney Business 6.0 OnlineUpdate; C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) []
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5491984 2015-05-13] (TeamViewer GmbH)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2014-01-29] (Check Point Software Technologies LTD)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-12] (Avira Operations GmbH & Co. KG)
S1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [46792 2013-09-17] (AnchorFree Inc.)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-21] (Intel Corporation)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-07-17] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2013-02-21] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-10-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [489056 2013-10-08] (Kaspersky Lab ZAO)
R3 KOBCCID; C:\Windows\system32\drivers\KOBCCID.sys [116864 2014-03-18] (KOBIL Systems GmbH)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-13] (Synaptics Incorporated)
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-08-13] (Anchorfree Inc.)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [454168 2013-10-23] (Check Point Software Technologies LTD)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
U0 dmboot; No ImagePath
S3 ewusbnet; \SystemRoot\system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-25 12:10 - 2015-05-25 12:11 - 00036503 _____ () C:\Users\s\Desktop\FRST.txt
2015-05-25 12:09 - 2015-05-25 12:09 - 00000000 ____D () C:\Users\s\Desktop\FRST-OlderVersion
2015-05-25 12:00 - 2015-05-25 12:00 - 00001820 _____ () C:\Users\s\Desktop\JRT.txt
2015-05-25 11:53 - 2015-05-25 11:53 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2262038565-221129539-630273557-1001
2015-05-25 11:51 - 2015-05-25 11:51 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-SR_HP_ULTRABOOK-Windows-8.1-(64-bit).dat
2015-05-25 11:51 - 2015-05-25 11:51 - 00000000 ____D () C:\RegBackup
2015-05-25 11:50 - 2015-05-24 19:35 - 02945770 _____ (Thisisu) C:\Users\s\Desktop\JRT_NEW.exe
2015-05-24 12:38 - 2015-05-24 12:38 - 00001200 _____ () C:\Users\s\Desktop\mwam.txt
2015-05-24 12:37 - 2015-05-24 12:37 - 00000054 _____ () C:\Users\s\Desktop\boxen.txt
2015-05-23 17:57 - 2015-05-25 11:48 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 17:56 - 2015-05-23 17:56 - 02222592 _____ () C:\Users\s\Desktop\AdwCleaner_4.205.exe
2015-05-23 17:55 - 2015-05-23 17:55 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-23 17:55 - 2015-05-23 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-23 17:55 - 2015-05-23 17:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-23 17:55 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-05-23 17:55 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-23 17:55 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-23 17:50 - 2015-05-23 17:51 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\s\Desktop\mbam-setup-2.1.6.1022.exe
2015-05-20 22:18 - 2015-05-25 12:10 - 00000000 ____D () C:\FRST
2015-05-20 22:17 - 2015-05-25 12:09 - 02108416 _____ (Farbar) C:\Users\s\Desktop\FRST64.exe
2015-05-19 13:59 - 2015-05-19 13:59 - 00001255 _____ () C:\WINDOWS\system32\TeamViewer10_Hooks.log
2015-05-19 00:52 - 2015-05-19 00:51 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-05-19 00:51 - 2015-05-19 00:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-05-18 22:37 - 2015-05-18 22:37 - 00000000 ____D () C:\ProgramData\StarMoney 10
2015-05-18 22:37 - 2015-05-18 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 10
2015-05-18 22:30 - 2015-05-25 11:38 - 00000000 ____D () C:\Program Files (x86)\StarMoney 10
2015-05-18 09:55 - 2015-05-18 10:37 - 00000000 ____D () C:\KVRT_Data
2015-05-14 16:14 - 2015-05-14 16:14 - 00000123 _____ () C:\Users\s\Desktop\Collmex.url
2015-05-02 03:04 - 2015-05-02 03:04 - 00000000 ____D () C:\Users\s\Documents\Hausverwalter
2015-05-02 03:04 - 2015-05-02 03:04 - 00000000 ____D () C:\Users\s\AppData\Roaming\Buhl Data Service
2015-05-02 03:04 - 2015-05-02 03:04 - 00000000 ____D () C:\Users\s\AppData\Local\Buhl Data Service
2015-05-02 03:03 - 2015-05-04 12:14 - 00000647 _____ () C:\WINDOWS\wiso.ini
2015-05-02 03:03 - 2015-05-02 03:03 - 00002131 _____ () C:\Users\Public\Desktop\WISO Hausverwalter 2015.lnk
2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\Users\s\AppData\Roaming\Buhl
2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\Users\s\AppData\Local\Buhl
