Internetzugang funktioniert nicht immer

paule11 · 14.03.2015, 10:27

Guten Tag,
habe längere Zeit meine Ruhe gehabt,doch nun muss ich mich melden, denn ich habe ein Problem.
Habe WIN8.1 und FireFox und FritzBox.
Nach dem TowerStart melde mich ins Internet an, über FireFox und WEB.de.Lees ist i.O.
Nach beenden arbeite ich mit anderen Programmen. Nun beabsichtige ich im Internet, so nach ca. 30 -50min erneut zu suchen. Klicke FF an und dann warte ich, da sich das System nicht mit der Startseite WEB.de verbindet.System schalter nach einiger Zeit ab.Nun lasse AdwClean das System durchsuchen und es werden mir einige Files angezeigt (siehr Anhang).
dann kann ich nach einem Neustart des Systemes wieder ohne Probleme in das Internet.

Doch nach beenden von demselben ... siehe oben.

Kann mir hier jemand helfen.
Schon mal Danke.
paule11

M-K-D-B · 14.03.2015, 10:28

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Zur ersten Analyse bitte FRST ausführen:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

paule11 · 15.03.2015, 09:25

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Brockhoff (administrator) on BROCKHOFF-PC on 15-03-2015 09:06:17
Running from C:\Users\Brockhoff\Downloads
Loaded Profiles: Brockhoff (Available profiles: Brockhoff & Administrator)
Platform: Windows 8.1 Pro (X64) OS Language: Englisch (Großbritannien)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe
(Anoto AB) C:\Program Files (x86)\Common Files\Anoto\Pen\Phal\Service\LPhal.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Abelssoft GmbH) C:\Program Files (x86)\Schirmfoto\schirmfoto.exe
(Microsoft) C:\Program Files (x86)\WashAndGo\WashAndGo.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\OmniPage18\omnipage.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(1&1 Mail & Media GmbH) C:\Users\Brockhoff\AppData\Local\WEB.DE Application {sync-000021}\webde_onlinespeicher.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe
(CyberGhost S.R.L.) C:\Program Files\CyberGhost 5\CyberGhost.exe
(Medisana) C:\Program Files (x86)\VitaDock\VitaDock.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Axentra Corporation) C:\Program Files (x86)\MEDION\LifeCloud Desktop Applications\HipServAgent\HipServAgent.exe
(Alexander Miehlke Softwareentwicklung) C:\Program Files (x86)\TraXEx\TraXEx.exe
(The OpenVPN Project) C:\Program Files\CyberGhost 5\Data\OpenVPN\openvpn.exe
(SourceForge.net) C:\Program Files (x86)\Password Safe\pwsafe.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [253440 2013-04-23] (Realtek Semiconductor Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-06-17] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe [281776 2014-09-16] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [BrowserPlugInHelper] => C:\Program Files (x86)\Wondershare\Video Converter Pro\BrowserPlugInHelper.exe [410472 2012-09-28] (Wondershare Software)
HKLM-x32\...\Run: [WISO Mein Geld 2015 Professional .NET] => C:\Program Files (x86)\Buhl\WISO Mein Geld 2015\mg.exe [1119544 2015-02-23] (Buhl Data Service)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704248 2015-03-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKLM-x32\...\Run: [HipServ Agent] => C:\Program Files (x86)\MEDION\LifeCloud Desktop Applications\HipServAgent\HipServAgent.exe [2722920 2014-01-27] (Axentra Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.exe [410216 2014-11-03] (CyberGhost S.R.L.)
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\Run: [VitaDock] => C:\Program Files (x86)\VitaDock\VitaDock.exe [975360 2014-04-09] (Medisana)
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE [774680 2013-06-07] (ZONER software)
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\Policies\Explorer: [CDRAutoRun] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TraXEx 6.0.lnk
ShortcutTarget: TraXEx 6.0.lnk -> C:\Program Files (x86)\TraXEx\TraXEx.exe (Alexander Miehlke Softwareentwicklung)
Startup: C:\Users\Brockhoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk
ShortcutTarget: Password Safe.lnk -> C:\Program Files (x86)\Password Safe\pwsafe.exe (SourceForge.net)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140611185617798.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140611185617798.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140611185617798.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140611185617798.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [MemopalBackedUp] -> {8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6} => C:\Program Files\Avira Secure Backup\ShellExtensionx64\ShellExtension1.dll ()
ShellIconOverlayIdentifiers: [MemopalError] -> {B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD} => C:\Program Files\Avira Secure Backup\ShellExtensionx64\ShellExtension1.dll ()
ShellIconOverlayIdentifiers: [MemopalPartiallyBackedUp] -> {95DDC869-FC98-4D47-BD34-2EDC9AA09C01} => C:\Program Files\Avira Secure Backup\ShellExtensionx64\ShellExtension1.dll ()
ShellIconOverlayIdentifiers: [MemopalToBackup] -> {2CDD871E-60EB-40BD-9721-A1CB57042F75} => C:\Program Files\Avira Secure Backup\ShellExtensionx64\ShellExtension1.dll ()
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140611185617798.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140611185617798.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140611185617798.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140611185617798.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [MemopalBackedUp] -> {8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6} => C:\Program Files\Avira Secure Backup\ShellExtension\ShellExtension.dll ()
ShellIconOverlayIdentifiers-x32: [MemopalError] -> {B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD} => C:\Program Files\Avira Secure Backup\ShellExtension\ShellExtension.dll ()
ShellIconOverlayIdentifiers-x32: [MemopalPartiallyBackedUp] -> {95DDC869-FC98-4D47-BD34-2EDC9AA09C01} => C:\Program Files\Avira Secure Backup\ShellExtension\ShellExtension.dll ()
ShellIconOverlayIdentifiers-x32: [MemopalToBackup] -> {2CDD871E-60EB-40BD-9721-A1CB57042F75} => C:\Program Files\Avira Secure Backup\ShellExtension\ShellExtension.dll ()
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-3158294459-1416924627-3807266797-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3158294459-1416924627-3807266797-1001] => http=127.0.0.1:8887;https=127.0.0.1:8887
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-12-02] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-07] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-07] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll [2012-07-19] (Zeon Corporation)
BHO-x32: Wondershare Video Converter Ultimate -> {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} -> C:\Program Files (x86)\Wondershare\Video Converter Pro\SVRIEPlugin.dll [2012-09-28] (Wondershare Software Co., Ltd.)
BHO-x32: ZeonIEEventHelper Class -> {C7DA0384-42AA-428c-B832-88AC343DE1A8} -> C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2012-07-27] (Zeon Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2012-07-27] (Zeon Corporation)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-12-22] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 95.169.183.219 89.41.60.38 37.221.175.198
Tcpip\..\Interfaces\{E742F15A-8CF5-4968-9C03-307C99BFB9EA}: [NameServer] 95.169.183.219,89.41.60.38
Tcpip\..\Interfaces\{F2C9B065-33EA-47EB-B65C-10CDF0218B7A}: [NameServer] 95.169.183.219,89.41.60.38