2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Hausverwalter 2015
2015-05-02 03:03 - 2015-05-02 03:03 - 00000000 ____D () C:\Program Files (x86)\Buhl
2015-05-02 03:02 - 2015-05-02 03:03 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2015-04-28 23:55 - 2015-04-28 23:55 - 00001733 _____ () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Copy of plentymarkets.lnk
2015-04-28 23:49 - 2015-04-28 23:49 - 07810528 _____ (plentymarkets GmbH) C:\Users\s\plentymarkets_updater_windows_216.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-25 12:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-25 11:53 - 2015-03-03 08:57 - 00000106 _____ () C:\WINDOWS\system32\mfilemon.log
2015-05-25 11:53 - 2013-06-22 18:48 - 00000000 ____D () C:\Users\s\AppData\Roaming\FTPRush
2015-05-25 11:51 - 2014-04-29 13:07 - 00001150 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-25 11:49 - 2015-01-20 02:14 - 00000000 ___RD () C:\Users\s\Mediencenter
2015-05-25 11:49 - 2014-05-27 17:55 - 00000000 ___RD () C:\Users\s\Dropbox
2015-05-25 11:49 - 2014-05-27 17:53 - 00000000 ____D () C:\Users\s\AppData\Roaming\Dropbox
2015-05-25 11:49 - 2013-11-30 16:56 - 01580319 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-25 11:48 - 2014-04-29 13:07 - 00001146 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-25 11:48 - 2013-11-30 17:11 - 00000000 ___DO () C:\Users\s\SkyDrive
2015-05-25 11:47 - 2013-09-29 21:04 - 00378580 _____ () C:\WINDOWS\PFRO.log
2015-05-25 11:47 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-25 11:47 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-25 11:47 - 2013-05-14 23:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-25 11:46 - 2013-08-26 15:43 - 00000000 ____D () C:\AdwCleaner
2015-05-25 11:46 - 2013-05-11 16:48 - 00000000 ____D () C:\Users\s\AppData\Roaming\CheckPoint
2015-05-25 11:42 - 2013-05-14 23:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-25 11:38 - 2015-04-14 21:31 - 00000000 ____D () C:\Program Files (x86)\StarMoney Business 6.0
2015-05-25 11:38 - 2015-02-27 21:25 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2015-05-24 12:42 - 2013-08-22 16:44 - 05142448 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-24 12:41 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-24 12:40 - 2013-05-14 23:57 - 00000000 ____D () C:\Users\s\Documents\Outlook-Dateien
2015-05-24 12:35 - 2014-06-10 15:20 - 00000000 ____D () C:\Users\s\AppData\Roaming\Spotify
2015-05-23 18:28 - 2015-02-11 19:16 - 00000000 ____D () C:\Users\s\AppData\Local\Windows Live
2015-05-23 18:23 - 2013-08-07 14:13 - 00000000 ____D () C:\Users\s\AppData\Roaming\vlc
2015-05-23 17:55 - 2013-11-26 22:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-23 15:17 - 2013-09-30 06:14 - 01980934 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-23 15:17 - 2013-09-30 05:56 - 00842568 _____ () C:\WINDOWS\system32\perfh007.dat
2015-05-23 15:17 - 2013-09-30 05:56 - 00191764 _____ () C:\WINDOWS\system32\perfc007.dat
2015-05-23 12:05 - 2014-06-10 15:21 - 00000000 ____D () C:\Users\s\AppData\Local\Spotify
2015-05-22 14:00 - 2014-08-28 21:12 - 00000408 _____ () C:\WINDOWS\Tasks\Allway Sync_{4E6949520858136489535401CF6DD6A8}.job
2015-05-22 01:43 - 2014-01-02 20:14 - 00003154 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleFors
2015-05-22 01:43 - 2014-01-02 20:14 - 00000348 _____ () C:\WINDOWS\Tasks\HPCeeScheduleFors.job
2015-05-20 21:58 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-19 14:00 - 2013-11-22 17:08 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-05-19 13:59 - 2015-04-21 20:19 - 00000985 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-05-19 00:52 - 2013-10-21 18:27 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-19 00:51 - 2013-10-21 18:27 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-18 22:34 - 2013-08-22 15:25 - 00017486 _____ () C:\WINDOWS\system32\Drivers\etc\services
2015-05-18 22:15 - 2012-08-24 18:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-18 22:00 - 2014-09-02 12:01 - 00000000 ____D () C:\Users\s\AppData\Local\Adobe
2015-05-18 21:46 - 2012-08-24 18:00 - 00000000 ____D () C:\ProgramData\Temp
2015-05-18 00:39 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-17 15:31 - 2013-08-22 16:46 - 00336769 _____ () C:\WINDOWS\setupact.log
2015-05-17 13:16 - 2013-05-12 21:28 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-05-17 06:45 - 2014-04-29 13:07 - 00004122 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 06:45 - 2014-04-29 13:07 - 00003886 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-05 13:15 - 2015-03-05 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-05 13:12 - 2014-07-07 17:21 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-05-05 13:12 - 2014-07-07 17:21 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-05-04 12:29 - 2014-12-17 14:50 - 00000000 ____D () C:\WINDOWS\uninstall
2015-05-04 12:29 - 2014-12-17 14:50 - 00000000 ____D () C:\Program Files (x86)\CDN YabeOffice Daten
2015-05-04 12:29 - 2014-12-17 14:50 - 00000000 ____D () C:\Program Files (x86)\CDN YabeOffice
2015-05-04 12:18 - 2014-04-30 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Allway Sync
2015-05-04 12:18 - 2014-04-30 18:22 - 00000000 ____D () C:\Program Files (x86)\Allway Sync
2015-04-28 23:55 - 2014-09-21 17:41 - 00001784 _____ () C:\Users\s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\plentymarkets.lnk
2015-04-28 23:55 - 2014-03-03 14:32 - 00000000 ____D () C:\Program Files\plentymarkets
2015-04-28 23:49 - 2013-11-30 16:48 - 00000000 ____D () C:\Users\s
==================== Files in the root of some directories =======
2013-05-10 12:25 - 2013-06-08 12:51 - 0013930 _____ () C:\Users\s\AppData\Roaming\AbsoluteReminder.xml
2014-03-18 16:19 - 2014-03-18 16:20 - 0000834 _____ () C:\Users\s\AppData\Local\belegtransfer_setup.log
2014-09-02 20:25 - 2014-09-02 20:25 - 0002273 _____ () C:\Users\s\AppData\Local\recently-used.xbel
2014-03-18 12:27 - 2015-01-14 11:46 - 0718262 _____ () C:\Users\s\AppData\Local\tempvcredist_x64.log
2014-02-09 18:25 - 2014-02-09 18:25 - 0000011 _____ () C:\ProgramData\.tv7
Files to move or delete:
====================
C:\Users\s\plentymarkets_updater_windows_207.exe
C:\Users\s\plentymarkets_updater_windows_208.exe
C:\Users\s\plentymarkets_updater_windows_209.exe
C:\Users\s\plentymarkets_updater_windows_210.exe
C:\Users\s\plentymarkets_updater_windows_213.exe
C:\Users\s\plentymarkets_updater_windows_214.exe
C:\Users\s\plentymarkets_updater_windows_215.exe
C:\Users\s\plentymarkets_updater_windows_216.exe
C:\Users\s\plentymarkets_windows_212.exe
Some files in TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\avgnt.exe
C:\Users\s\AppData\Local\Temp\avgnt.exe
C:\Users\s\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvybihd.dll
C:\Users\s\AppData\Local\Temp\FreeStudio.exe
C:\Users\s\AppData\Local\Temp\i4jdel0.exe
C:\Users\s\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\s\AppData\Local\Temp\proxy_vole5753558156256649135.dll
C:\Users\s\AppData\Local\Temp\Quarantine.exe
C:\Users\s\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-24 12:53
==================== End of log ============================ Addition Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
Ran by s at 2015-05-25 12:12:39
Running from C:\Users\s\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2262038565-221129539-630273557-500 - Administrator - Disabled)
fbwuser (S-1-5-21-2262038565-221129539-630273557-1005 - Limited - Disabled)
Gast (S-1-5-21-2262038565-221129539-630273557-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-2262038565-221129539-630273557-1003 - Limited - Enabled)
s (S-1-5-21-2262038565-221129539-630273557-1001 - Administrator - Enabled) => C:\Users\s
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: ZoneAlarm Antivirus (Enabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.13 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Allway Sync version 15.1.9 (HKLM-x32\...\Allway Sync_is1) (Version: - Botkind Inc)
Ant Renamer (HKLM-x32\...\Ant Renamer 2_is1) (Version: 2.10.0 - Ant Software)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DATEV Belegtransfer V.3.22 (HKLM-x32\...\{EC561A24-754E-44F1-B76F-2FDA3DF9E912}) (Version: 2.03 - DATEV eG)
DATEV Installation V.2.74 (HKLM-x32\...\DATEVB00000482.0) (Version: - )
DATEV Sicherheitspaket - compact (HKLM-x32\...\{13D2D749-7F84-4A63-A09E-3DFDBA4E03EF}) (Version: 2.40.0001 - DATEV eG)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Dropbox (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
DVS Video Downloader Addon for Mozilla Firefox version 4.3.4.15 (HKLM-x32\...\DVS Video Downloader Addon for Mozilla Firefox_is1) (Version: 4.3.4.15 - DVDVideoSoft Ltd.)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
EntscheiderClub Premium (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\EntscheiderClub Premium) (Version: - Wakoopa B.V.)