FireFox:
========
FF ProfilePath: C:\Users\Brockhoff\AppData\Roaming\Mozilla\Firefox\Profiles\8yymfhip.default-1408376383566
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Homepage: hxxp://www.web.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-08] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-08-29] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-07] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-08-29] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-08-29] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-08-29] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll [2012-07-31] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-3158294459-1416924627-3807266797-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Brockhoff\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-06-30] (Citrix Online)
FF Plugin HKU\S-1-5-21-3158294459-1416924627-3807266797-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-08-29] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2013-08-29] (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\Brockhoff\AppData\Roaming\Mozilla\Firefox\Profiles\8yymfhip.default-1408376383566\searchplugins\avira-safesearch.xml [2015-02-27]
FF Extension: Avira SafeSearch - C:\Users\Brockhoff\AppData\Roaming\Mozilla\Firefox\Profiles\8yymfhip.default-1408376383566\Extensions\safesearch@avira.com [2015-02-27]
FF Extension: WEB.DE MailCheck - C:\Users\Brockhoff\AppData\Roaming\Mozilla\Firefox\Profiles\8yymfhip.default-1408376383566\Extensions\toolbar@web.de [2015-02-26]
FF Extension: Adblock Plus - C:\Users\Brockhoff\AppData\Roaming\Mozilla\Firefox\Profiles\8yymfhip.default-1408376383566\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-19]
FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\Video Converter Pro\SVRFirefoxExt
FF Extension: Wondershare Video Converter Ultimate - C:\Program Files (x86)\Wondershare\Video Converter Pro\SVRFirefoxExt [2014-08-31]
FF HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF Extension: PDF Converter - C:\Program Files (x86)\Nuance\PDF Professional 8\FireFox [2014-07-19]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Profile: C:\Users\Brockhoff\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Brockhoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-11]
CHR Extension: (Babylon Translator) - C:\Users\Brockhoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljcdopdmbcpndfopibbkmijkhmbdgpjj [2014-08-11]
CHR Extension: (Google Wallet) - C:\Users\Brockhoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-06]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [chgdeabpmphfhkoemjjglmilajldekbp] - C:\Program Files (x86)\Wondershare\Video Converter Pro\SVRChromePlugin.crx [2014-08-31]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ljcdopdmbcpndfopibbkmijkhmbdgpjj] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [342984 2011-09-13] ()
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [806192 2015-03-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [992048 2015-03-05] (Avira Operations GmbH & Co. KG)
S3 Avira Secure Backup Crawler; C:\Program Files\Avira Secure Backup\Avira Secure BackupCrawler.exe [2258000 2013-11-06] () [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S4 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [47104 2013-04-25] () [File not signed]
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-11-19] (Nuance Communications, Inc.)
R2 PenRendezvous; C:\Program Files (x86)\Common Files\Anoto\Pen\Phal\Service\LPhal.exe [430080 2009-08-31] (Anoto AB) [File not signed]
R2 PenSup; C:\Program Files (x86)\Common Files\Anoto\Pen\Phal\Service\LPhal.exe [430080 2009-08-31] (Anoto AB) [File not signed]
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28848 2014-09-16] (Samsung Electronics Co., Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 ioloSystemService; "C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-05] (Avira Operations GmbH & Co. KG)
R3 bthav; C:\Windows\system32\drivers\bthav.sys [40448 2008-07-10] (CSR, plc)
R3 BTHprint; C:\Windows\system32\DRIVERS\bthprint.sys [62976 2013-08-22] (Microsoft Corporation)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\ElRawDsk.sys [30752 2013-04-05] (EldoS Corporation)
S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [138752 2015-01-17] (Huawei Technologies Co., Ltd.)
S3 iaStorS; C:\Windows\System32\drivers\iaStorS.sys [646616 2012-07-25] (Intel Corporation)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
R3 MirayVirtualDisk; C:\Windows\System32\drivers\mvd.sys [162384 2013-11-25] (Miray)
R0 rtcrfilt64; C:\Windows\System32\drivers\rtcrfilt64.sys [19600 2012-07-23] (Realtek Semiconductor Corp.)
S3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [532552 2013-03-28] (Realtek Semiconductor Corporation)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [268976 2014-09-16] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111280 2014-09-16] (Samsung Electronics Co., Ltd.)
S3 SCUsbDrvService; C:\Windows\System32\drivers\sceye64.sys [53864 2011-01-14] (Cypress Semiconductor)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-05-15] (Synaptics Incorporated)
S3 tpusbser; C:\Windows\system32\DRIVERS\tpusbser.sys [123648 2013-02-05] (QUALCOMM Incorporated)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-15 09:06 - 2015-03-15 09:06 - 00028665 _____ () C:\Users\Brockhoff\Downloads\FRST.txt
2015-03-15 09:05 - 2015-03-15 09:06 - 00000000 ___DC () C:\FRST
2015-03-15 09:05 - 2015-03-15 09:05 - 02095616 _____ (Farbar) C:\Users\Brockhoff\Downloads\FRST64.exe
2015-03-13 18:25 - 2015-03-13 18:25 - 00008993 _____ () C:\Users\Brockhoff\Desktop\Guten Tag.tmd
2015-03-13 17:49 - 2015-03-15 08:59 - 00000528 _____ () C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2015-03-13 17:49 - 2015-03-13 17:49 - 00002942 _____ () C:\Windows\System32\Tasks\ParetoLogic Update Version3 Startup Task
2015-03-13 17:49 - 2015-03-13 17:49 - 00001084 _____ () C:\Users\Brockhoff\Desktop\ParetoLogic PC Health Advisor.lnk
2015-03-13 17:48 - 2015-03-13 17:48 - 05813872 _____ (ParetoLogic Inc.) C:\Users\Brockhoff\Downloads\ParetoLogic PC Health Advisor_de(1).exe
2015-03-13 11:16 - 2015-03-13 11:16 - 00005038 _____ () C:\Users\Brockhoff\Documents\Profi prefs.js.html
2015-03-13 10:06 - 2015-03-15 08:57 - 00002150 _____ () C:\Windows\setupact.log
2015-03-13 10:06 - 2015-03-13 10:06 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-12 22:28 - 2015-03-15 09:02 - 01005900 _____ () C:\Windows\WindowsUpdate.log
2015-03-12 19:37 - 2015-03-12 19:38 - 00000874 _____ () C:\Users\Brockhoff\Downloads\FRITZ!Box_Fon_WLAN_7390_84.06.23_12.03.2015_19_37-diagnose.csv