E-POST MAILER (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\{6e991dbc-fbeb-434e-b0c0-20f336054450}) (Version: 2.0.1.1972 - Deutsche Post AG)
E-POST MAILER (x32 Version: 2.0.1.1925 - Deutsche Post AG) Hidden
E-POST MAILER Drucker (Version: 2.0.1.1925 - Deutsche Post AG) Hidden
E-POST MAILER Start (x32 Version: 1.0.0.0 - Deutsche Post AG) Hidden
etope Lister 2 (HKLM-x32\...\etope Lister_is1) (Version: - Freshworx GmbH & Co.KG)
Evernote v. 5.8.1 (HKLM-x32\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.)
Free Studio version 6.4.2.113 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.2.113 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.17.1125 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.17.1125 - DVDVideoSoft Ltd.)
FTPRush 2.1.8 (HKLM-x32\...\FTP Rush_is1) (Version: 2.1.8 - wftpserver.com)
FUJIFILM PC AutoSave (HKLM-x32\...\{872F1306-0DB6-45EC-832E-2F5D3A56CF99}) (Version: 1.0.0 - FUJIFILM)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{AB5BCC55-18E2-46C7-9405-FF61CB888F05}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{0D3A6808-82B8-4BB1-BE5A-AED75B3F6C02}) (Version: 2.20.11 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{D044EBE7-94E7-4C49-90FC-9069E3F374E1}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Quick Launch (HKLM-x32\...\{609B11CC-8CED-4116-AD8A-A72168894D39}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
ICQ 8.1 (build 6337) (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\ICQ) (Version: 8.1.6337.0 - Mail.Ru)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KOBIL CCID driver x64x86 (x32 Version: 1.013.02121 - KOBIL Systems) Hidden
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mediencenter 3.9.1055.64 (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Mediencenter) (Version: 3.9.1055.64 - Deutsche Telekom AG)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version: - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
Multi file port monitor (mfilemon) 1.5.1 (HKLM\...\{A932243F-381F-434C-B18E-4F09D2F015F8}_is1) (Version: 1.5.1 - Monti Lorenzo)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Password Memory 4.1.2 (HKLM-x32\...\ca_keynote_is1) (Version: 4.1.2 - Code:Aero Technologies)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
plentymarkets 216 (HKLM-x32\...\5841-3682-4824-5789) (Version: 216 - plentymarkets GmbH)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Spotify) (Version: 1.0.5.178.g885b099b - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
StarMoney (x32 Version: 4.0.7.94 - StarFinanz) Hidden
StarMoney (x32 Version: 5.0.0.226 - StarFinanz) Hidden
StarMoney 10 (HKLM-x32\...\{F061A207-B07B-4E1D-8655-286BBBB3E2CC}) (Version: 10 - Star Finanz GmbH)
StarMoney 9.0 (HKLM-x32\...\{E50EB864-0852-4249-A1B9-96CED146E52B}) (Version: 9.0 - Star Finanz GmbH)
StarMoney Business 6.0 (HKLM-x32\...\{8BE45DD0-1BB0-4E3D-9940-9D92C5B52BAB}) (Version: 6.0 - Star Finanz GmbH)
Start Menu X Version 5.02 (HKLM\...\{3E494002-985C-4908-B72C-5B4DD15BE090}_is1) (Version: 5.02 - OrdinarySoft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.42650 - TeamViewer)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.65 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WISO Hausverwalter 2015 (HKLM-x32\...\{E821384E-D24C-4316-9D86-872F95ED92F0}) (Version: 9.00.8468 - Buhl Data Service GmbH)
ZoneAlarm Antivirus (x32 Version: 12.0.121.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 12.0.121.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 12.0.121.000 - Check Point)
ZoneAlarm Security (x32 Version: 12.0.121.000 - Check Point Software Technologies Ltd.) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{268502F4-815D-4358-A8D6-B783FDB58EF0}\InprocServer32 -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.ContextMenuHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}\InprocServer32 -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}\InprocServer32 -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}\InprocServer32 -> C:\Users\s\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2262038565-221129539-630273557-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\s\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
18-05-2015 22:14:20 Installiert StarMoney
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {09A9D1BB-CC0A-45D0-B9A9-691712E9122D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {11512367-DAEA-4113-9F27-98A7BFA4A5AC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {17DEAEAD-5874-411D-B661-12F9FB3044D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {2A196FE1-2322-4811-882B-905EAF8FB978} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {42FBFC55-ACCC-4121-AD29-71B8636EFE2A} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-08-19] (Hewlett-Packard Development Company, L.P.)
Task: {8157EF01-0930-4747-A3E2-054BB4278C09} - \Optimize Start Menu Cache Files-S-1-5-21-2262038565-221129539-630273557-500 No Task File <==== ATTENTION
Task: {898CD2B7-EF24-4ED8-A572-329FCF4AE92D} - System32\Tasks\{F6BBF5FB-2A3D-4BA1-853E-6C46DE6EFC5B} => pcalua.exe -a "C:\Program Files (x86)\MultiProxy\uninstall.exe" -d "C:\Program Files (x86)\MultiProxy"
Task: {8DA74E5E-BF32-42FC-850C-5C8DFDD5E7CC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {9EE09341-E1F1-4B2D-A58E-9808BE8A8726} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {9FACF286-E864-427A-A9F4-07E29BE178FA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {AB713B58-8184-413F-8BBF-7FFDFC895289} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {AF9E4EA1-40E4-4098-9E62-E3C2BA309555} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-29] (Google Inc.)
Task: {B65CC303-6A43-4666-AE7A-F6DD23051E52} - System32\Tasks\HPCeeScheduleFors => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {B97EBAE3-14F0-462D-9768-EBB19F72BB80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-29] (Google Inc.)
Task: {C56BD8AB-BF86-4FE9-9BBC-0DDE1420BDBA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {E8BFD69A-2607-4D93-8015-C28198CBF9F6} - System32\Tasks\Allway Sync_{4E6949520858136489535401CF6DD6A8} => C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe [2015-04-21] ()
Task: {F1624858-F5D9-439E-832B-0496983BEC90} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-07-20] (Intel)
Task: C:\WINDOWS\Tasks\Allway Sync_{4E6949520858136489535401CF6DD6A8}.job => C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleFors.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (Whitelisted) ==============
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-26 15:02 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-08-26 15:02 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-08-26 15:02 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-08-26 15:02 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-08-26 15:02 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-02-28 19:14 - 2013-02-28 19:14 - 00118784 _____ () C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\libFFIR.dll
2013-02-28 19:14 - 2013-02-28 19:14 - 00188416 _____ () C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\FFWB.dll
2013-02-28 19:14 - 2013-02-28 19:14 - 00135168 _____ () C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\libFTLPTPIP.dll
2013-08-31 10:20 - 2013-08-31 10:20 - 00308048 _____ () C:\Users\s\AppData\Roaming\ICQM\ICQ\dll\mramenu.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:0966080E
AlternateDataStreams: C:\Users\s\SkyDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2262038565-221129539-630273557-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\s\Pictures\photo-1415226620463-aedee27159c5.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER Error getting ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "Twonky Server.lnk"
HKLM\...\StartupApproved\StartupFolder: => "CDN Yabe Office.lnk"
HKLM\...\StartupApproved\StartupFolder: => "E-POST MAILER.lnk"
HKLM\...\StartupApproved\StartupFolder: => "FUJIFILM PC AutoSave auf Standby.lnk"
HKLM\...\StartupApproved\Run: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "ZoneAlarm Installer"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "DVCServ"
HKLM\...\StartupApproved\Run32: => "DATEVSetup"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\StartupApproved\Run: => "icq"
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\StartupApproved\Run: => "EntscheiderClub Premium"
HKU\S-1-5-21-2262038565-221129539-630273557-1001\...\StartupApproved\Run: => "9c5bf01b358884ef955dbaaa237340c7"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E7394822-19FD-4263-8A5B-C56FC9586959}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{9C1AA961-87D8-43C9-A409-B9075BA40BA0}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{62632452-45E0-4A04-90C7-731B2D587CB4}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{1FF59A7C-422C-4678-BFF6-DABFC2D8F96A}] => (Allow) C:\Users\s\AppData\Roaming\ICQM\icq.exe
FirewallRules: [{D72A5104-3D6C-4A90-BD72-44C21639BD2C}] => (Allow) C:\Users\s\AppData\Roaming\ICQM\icq.exe
FirewallRules: [{AD05BABA-6646-4C3A-986E-CC7BA770AD38}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exe
FirewallRules: [{890D8DA8-AAD1-49CB-BCB0-2A21237F60D5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{B0CAB26B-7B5F-480E-8CA9-2285194FE692}] => (Allow) LPort=1900
FirewallRules: [{FCF99A43-9699-4020-8128-D1F18CF0D614}] => (Allow) LPort=2869
FirewallRules: [{5BEF5397-0FC8-49E3-9FC1-51B5F68A7DD0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [TCP Query User{23C78A46-DA51-4410-8FD7-B92D9CD0182F}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{20CADABF-5640-4640-AAD0-0FCB7C768A6D}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{7919D2CD-2FBE-4047-AB76-C729ABC33759}] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{E0CB3568-2010-42AF-9F86-0EFFCE56D4C9}] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{F98A1208-C992-4820-BB99-EB19AA0AE8E1}C:\program files (x86)\ftprush\ftprush.exe] => (Allow) C:\program files (x86)\ftprush\ftprush.exe