2015-03-12 14:31 - 2015-03-12 16:42 - 00000215 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-03-12 14:26 - 2015-03-13 10:06 - 00540416 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 11:43 - 2015-03-06 03:53 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 11:43 - 2015-03-06 03:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-12 11:43 - 2015-02-26 00:26 - 04178944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 11:43 - 2015-02-20 04:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 11:43 - 2015-02-20 03:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 11:43 - 2015-02-20 03:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-12 11:43 - 2015-02-20 03:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-12 11:43 - 2015-02-07 00:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-03-12 11:43 - 2015-02-06 02:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-03-12 11:43 - 2015-02-06 02:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-03-12 11:43 - 2015-02-05 21:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-03-12 11:43 - 2015-02-04 00:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-03-12 11:43 - 2015-02-04 00:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-03-12 11:43 - 2015-02-04 00:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-03-12 11:43 - 2015-02-03 01:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2015-03-12 11:43 - 2015-02-03 01:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2015-03-12 11:43 - 2015-02-03 00:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-03-12 11:43 - 2015-02-03 00:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2015-03-12 11:43 - 2015-01-31 00:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-03-12 11:43 - 2015-01-31 00:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-03-12 11:43 - 2015-01-31 00:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-12 11:43 - 2015-01-30 04:01 - 00097792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2015-03-12 11:43 - 2015-01-30 04:00 - 00167424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys
2015-03-12 11:43 - 2015-01-30 03:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-03-12 11:43 - 2015-01-30 03:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-03-12 11:43 - 2015-01-30 03:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-03-12 11:43 - 2015-01-30 02:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-03-12 11:43 - 2015-01-30 02:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-03-12 11:43 - 2015-01-30 02:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-03-12 11:43 - 2015-01-30 02:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-03-12 11:43 - 2015-01-30 02:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
2015-03-12 11:43 - 2015-01-30 02:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-03-12 11:43 - 2015-01-30 02:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-03-12 11:43 - 2015-01-30 02:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-03-12 11:43 - 2015-01-30 02:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-03-12 11:43 - 2015-01-30 02:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-03-12 11:43 - 2015-01-29 02:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2015-03-12 11:43 - 2015-01-29 02:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2015-03-12 11:43 - 2015-01-29 02:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-12 11:43 - 2015-01-29 02:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-03-12 11:43 - 2015-01-29 02:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-03-12 11:43 - 2015-01-29 02:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-12 11:43 - 2015-01-29 01:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-03-12 11:43 - 2015-01-29 01:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-03-12 11:43 - 2015-01-29 01:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-03-12 11:43 - 2015-01-29 01:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-03-12 11:43 - 2015-01-28 16:41 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 11:43 - 2015-01-28 16:41 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-03-12 11:43 - 2015-01-28 16:41 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-03-12 11:43 - 2015-01-28 03:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2015-03-12 11:43 - 2015-01-28 02:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
2015-03-12 11:43 - 2015-01-27 05:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-12 11:43 - 2015-01-27 04:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-03-12 11:43 - 2015-01-27 03:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-12 11:43 - 2015-01-24 02:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-03-12 11:43 - 2015-01-23 08:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-03-12 11:43 - 2015-01-23 06:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-03-12 11:43 - 2014-10-29 04:56 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-03-12 11:43 - 2014-10-29 03:49 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-12 11:43 - 2014-10-29 03:46 - 00081920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2015-03-12 11:43 - 2014-10-29 03:46 - 00053248 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2015-03-12 11:43 - 2014-10-29 03:45 - 01198080 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-03-12 11:43 - 2014-10-29 03:44 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-12 11:43 - 2014-10-29 03:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-12 11:43 - 2014-10-29 03:43 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\printui.exe
2015-03-12 11:43 - 2014-10-29 03:37 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2015-03-12 11:43 - 2014-10-29 03:34 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-03-12 11:43 - 2014-10-29 03:34 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WSCollect.exe
2015-03-12 11:43 - 2014-10-29 03:34 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2015-03-12 11:43 - 2014-10-29 03:04 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\findnetprinters.dll
2015-03-12 11:43 - 2014-10-29 03:04 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-12 11:43 - 2014-10-29 03:03 - 00241152 ____C (Microsoft Corporation) C:\Windows\system32\fsquirt.exe
2015-03-12 11:43 - 2014-10-29 03:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-12 11:43 - 2014-10-29 03:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-12 11:43 - 2014-10-29 02:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.exe
2015-03-12 11:43 - 2014-10-29 02:52 - 00289280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\compstui.dll
2015-03-12 11:43 - 2014-10-29 02:51 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-03-12 11:43 - 2014-10-29 02:48 - 00825856 _____ (Microsoft Corporation) C:\Windows\system32\pmcsnap.dll
2015-03-12 11:43 - 2014-10-29 02:45 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\ppcsnap.dll
2015-03-12 11:43 - 2014-10-29 02:45 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll
2015-03-12 11:43 - 2014-10-29 02:28 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\findnetprinters.dll
2015-03-12 11:43 - 2014-10-29 02:28 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\atlthunk.dll
2015-03-12 11:43 - 2014-10-29 02:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-03-12 11:43 - 2014-10-29 02:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\eappprxy.dll
2015-03-12 11:43 - 2014-10-29 02:15 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnntfy.dll
2015-03-12 11:43 - 2014-10-29 02:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2015-03-12 11:43 - 2014-10-29 01:59 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappprxy.dll