FirewallRules: [UDP Query User{797FCA2A-1C08-4917-849B-FDF7B93C63D8}C:\program files (x86)\ftprush\ftprush.exe] => (Allow) C:\program files (x86)\ftprush\ftprush.exe
FirewallRules: [{A17DF673-784F-4FD7-9723-305EBE15D116}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
FirewallRules: [{C91441AD-8F11-47A0-BB59-AA7B1F65A330}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
FirewallRules: [{FFF639CC-4A34-4347-A8A8-41CD3587376F}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
FirewallRules: [{2E78FCC5-454A-40AE-AA7D-D8E42CE68DEE}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
FirewallRules: [{2CF1C950-CD39-4021-8BF7-579969943023}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{D824EF1C-3643-48B6-8124-CD6BACB04531}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{29B09A44-3E1B-4004-A26E-3B60B19074D5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{862EEF92-8F16-4AA7-BE44-65ECECA6E968}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [TCP Query User{8E58FFEC-E106-4FC8-8ABB-CFD051248184}C:\program files (x86)\ftprush\ftprush.exe] => (Block) C:\program files (x86)\ftprush\ftprush.exe
FirewallRules: [UDP Query User{4384D3B5-3319-4104-9995-38A628A32252}C:\program files (x86)\ftprush\ftprush.exe] => (Block) C:\program files (x86)\ftprush\ftprush.exe
FirewallRules: [TCP Query User{B78A5B98-5FF3-459F-A408-9EF6FAE44ADB}C:\users\s\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\s\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{55ECA24A-5568-4287-BC3B-0AC17527631C}C:\users\s\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\s\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{AB5DD043-E289-4BD5-96D1-C6C36E485418}C:\users\s\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\s\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{F6A8BB49-2AF7-467A-94E4-C590CE0C0CE2}C:\users\s\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\s\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{56BC7622-B916-435E-A99E-B3F97DC2B7B2}C:\program files\plentymarkets\plentymarkets.exe] => (Allow) C:\program files\plentymarkets\plentymarkets.exe
FirewallRules: [UDP Query User{AE302455-86AB-4369-BC73-705BE5491036}C:\program files\plentymarkets\plentymarkets.exe] => (Allow) C:\program files\plentymarkets\plentymarkets.exe
FirewallRules: [{7FCF99BE-B64C-4253-9875-049FD6EE6AA9}] => (Allow) C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{77EE1C70-93F9-471C-AC16-B65023CD0F59}] => (Allow) C:\Users\s\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{EE98B557-949C-417A-930B-F7A073B7F3F7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{0C152529-6A25-4C14-B1B7-2CD6EF949FC2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{2948C0C7-1B75-4F31-A81B-E9A3248DEA61}C:\users\s\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\s\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8EA478D7-4D10-4161-9219-926541B70169}C:\users\s\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\s\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{F14AC53E-5CEF-49FE-9CBB-0DF22A816B1D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{FDB4C01D-F4D9-4938-8095-2C74532A5B93}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{DC3DFE60-96C4-47C4-A493-981FF86CFA53}C:\program files\plentymarkets\plentymarkets.exe] => (Allow) C:\program files\plentymarkets\plentymarkets.exe
FirewallRules: [UDP Query User{92A4DB3C-4104-4936-8AA3-F71440316A3E}C:\program files\plentymarkets\plentymarkets.exe] => (Allow) C:\program files\plentymarkets\plentymarkets.exe
FirewallRules: [TCP Query User{C0129FFD-FFE5-422E-84E4-643D59C0C0F4}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{431F683D-E82A-4A6C-B687-E37281C041A0}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{F0AD5292-DE10-4214-B6A5-447ED58AC720}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{379F69FE-3BC4-4C53-B85A-904B4114A44E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{792EDE5E-D31B-4320-9A52-CEE928322F1C}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{6AC56DAE-8C18-4920-8EAC-1101786C3F3E}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{33F25883-60DB-49D3-A745-F5F64C7C0560}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\app\StarMoney.exe
FirewallRules: [{801CE9A9-9D86-4CD9-B237-E2CAD0A1F3D3}] => (Allow) C:\Program Files (x86)\StarMoney 9.0\app\StarMoney.exe
FirewallRules: [TCP Query User{6BB9E385-A916-4AE9-9ACB-E699B7747A9B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{037EDFE1-43DE-4272-B543-1C13CCC0D876}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{B63DAE1C-FE80-4F4B-A7AE-43644616C7AB}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PairingWizard.exe
FirewallRules: [{4A7A5C9B-EED4-40B1-AD45-6960AA5648A1}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PairingWizard.exe
FirewallRules: [{775848ED-0AC4-4EC6-93BA-1287B0787B13}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe
FirewallRules: [{73F0DEAF-3EAC-44CD-B822-FD6026AEB483}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe
FirewallRules: [{DFB9FE53-F7E1-4722-9045-7BE36A899B8A}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{DA13A301-BC4D-4410-8E2E-C0A71DDA511E}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{7EA59164-96B1-4AC8-B02B-9AE5D204C320}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\app\StarMoney.exe
FirewallRules: [{44984E01-EA4E-4B26-A680-8F5CEC2E1BC9}] => (Allow) C:\Program Files (x86)\StarMoney Business 6.0\app\StarMoney.exe
FirewallRules: [{404D4D02-9942-438D-B5B3-73A380C233F4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{78EBD91E-BE77-48D1-9C3D-69DEAE23945B}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{695BCC07-367E-4D56-8799-C8042E5E9CC9}] => (Allow) C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{D39A23BF-94FA-498F-A9C6-3E18E77E3519}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe
FirewallRules: [{C6706BC1-2DF5-448D-BBE8-313A44848299}] => (Allow) C:\Program Files (x86)\StarMoney 10\app\StarMoney.exe
FirewallRules: [{31509B17-9DBE-4214-89B0-71BD92256E48}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E5D41589-171C-4DB9-AB20-5C876F558093}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{00E4A3C8-9DCE-4AAB-A725-3E7D8AA2CBFE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E549719D-2ADD-463E-AE7F-146D1FD3FD88}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{51781ACE-FC85-4D39-A795-41AF1A2764AB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/25/2015 11:47:29 AM) (Source: SideBySide) (EventID: 79) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1".
Die Einstellung "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName" ist nicht registriert.
Error: (05/25/2015 11:42:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17284 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: f18
Startzeit: 01d0960ffc0fa0ed
Endzeit: 0
Anwendungspfad: C:\WINDOWS\Explorer.EXE
Berichts-ID: 30e688d5-02c2-11e5-bf18-8434978947f8
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (05/25/2015 11:39:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20856 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: b10
Startzeit: 01d09610078fd03e
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: e4a24f5b-02c1-11e5-bf18-8434978947f8
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (05/24/2015 00:42:58 PM) (Source: SideBySide) (EventID: 79) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1".
Die Einstellung "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName" ist nicht registriert.
Error: (05/20/2015 01:16:59 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "\\?\Volume{57f9d638-36f8-48f8-a7aa-395529054261}\" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (05/20/2015 01:16:59 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "WINRE" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (05/19/2015 10:15:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_stisvc, Version: 6.3.9600.16384, Zeitstempel: 0x5215dfe3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22
Ausnahmecode: 0xc0000008
Fehleroffset: 0x000000000009355a
ID des fehlerhaften Prozesses: 0x9dc
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_stisvc0
Pfad der fehlerhaften Anwendung: svchost.exe_stisvc1
Pfad des fehlerhaften Moduls: svchost.exe_stisvc2
Berichtskennung: svchost.exe_stisvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_stisvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_stisvc5
Error: (05/19/2015 01:24:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000052f0b
ID des fehlerhaften Prozesses: 0xf78
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Vollständiger Name des fehlerhaften Pakets: vlc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: vlc.exe5
Error: (05/19/2015 00:55:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 37.0.2.5583, Zeitstempel: 0x552ef76c
Name des fehlerhaften Moduls: mozalloc.dll, Version: 37.0.2.5583, Zeitstempel: 0x552ee9ae
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0xc0
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5
Error: (05/19/2015 00:49:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jre-8u45-windows-i586-iftw.exe, Version: 8.0.450.15, Zeitstempel: 0x5542981d
Name des fehlerhaften Moduls: jre-8u45-windows-i586-iftw.exe, Version: 8.0.450.15, Zeitstempel: 0x5542981d
Ausnahmecode: 0x40000015
Fehleroffset: 0x0005d386
ID des fehlerhaften Prozesses: 0xadc
Startzeit der fehlerhaften Anwendung: 0xjre-8u45-windows-i586-iftw.exe0
Pfad der fehlerhaften Anwendung: jre-8u45-windows-i586-iftw.exe1
Pfad des fehlerhaften Moduls: jre-8u45-windows-i586-iftw.exe2
Berichtskennung: jre-8u45-windows-i586-iftw.exe3
Vollständiger Name des fehlerhaften Pakets: jre-8u45-windows-i586-iftw.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: jre-8u45-windows-i586-iftw.exe5
System errors:
=============