2015-03-12 11:43 - 2014-10-29 01:55 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2015-03-12 11:43 - 2014-10-29 01:55 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2015-03-12 11:43 - 2014-10-29 01:44 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2015-03-12 11:43 - 2014-10-29 01:41 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2015-03-12 11:43 - 2014-10-29 01:35 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2015-03-12 11:42 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-12 11:42 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-12 11:42 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-12 11:42 - 2015-02-21 01:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-03-12 11:42 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-12 11:42 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-12 11:42 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-12 11:42 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-12 11:42 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-12 11:42 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-12 11:42 - 2015-02-20 03:35 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-12 11:42 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-12 11:42 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-12 11:42 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-12 11:42 - 2015-02-20 03:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-03-12 11:42 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-12 11:42 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-12 11:42 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-12 11:42 - 2015-02-20 02:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-03-12 11:42 - 2015-02-20 02:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-12 11:42 - 2015-02-20 02:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-03-12 11:42 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-12 11:42 - 2015-02-20 02:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-12 11:42 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-12 11:42 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-12 11:42 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-12 11:42 - 2015-02-20 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-03-12 11:42 - 2015-02-20 02:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-03-12 11:42 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-12 11:42 - 2015-02-20 02:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-03-12 11:42 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-12 11:42 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-12 11:42 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-12 11:42 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-12 11:42 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-12 11:42 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-12 11:42 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-12 11:42 - 2015-02-12 18:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-12 11:42 - 2015-02-12 18:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-12 11:42 - 2015-02-08 00:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-03-12 11:42 - 2015-02-08 00:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-03-12 11:42 - 2015-01-29 19:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 11:42 - 2015-01-29 19:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-12 11:42 - 2015-01-28 02:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 11:42 - 2015-01-28 02:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-12 11:42 - 2015-01-28 00:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-03-12 11:42 - 2015-01-28 00:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-03-12 11:42 - 2015-01-21 06:54 - 01384712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 11:42 - 2015-01-21 06:15 - 01123848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-12 11:42 - 2014-12-11 06:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-03-12 10:34 - 2015-03-15 08:59 - 00000306 _____ () C:\Windows\Tasks\WashAndGoNGBackground.job
2015-03-12 10:34 - 2015-03-12 10:35 - 00002566 _____ () C:\Windows\System32\Tasks\WashAndGoNGBackground
2015-03-11 18:53 - 2015-03-11 18:53 - 00160517 _____ () C:\Users\Brockhoff\Desktop\Kalfaterung Deck.tmd
2015-03-11 10:09 - 2015-03-11 10:09 - 02171392 _____ () C:\Users\Brockhoff\Desktop\adwcleaner_4.112(1).exe
2015-03-10 10:45 - 2015-03-10 10:45 - 02171392 _____ () C:\Users\Brockhoff\Downloads\adwcleaner_4.112.exe
2015-03-09 07:47 - 2015-03-09 07:47 - 05290912 _____ (Abelssoft ) C:\Users\Brockhoff\Downloads\STA-DE_2015.exe
2015-03-08 16:36 - 2015-03-08 16:36 - 00001348 _____ () C:\Users\Brockhoff\Desktop\Navigation zur MEDION® LifeCloud® (www).lnk
2015-03-08 16:36 - 2015-03-08 16:36 - 00000000 ____D () C:\Users\Brockhoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEDION
2015-03-08 16:36 - 2015-03-08 16:36 - 00000000 ____D () C:\Program Files (x86)\MEDION
2015-03-08 16:35 - 2015-03-08 16:35 - 00000000 ____D () C:\Users\Brockhoff\AppData\Local\{620420EA-6AA2-449B-9FA0-BE5524AF01A8}
2015-03-07 16:11 - 2015-03-07 16:11 - 00000740 _____ () C:\Users\Brockhoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\siggis.lnk
2015-03-07 15:39 - 2015-03-07 15:41 - 42925480 _____ (Oracle Corporation) C:\Users\Brockhoff\Downloads\jre-8u40-windows-x64.exe
2015-03-06 18:48 - 2015-03-06 18:48 - 00000883 _____ () C:\Users\Brockhoff\Downloads\FRITZ!Box_Fon_WLAN_7390_84.06.23_06.03.2015_18_48-diagnose.csv
2015-03-06 17:33 - 2015-03-06 17:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rechtstipps
2015-03-06 10:13 - 2015-03-06 10:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-05 19:08 - 2015-03-05 19:08 - 00725344 _____ (Visual Tools Ltd.) C:\Users\Brockhoff\Downloads\Babylon10_setup_ns(4).exe
2015-03-05 18:54 - 2015-03-05 18:54 - 00725344 _____ (Visual Tools Ltd.) C:\Users\Brockhoff\Downloads\Babylon10_setup_ns(3).exe
2015-03-05 17:46 - 2015-03-05 17:46 - 00725344 _____ (Visual Tools Ltd.) C:\Users\Brockhoff\Downloads\Babylon10_setup_ns(2).exe
2015-03-05 15:27 - 2015-03-05 15:28 - 00725344 _____ (Visual Tools Ltd.) C:\Users\Brockhoff\Downloads\Babylon10_setup_ns(1).exe
2015-03-02 19:49 - 2015-03-02 19:50 - 41454688 _____ () C:\Users\Brockhoff\Downloads\WEB.DE_Firefox_Setup(3).exe
2015-03-02 10:09 - 2015-03-02 10:10 - 25671288 _____ (Abelssoft ) C:\Users\Brockhoff\Downloads\WGO-DE_2015.exe
2015-03-02 10:09 - 2015-03-02 10:09 - 05289336 _____ (Abelssoft ) C:\Users\Brockhoff\Downloads\STA-DE_2014.exe
2015-03-02 10:09 - 2015-03-02 10:09 - 04051288 _____ (Abelssoft ) C:\Users\Brockhoff\Downloads\SFT-DE_2014(1).exe
2015-02-26 13:23 - 2015-02-26 13:24 - 41454688 _____ () C:\Users\Brockhoff\Downloads\WEB.DE_Firefox_Setup(2).exe
2015-02-26 13:23 - 2015-02-26 13:23 - 41454688 _____ () C:\Users\Brockhoff\Downloads\WEB.DE_Firefox_Setup(1).exe
2015-02-25 12:03 - 2014-12-13 22:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 12:03 - 2014-12-13 22:28 - 00513488 _____ () C:\Windows\system32\locale.nls
2015-02-25 12:03 - 2014-10-29 02:27 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-02-25 12:03 - 2014-10-29 02:27 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2015-02-25 12:03 - 2014-10-29 02:04 - 00868352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-02-25 12:03 - 2014-10-29 02:04 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2015-02-23 13:55 - 2015-02-23 13:55 - 00000000 ____D () C:\Users\Brockhoff\Desktop\Eigene Dateien
2015-02-21 08:47 - 2015-02-21 08:49 - 175605432 _____ () C:\Users\Brockhoff\Downloads\avira_antivirus_pro_de.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-15 09:05 - 2014-05-06 15:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-15 09:05 - 2013-11-14 13:43 - 02021900 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-15 09:05 - 2013-06-10 18:46 - 00948942 _____ () C:\Windows\system32\perfh007.dat
2015-03-15 09:05 - 2013-06-10 18:46 - 00210240 _____ () C:\Windows\system32\perfc007.dat
2015-03-15 09:04 - 2014-03-18 18:46 - 00000000 ____D () C:\Users\Brockhoff\AppData\Local\PasswordSafe
2015-03-15 09:02 - 2014-01-02 20:03 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9F78DAD6-5CE2-41E2-B716-28203F59D04B}
2015-03-15 09:02 - 2013-06-14 21:07 - 00010816 _____ () C:\Users\Brockhoff\AppData\Local\BTServer.log
2015-03-15 09:02 - 2013-01-30 13:08 - 00000000 ____D () C:\Users\Brockhoff\Documents\Outlook-Dateien
2015-03-15 09:01 - 2013-12-22 11:19 - 00000000 __RDO () C:\Users\Brockhoff\SkyDrive
2015-03-15 09:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-03-15 08:59 - 2014-11-15 08:57 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-15 08:59 - 2014-11-02 08:28 - 00000312 _____ () C:\Windows\Tasks\AbelssoftPreloader.job
2015-03-15 08:59 - 2013-08-14 22:07 - 00000286 _____ () C:\Windows\Tasks\Schirmfoto.job
2015-03-15 08:58 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-14 19:09 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-03-14 19:07 - 2014-01-06 20:21 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-14 19:01 - 2015-01-05 11:31 - 00000000 ____D () C:\Users\Brockhoff\AppData\Roaming\MyPhoneExplorer
2015-03-14 18:17 - 2013-11-19 14:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-14 18:02 - 2013-06-10 18:34 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3158294459-1416924627-3807266797-1001
2015-03-14 18:01 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-03-14 13:34 - 2014-08-07 18:46 - 00000000 ____D () C:\Users\Brockhoff\Desktop\Backs, Malware
2015-03-14 13:26 - 2014-06-13 06:31 - 00000000 ___DC () C:\AdwCleaner
2015-03-14 12:25 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-03-13 22:48 - 2014-03-18 18:46 - 00000000 ____D () C:\Users\Brockhoff\Documents\My Safes
2015-03-13 22:29 - 2012-11-20 15:08 - 00000000 ____D () C:\Users\Brockhoff\Documents\WISO Mein Geld
2015-03-13 22:08 - 2014-06-30 16:04 - 00000000 ____D () C:\Users\Brockhoff\Desktop\Bildschirmfotos
2015-03-13 18:25 - 2012-12-16 17:27 - 00000000 ____D () C:\Users\Brockhoff\Documents\SoftMaker
2015-03-13 10:49 - 2014-11-13 17:35 - 00000000 ____D () C:\Users\Brockhoff\AppData\Roaming\ClassicShell
2015-03-13 10:32 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-03-12 22:30 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2015-03-12 22:30 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 22:30 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 22:30 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-12 22:30 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\WinStore
2015-03-12 22:30 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\en-GB
2015-03-12 22:30 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\en-GB
2015-03-12 22:30 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-12 22:30 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-12 22:30 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-12 17:52 - 2013-08-16 20:55 - 00000000 ____D () C:\Users\Brockhoff\AppData\Roaming\vlc
2015-03-12 17:09 - 2013-08-18 13:55 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 17:06 - 2013-06-12 17:37 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-12 16:43 - 2014-08-09 10:36 - 00437952 _____ () C:\Users\Brockhoff\Schnellerfassung.bse
2015-03-12 14:37 - 2014-12-22 22:47 - 00003112 _____ () C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3158294459-1416924627-3807266797-1001
2015-03-12 14:37 - 2014-12-22 22:47 - 00000000 ___RD () C:\Users\Brockhoff\OneDrive
2015-03-12 10:42 - 2013-08-28 21:10 - 00000000 ____D () C:\Users\Brockhoff\Desktop\Schreiben allg Unterlagen
2015-03-12 10:33 - 2013-06-14 21:59 - 00000000 ____D () C:\Program Files (x86)\STAEDTLER
2015-03-12 10:31 - 2012-11-21 08:20 - 00000000 ____D () C:\Users\Brockhoff\Desktop\WISO  Steuer  Recht
2015-03-11 15:08 - 2014-01-06 20:22 - 00002162 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-10 10:16 - 2014-11-02 08:21 - 00000000 ____D () C:\Program Files (x86)\WashAndGo
2015-03-10 10:16 - 2013-08-14 22:06 - 00000000 ____D () C:\Users\Brockhoff\AppData\Local\Abelssoft
2015-03-10 10:15 - 2014-11-02 08:21 - 00001002 _____ () C:\Users\Public\Desktop\WashAndGo.lnk
2015-03-09 18:55 - 2014-11-13 14:45 - 00000000 ____D () C:\Users\Brockhoff\Documents\Datenbank
2015-03-09 18:43 - 2014-11-26 14:20 - 00000000 ____D () C:\Users\Brockhoff\Desktop\Datenbank
2015-03-08 18:42 - 2013-11-05 15:08 - 00000000 ____D () C:\Users\Brockhoff\AppData\Roaming\dvdcss
2015-03-08 16:34 - 2014-03-10 12:41 - 00000000 ____D () C:\Users\Brockhoff\AppData\Local\CyberGhost
2015-03-07 15:42 - 2014-07-13 19:01 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-03-07 15:42 - 2014-01-28 14:28 - 00000000 ____D () C:\Program Files\Java
2015-03-07 15:42 - 2013-12-07 13:35 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-07 15:42 - 2013-12-07 13:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-06 18:39 - 2014-08-14 17:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-06 17:17 - 2012-11-21 12:05 - 00000000 ____D () C:\Users\Brockhoff\Documents\Steuerfälle
2015-03-06 16:30 - 2014-02-14 11:35 - 00000000 ____D () C:\Users\Brockhoff\Documents\BelegManager
2015-03-05 13:19 - 2014-11-06 11:20 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-05 13:19 - 2014-11-06 11:20 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-05 13:19 - 2014-11-06 11:20 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-05 13:15 - 2014-11-06 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-05 13:15 - 2013-06-14 21:07 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-05 13:15 - 2013-06-12 18:32 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-04 22:24 - 2014-09-25 16:28 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-04 22:24 - 2014-09-25 16:28 - 00178144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-02 19:51 - 2014-08-14 17:02 - 00001142 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-02 19:51 - 2014-08-14 17:02 - 00001130 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-01 19:48 - 2013-11-06 08:33 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-03-01 16:13 - 2014-01-31 18:49 - 00000000 ____D () C:\Users\Brockhoff\AppData\Roaming\MAXBuddy
2015-03-01 16:02 - 2014-01-28 14:28 - 00000000 ____D () C:\Users\Brockhoff\.MAX
2015-03-01 16:02 - 2014-01-28 14:28 - 00000000 ____D () C:\ProgramData\MAX
2015-02-28 17:01 - 2013-06-16 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps
2015-02-28 17:00 - 2014-01-28 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Note Manager
2015-02-27 20:18 - 2015-01-21 17:57 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2015-02-27 15:35 - 2013-06-10 18:26 - 00000000 ____D () C:\Users\Brockhoff\AppData\Local\Packages
2015-02-26 13:20 - 2013-10-06 19:48 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-25 14:30 - 2013-10-04 16:04 - 00000000 ____D () C:\Users\Brockhoff\AppData\Local\WEB.DE Application {sync-000021}
2015-02-25 12:45 - 2013-04-07 13:29 - 00000000 ____D () C:\Users\Brockhoff\Documents\Schreiben
2015-02-25 10:46 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Globalization
2015-02-25 09:59 - 2014-12-22 22:01 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-23 14:23 - 2013-06-16 11:49 - 00000000 ____D () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft
2015-02-23 11:20 - 2013-02-08 12:31 - 00000000 ____D () C:\Users\Brockhoff\Documents\Backup MyPhone
2015-02-13 18:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2013-06-14 21:07 - 2015-03-15 09:02 - 0010816 _____ () C:\Users\Brockhoff\AppData\Local\BTServer.log
2013-12-17 10:13 - 2013-12-17 10:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-03-12 14:31 - 2015-03-12 16:42 - 0000215 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\Users\Brockhoff\g2ax_customer_downloadhelper_win32_x86.exe
C:\Users\Public\AlexaNSISPlugin.3440.dll
C:\Users\Public\AlexaNSISPlugin.664.dll