Error: (05/25/2015 11:53:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/25/2015 11:53:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/25/2015 11:53:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "IconMan_R" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/25/2015 11:53:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "HP Support Assistant Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/25/2015 11:53:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Software Framework Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/25/2015 11:52:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Spybot-S&D 2 Updating Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/25/2015 11:52:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/25/2015 11:52:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "ZoneAlarm Privacy Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/25/2015 11:52:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "StarMoney 10 OnlineUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/25/2015 11:52:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "StarMoney Business 6.0 OnlineUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office:
=========================
Error: (05/25/2015 11:47:29 AM) (Source: SideBySide) (EventID: 79) (User: )
Description: hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNameC:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
Error: (05/25/2015 11:42:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.17284f1801d0960ffc0fa0ed0C:\WINDOWS\Explorer.EXE30e688d5-02c2-11e5-bf18-8434978947f8
Error: (05/25/2015 11:39:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20856b1001d09610078fd03e4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exee4a24f5b-02c1-11e5-bf18-8434978947f8microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (05/24/2015 00:42:58 PM) (Source: SideBySide) (EventID: 79) (User: )
Description: hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNameC:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
Error: (05/20/2015 01:16:59 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: \\?\Volume{57f9d638-36f8-48f8-a7aa-395529054261}\Falscher Parameter. (0x80070057)
Error: (05/20/2015 01:16:59 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: WINREFalscher Parameter. (0x80070057)
Error: (05/19/2015 10:15:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_stisvc6.3.9600.163845215dfe3ntdll.dll6.3.9600.1727853eebd22c0000008000000000009355a9dc01d091a2ea8430a8C:\WINDOWS\system32\svchost.exeC:\WINDOWS\SYSTEM32\ntdll.dll2c6091a1-fdff-11e4-bf17-8434978947f8
Error: (05/19/2015 01:24:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.3.9600.1727853eebd22c00000050000000000052f0bf7801d091c19add12fbC:\Program Files\VideoLAN\VLC\vlc.exeC:\WINDOWS\SYSTEM32\ntdll.dll18ac1534-fdb5-11e4-bf17-8434978947f8
Error: (05/19/2015 00:55:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.2.5583552ef76cmozalloc.dll37.0.2.5583552ee9ae8000000300001aa1c001d091bd2af897d8C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlled66422c-fdb0-11e4-bf17-8434978947f8
Error: (05/19/2015 00:49:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: jre-8u45-windows-i586-iftw.exe8.0.450.155542981djre-8u45-windows-i586-iftw.exe8.0.450.155542981d400000150005d386adc01d091bb8fc133fdC:\Users\s\Desktop\Downloads\jre-8u45-windows-i586-iftw.exeC:\Users\s\Desktop\Downloads\jre-8u45-windows-i586-iftw.exe1a0576c9-fdb0-11e4-bf17-8434978947f8
CodeIntegrity Errors:
===================================
Date: 2013-11-30 15:06:55.497
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-11-30 14:42:41.927
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-11-30 14:39:40.327
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-11-30 13:40:28.974
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-11-30 13:39:09.041
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-11-30 13:10:21.879
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll that did not meet the Microsoft signing level requirements.
Date: 2013-11-30 13:10:21.754
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll that did not meet the Microsoft signing level requirements.
Date: 2013-11-30 13:10:18.442
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll that did not meet the Microsoft signing level requirements.
Date: 2013-11-30 13:10:09.332
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll that did not meet the Microsoft signing level requirements.
Date: 2013-11-30 13:10:09.035
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 25%
Total physical RAM: 6036.28 MB
Available physical RAM: 4500.05 MB
Total Pagefile: 11668.28 MB
Available Pagefile: 9739.39 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:448.38 GB) (Free:44.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:16.27 GB) (Free:2.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive i: () (Removable) (Total:29.47 GB) (Free:29.47 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 466E2C46)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 6 GB) (Disk ID: C73F6553)
Partition: GPT Partition Type.
========================================================
Disk: 2 (Size: 29.5 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End of log ============================ |