Some content of TEMP:
====================
C:\Users\Brockhoff\AppData\Local\Temp\Quarantine.exe
C:\Users\Brockhoff\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-14 18:02

==================== End Of Log ============================

--- --- ---
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Brockhoff at 2015-03-15 09:06:54
Running from C:\Users\Brockhoff\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1-abc.net Duplicate Finder (HKLM-x32\...\1-abc.net Duplicate Finder) (Version: - 1-abc.net Software Development and Distribution)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ALDI TALK Verbindungsassistent (HKLM-x32\...\ALDITALKVerbindungsassistent) (Version: ALDI TALK 4.0 - ALDI TALK Verbindungsassistent)
Anoto penDirector 1.4.0.0 (HKLM-x32\...\Anoto_penDirector) (Version: 1.4.0.0 - Anoto AB)
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.644 - Avira)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avanquest update (HKLM-x32\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.34 - Avanquest Software)
Avira (HKLM-x32\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C0A00}) (Version: 12.10.0.2949 - APN, LLC)
Avira Secure Backup (HKLM\...\Avira Secure Backup) (Version: 1.0.0 - Avira Secure Backup)
Avira System Speedup 1.6 (HKLM-x32\...\Avira System Speedup_is1) (Version: 1.6 - 2000 - 2015 Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Cinebook (x32 Version: 3.2.16 - SSW Software GmbH) Hidden
Citrix Online Launcher (HKLM-x32\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
DesignCAD 20 (HKLM-x32\...\{5870DF31-7BF8-4635-B708-7695CBCD5D48}) (Version: 20.0.0 - IMSIDesign)
DesignCAD 3D Max 22 (HKLM-x32\...\{CCB44106-246E-45A5-8507-801F39EFB55B}) (Version: 22.0.0 - IMSIDesign)
DesignCAD Toolkit Basis Version 1.1c (HKLM-x32\...\DesignCAD Toolkit Basis_is1) (Version: 1.1c - Franzis Verlag)
Duplicate Photo Cleaner (HKLM\...\Duplicate Photo Cleaner_is1) (Version: - WebMinds, Inc.)
Express Zip (HKLM-x32\...\ExpressZip) (Version: 2.18 - NCH Software)
FwD Updater 1.1 (HKLM-x32\...\FwD Updater) (Version: 1.1 - Funkwerk Dabendorf)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GS Modellbahn-Verwaltung 7D Version 1 (HKLM-x32\...\{B8F7C2D1-3094-4BF4-A763-9DC8467B5B46}_is1) (Version: 1 - Dipl.-Ing.(FH) Gert Spießhofer)
HDR projects elements (64-Bit) (HKLM\...\HDR projects elements_is1) (Version: 1.22 - Franzis Verlag GmbH)
HL-2130 (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
InfoBibliothek 2 (HKLM-x32\...\{78D7D7CD-A06B-4514-ACBD-8055BF945A8E}) (Version: 1.08.03.02 - Wolters Kluwer Deutschland GmbH)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 12.5.0 - iolo technologies, LLC)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
KPF-Zeller Speed-Cat USB V4.0 (HKLM-x32\...\Speed-Cat_is1) (Version: - )
LifeCloud Desktop Applications (HKLM-x32\...\{54DC3D01-80CC-44DA-830E-B942F063975B}) (Version: 1.4.4 - Axentra Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Max Local Application (HKLM-x32\...\Max Local Application) (Version: 1.4.1 - ELV Elektronik AG)
Max Local Application (x32 Version: 1.4.0 - eQ-3 Entwicklung GmbH) Hidden
Max Local Application (x32 Version: 1.4.1 - ELV Elektronik AG) Hidden
MAX!Buddy (HKLM-x32\...\MAX!Buddy) (Version: r9.16.2 - Sebastian Kopsan)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mediatek Bluetooth (HKLM\...\{A9409290-2A97-8735-93A3-DF710B1F44B0}) (Version: 11.0.742.0 - Mediatek)
Microsoft Access database engine 2010 (German) (HKLM-x32\...\{90140000-00D1-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MindVisualizer Deutsche Version (HKLM-x32\...\MindVisualizer Deutsche Version_is1) (Version: - InnovationGear.com)
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
MyDriveConnect 3.3.0.1812 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
MyFreeCodec (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\MyFreeCodec) (Version: - )
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
myphotobook.de (x32 Version: 1.5.3 - myphotobook GmbH) Hidden
MyScript Anoto InkRetriever 1.0 (HKLM-x32\...\MyScript Anoto InkRetriever 1.0_is1) (Version: 1.0.0.8 - Vision Objects)
MyScript Studio de_DE pack 1.2 (HKLM-x32\...\MyScript Studio de_DE pack 1.2_is1) (Version: 1.2.0.200 - Vision Objects)
MyScript Studio Notes Edition 1.2 (HKLM-x32\...\MyScript Studio 1.2_is1) (Version: 1.2.0.336 - Vision Objects)
Nero BurnLite 10 (HKLM-x32\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG)
Nero BurnLite 10 (HKLM-x32\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG)
Nuance OmniPage 18 (HKLM-x32\...\{F814FDB6-8F71-4697-AEA5-FB39C00364EE}) (Version: 18.0.0000 - Nuance Communications, Inc.)
Nuance PDF Converter Enterprise 8 (HKLM\...\{CCBC433F-343E-402A-9FB0-721218C52127}) (Version: 8.10.7268 - Nuance Communications, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Password Safe (HKLM-x32\...\Password Safe) (Version: - )
PDF Experte 9 Professional (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 9.01 - Avanquest Software)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.212.0 - Tracker Software Products Ltd)
penDirectorMergeModules (x32 Version: 1.4.0.0 - Anoto AB) Hidden
Photomizer Retro (HKLM-x32\...\{41B5224D-7853-4EA5-0001-C8949A33B608}) (Version: 2.0.14.106 - Engelmann Media GmbH)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PixelNet Software 4.14.4 (HKLM-x32\...\PixelNet Software) (Version: 4.14.4 - ORWO Net)
RAPID Mode (Version: 1.0.1.81 - Samsung Electronics Co., Ltd.) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.787.787.111413 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.21.909.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7272 - Realtek Semiconductor Corp.)
Rechtstipps - Der RechtsBerater (HKLM-x32\...\{69F060A7-E04F-4E33-AA8F-9EBF188823AB}) (Version: 15.02.0 - Akademische Arbeitsgemeinschaft Verlag)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.6 - Samsung)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_4 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_4 - Samsung Electronics Co., Ltd.) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.40.0 - SAMSUNG Electronics Co., Ltd.)
Scansoft PDF Professional (x32 Version: - ) Hidden
sceye 5th (HKLM-x32\...\{FF751753-5D0A-48A8-AE2B-C545C83C2013}) (Version: 5.5.1 - Silvercreations)
Schirmfoto (HKLM-x32\...\Schirmfoto_is1) (Version: 2014 - Abelssoft)
SimilarImages (HKLM-x32\...\SimilarImages) (Version: 2013.11 - Nils Maier)
SoftMaker Office Standard 2012 (HKLM-x32\...\{8EBB8452-274B-465D-8324-00B0832FBB02}) (Version: 12.0.3398 - SoftMaker Software GmbH)
Sparfuchs (HKLM-x32\...\Sparfuchs_is1) (Version: 2015 - Abelssoft)
SteuerBerater 2014-2015 (HKLM-x32\...\{A671167A-237C-4AFD-913C-0B64768EA8DC}) (Version: 15.01.0 - Akademische Arbeitsgemeinschaft)
Steuer-Spar-Erklärung Plus 2013 (HKLM-x32\...\{D4A69FFE-B7F6-42B6-ACF3-3F238F9A26D8}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung Plus 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.12.92 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung Plus 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.30.147 - Akademische Arbeitsgemeinschaft)
System Checkup 3.5 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.5.4.2 - iolo technologies, LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TraXEx 6.0 (HKLM-x32\...\TraXEx_is1) (Version: 6.0.0.0 - Alexander Miehlke Softwareentwicklung)
Tyre (HKLM-x32\...\Tyre_is1) (Version: 6.3.1.3 - 't Schrijverke)
UpdateStar Drivers (HKLM-x32\...\UpdateStar Drivers) (Version: 7.0.0 - UpdateStar)
USIM Editor 1.0.37.0 (HKLM-x32\...\Card Reader Driver and USIM Editor Program_is1) (Version: - )
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VitaDock® Online PC 1.0.530 (HKLM-x32\...\{2DDE97C5-863F-4FFB-84A2-70B21684D747}) (Version: 1.0.530.0 - Medisana)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WashAndGo (HKLM-x32\...\WashAndGo_is1) (Version: 19.3 - Abelssoft)
WEB.DE Online-Speicher 1.11.4174.0 (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\WEB.DE Application {sync-000021}) (Version: 1.11.4174.0 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung CE (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.1.1 - 1&1 Mail & Media GmbH)
Windows Driver Package - Prolific (Ser2pl) Ports (03/12/2010 3.3.11.152) (HKLM\...\1368C87DCBC1A47DB78AD625B2C7E102AF9F447F) (Version: 03/12/2010 3.3.11.152 - Prolific)
Windows-Treiberpaket - SilverCreations AG SceyeDrivers (12/10/2009 3.4.1.20) (HKLM\...\EED52136A3BEC35F575B1E02640D6CB902BACA01) (Version: 12/10/2009 3.4.1.20 - SilverCreations AG)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
WISO Mein Geld 2014 Professional (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\WISO Mein Geld 2014 Professional) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 2015 Professional .NET (HKLM-x32\...\WISO Mein Geld 2015 Professional .NET) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 2015 Professional .NET (x32 Version: 20.0.0.0 - Buhl Data Service GmbH) Hidden
Wondershare DVD Slideshow Builder HD-Video Deluxe(Build 6.1.4.4 (HKLM-x32\...\Wondershare DVD Slideshow Builder HD-Video Deluxe_is1) (Version: 6.1.4.48 - WonderShare Software Co.,Ltd.)
Wondershare PDF Editor(Build 3.9.1) (HKLM-x32\...\{75BAE677-F65A-45A4-9931-363FE0CF5E58}_is1) (Version: 3.9.1.2 - Wondershare Software Co.,Ltd.)
Wondershare Video Converter Pro(Build 6.0.1.0) (HKLM-x32\...\Wondershare Video Converter Pro_is1) (Version: 6.0.1.0 - Wondershare Software)
Zoner Photo Studio 15 (HKLM\...\ZonerPhotoStudio15_DE_is1) (Version: 15.0.1.7 - ZONER software)
Zoner Photo Studio 16 (HKLM\...\ZonerPhotoStudio16_DE_is1) (Version: 16.0.1.7 - ZONER software)
Zoner Photo Studio 17 (HKLM\...\ZonerPhotoStudio17_DE_is1) (Version: 17.0.1.4 - ZONER software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3158294459-1416924627-3807266797-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Brockhoff\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

28-02-2015 17:00:21 Removed Note Manager Software
06-03-2015 17:28:07 Rechtstipps - Der RechtsBerater wurde entfernt.
08-03-2015 16:36:11 Installed LifeCloud Desktop Applications
09-03-2015 07:55:57 Create system restore point before cleaning junk files
12-03-2015 10:33:32 Removed Mobile note taker 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0767E4BD-9317-4FFA-9B69-3C10F371037C} - System32\Tasks\AdvancedDriverUpdater_UPDATES => C:\Program Files (x86)\Advanced Driver Updater\adu.exe
Task: {07BF256E-F136-4466-8383-A06F5B962A1F} - System32\Tasks\Password Safe => C:\Program Files (x86)\Password Safe\pwsafe.exe [2014-07-28] (SourceForge.net)
Task: {0E68AB68-EA4F-4195-AE31-E68CD5B55A8E} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: {146566BA-19D3-40B9-97D5-543E094A5B22} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-12] (Microsoft Corporation)
Task: {34ADF59F-1EB5-404C-96D6-68A3243F3022} - System32\Tasks\ApnTBMon => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
Task: {523FE8AD-2BAE-49E6-827F-EEBC6F8C3EC2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-06] (Google Inc.)
Task: {52A27926-BD30-47C9-AEE6-076361A52611} - System32\Tasks\HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe [2014-01-29] (Intel Corporation)
Task: {691ED5C3-6C36-4199-ACA2-F494FE90DB28} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3158294459-1416924627-3807266797-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {85B7F723-CD01-42DE-A929-9CB40D2D3791} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe
Task: {85B89210-CDFE-4AA6-B114-E07759150DD6} - System32\Tasks\Schirmfoto => C:\Program Files (x86)\Schirmfoto\schirmfoto.exe [2013-09-30] (Abelssoft GmbH)
Task: {88BD8C68-2B30-4807-B0EA-16F47AC47A2D} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk
Task: {8DA72A00-3FD1-454D-8E2A-5C64D0E012D7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {9430E457-EF3F-4E22-8DAC-30E42BF4EBF4} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {95E4C3A0-D22A-4942-A92F-5B629D10725D} - System32\Tasks\Persistence => C:\WINDOWS\system32\igfxpers.exe [2014-01-29] (Intel Corporation)
Task: {9CBB7919-F0EB-45CB-84CB-8F71B760A606} - System32\Tasks\{D23AFADB-5DFD-4E15-86AD-25B10F1D6DC0} => pcalua.exe -a "C:\Program Files (x86)\PSHD-9.9\Uninstall.exe" -c /fcp=1
Task: {9E75B00A-1C81-41B8-A142-851B11532A9B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-08] (Adobe Systems Incorporated)
Task: {A3FE59EA-0BAE-437B-99C7-C6D2B0DE98CE} - System32\Tasks\AbelssoftPreloader => C:\Program Files (x86)\WashAndGo\AbelssoftPreloader.exe [2015-03-06] (Microsoft)
Task: {ADBE741C-6DAA-4D48-8BFA-EE0A30E57491} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-06] (Google Inc.)
Task: {B2B21DD4-1F6D-492A-AD79-BB66FF26A6C4} - System32\Tasks\{0DC6CDDB-0711-42FB-9A1E-CCC76F140EAF} => pcalua.exe -a "C:\Users\Brockhoff\AppData\Roaming\Security System 2\uninstaller.exe"
Task: {DA6FB7BC-F966-4ABB-AEAB-2684EDC9D1F2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {DC7FFE6B-12CB-4E9D-AC3B-D20BBF2D6E5B} - System32\Tasks\Ocster Backup => C:\Program Files\Ocster Backup\bin\backupClient-ox.exe
Task: {EEF37EE3-6FBE-4DF4-B704-14A50E2F1074} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [2015-01-30] (Avira Operations GmbH & Co. KG)
Task: {F8881643-754C-4307-995A-DD79095D7500} - System32\Tasks\WashAndGoNGBackground => C:\Program Files (x86)\WashAndGo\WashAndGo.exe [2015-03-06] (Microsoft)
Task: {FE8DD905-474F-4DA8-9776-35C8FD6053FB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: C:\Windows\Tasks\AbelssoftPreloader.job => C:\Program Files (x86)\WashAndGo\AbelssoftPreloader.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AdvancedDriverUpdater_UPDATES.job => C:\Program Files (x86)\Advanced Driver Updater\adu.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\Windows\Tasks\Schirmfoto.job => C:\Program Files (x86)\Schirmfoto\schirmfoto.exe
Task: C:\Windows\Tasks\WashAndGoNGBackground.job => C:\Program Files (x86)\WashAndGo\WashAndGo.exe

==================== Loaded Modules (whitelisted) ==============

2015-01-17 13:33 - 2011-09-13 09:16 - 00342984 ____N () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
2014-12-22 22:01 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-12-14 02:42 - 2012-12-14 02:42 - 00094208 _____ () C:\WINDOWS\system32\IccLibDll_x64.dll
2013-08-14 22:06 - 2013-09-30 18:22 - 00022144 _____ () C:\Program Files (x86)\Schirmfoto\AbSettingsKeeper.dll
2013-08-14 22:06 - 2013-09-30 18:22 - 00204416 _____ () C:\Program Files (x86)\Schirmfoto\AbBugReporter.dll
2013-08-14 22:06 - 2013-09-30 18:22 - 00050816 _____ () C:\Program Files (x86)\Schirmfoto\AbCommons.dll
2013-08-14 22:06 - 2013-09-30 18:23 - 00250496 _____ () C:\Program Files (x86)\Schirmfoto\SchirmfotoCommon.dll
2013-08-14 22:06 - 2013-09-30 18:22 - 00108160 _____ () C:\Program Files (x86)\Schirmfoto\Cropper.dll
2013-08-14 22:06 - 2013-09-30 18:22 - 01055872 _____ () C:\Program Files (x86)\Schirmfoto\AbScheduler.dll
2014-11-02 08:21 - 2015-03-06 15:03 - 00059656 _____ () C:\Program Files (x86)\WashAndGo\AbSettings.dll
2014-11-02 08:21 - 2015-03-06 15:03 - 00010504 _____ () C:\Program Files (x86)\WashAndGo\AbUpdateBugReporter.dll
2014-11-02 08:21 - 2015-03-06 15:03 - 01432328 _____ () C:\Program Files (x86)\WashAndGo\AbGui.dll
2014-11-02 08:21 - 2015-01-20 15:14 - 00024840 _____ () C:\Program Files (x86)\WashAndGo\OutlookCleaner.dll
2014-11-02 08:21 - 2015-01-20 15:14 - 00013576 _____ () C:\Program Files (x86)\WashAndGo\AbProcessManager.dll
2014-11-02 08:21 - 2014-10-13 09:43 - 00787968 _____ () C:\Program Files (x86)\WashAndGo\sqlite3.DLL
2013-11-06 11:58 - 2013-11-06 11:58 - 02048000 _____ () C:\Program Files\Avira Secure Backup\ShellExtensionx64\ShellExtension1.dll
2014-11-25 16:31 - 2014-11-25 16:31 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2015-01-17 13:33 - 2011-09-13 09:16 - 00510920 ____N () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-28 18:49 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll
2014-03-10 12:41 - 2014-10-15 12:11 - 00032768 _____ () C:\Program Files\CyberGhost 5\de\CyberGhost.resources.dll
2014-11-12 13:28 - 2014-11-03 08:32 - 01428584 _____ () C:\Program Files\CyberGhost 5\Geckofx-Core.dll
2014-02-26 12:16 - 2014-02-26 12:16 - 00032768 _____ () C:\Program Files (x86)\VitaDock\QHIDDLL.dll
2014-02-27 17:31 - 2014-02-27 17:31 - 00070656 _____ () C:\Program Files (x86)\VitaDock\QtSerialPort.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00026488 _____ () C:\Program Files (x86)\MyDrive Connect\DeviceDetection.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00087416 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterBase.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00398712 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterProxy.dll
2014-01-27 15:46 - 2014-01-27 15:46 - 00241664 _____ () C:\Program Files (x86)\MEDION\LifeCloud Desktop Applications\HipServAgent\libupnp.dll
2014-01-27 15:46 - 2014-01-27 15:46 - 00984064 _____ () C:\Program Files (x86)\MEDION\LifeCloud Desktop Applications\HipServAgent\libxml2.dll
2014-04-03 09:31 - 2011-01-31 08:45 - 00559244 _____ () C:\Program Files (x86)\TraXEx\sqlite3.dll
2014-03-10 12:41 - 2014-10-21 19:44 - 00165416 _____ () C:\Program Files\CyberGhost 5\Data\OpenVPN\liblzo2-2.dll
2014-03-10 12:41 - 2014-10-21 19:44 - 00112736 _____ () C:\Program Files\CyberGhost 5\Data\OpenVPN\libpkcs11-helper-1.dll
2013-11-06 11:59 - 2013-11-06 11:59 - 01633280 _____ () C:\Program Files\Avira Secure Backup\ShellExtension\ShellExtension.dll
2014-12-22 22:06 - 2014-12-22 22:30 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5B8EC693
AlternateDataStreams: C:\ProgramData\TEMP:7C784982
AlternateDataStreams: C:\ProgramData\TEMP:8D09CB9B
AlternateDataStreams: C:\ProgramData\TEMP:A303874F
AlternateDataStreams: C:\ProgramData\TEMP:B6AC352B
AlternateDataStreams: C:\Users\Brockhoff\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Brockhoff\SkyDrive (2).old:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Brockhoff\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img6.jpg
DNS Servers: 95.169.183.219 - 89.41.60.38

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ASO3DiskOptimizer => 3
MSCONFIG\Services: BTDevManager => 3
MSCONFIG\Services: CGVPNCliService => 2
MSCONFIG\Services: CGVPNCliSrvc => 3
MSCONFIG\Services: ioloSystemService => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: ocster_backup => 2
HKLM\...\StartupApproved\StartupFolder: => "penDirector.lnk"
HKLM\...\StartupApproved\Run: => "Ocster Backup"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run32: => "avgnt"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "COMPUTERBILD-Abzockschutz Premium"
HKLM\...\StartupApproved\Run32: => "InboxMonitor"
HKLM\...\StartupApproved\Run32: => "PDFProHook"
HKLM\...\StartupApproved\Run32: => "Avira Systray"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\StartupApproved\StartupFolder: => "Samsung Magician.lnk"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\StartupApproved\StartupFolder: => "Password Safe.lnk"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\StartupApproved\Run: => "TomTomHOME.exe"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\StartupApproved\Run: => "AviraSpeedup"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\StartupApproved\Run: => "Note Manager"

==================== Accounts: =============================

Administrator (S-1-5-21-3158294459-1416924627-3807266797-500 - Administrator - Disabled) => C:\Users\Administrator
Brockhoff (S-1-5-21-3158294459-1416924627-3807266797-1001 - Administrator - Enabled) => C:\Users\Brockhoff
Guest (S-1-5-21-3158294459-1416924627-3807266797-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Siggis Galaxy
Description: GT-I9300
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: SAMSUNG Electronics Co. Ltd.
Service: WUDFWpdMtp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/15/2015 09:01:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.3.9600.17667, Zeitstempel: 0x54c6f7c2
Name des fehlerhaften Moduls: twinui.appcore.dll, Version: 6.3.9600.17195, Zeitstempel: 0x5389407c
Ausnahmecode: 0x80270233
Fehleroffset: 0x0000000000087c77
ID des fehlerhaften Prozesses: 0xf48
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Vollständiger Name des fehlerhaften Pakets: Explorer.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Explorer.EXE5

Error: (03/14/2015 06:59:40 PM) (Source: Avira Secure Backup Crawler) (EventID: 1) (User: )
Description: An error has occurred (Problem mit Benutzerkonto
).

Error: (03/14/2015 05:57:58 PM) (Source: Avira Secure Backup Crawler) (EventID: 1) (User: )
Description: An error has occurred (Problem mit Benutzerkonto
).

Error: (03/14/2015 05:53:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.3.9600.17667, Zeitstempel: 0x54c6f7c2
Name des fehlerhaften Moduls: twinui.appcore.dll, Version: 6.3.9600.17195, Zeitstempel: 0x5389407c
Ausnahmecode: 0x80270233
Fehleroffset: 0x0000000000087c77
ID des fehlerhaften Prozesses: 0xfa0
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Vollständiger Name des fehlerhaften Pakets: Explorer.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Explorer.EXE5

Error: (03/14/2015 01:31:10 PM) (Source: Avira Secure Backup Crawler) (EventID: 1) (User: )
Description: An error has occurred (Problem mit Benutzerkonto
).

Error: (03/14/2015 01:30:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.3.9600.17667, Zeitstempel: 0x54c6f7c2
Name des fehlerhaften Moduls: twinui.appcore.dll, Version: 6.3.9600.17195, Zeitstempel: 0x5389407c
Ausnahmecode: 0x80270233
Fehleroffset: 0x0000000000087c77
ID des fehlerhaften Prozesses: 0xef8
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Vollständiger Name des fehlerhaften Pakets: Explorer.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Explorer.EXE5

Error: (03/14/2015 01:11:33 PM) (Source: Avira Secure Backup Crawler) (EventID: 1) (User: )
Description: An error has occurred (Problem mit Benutzerkonto
).

Error: (03/14/2015 00:10:55 PM) (Source: Avira Secure Backup Crawler) (EventID: 1) (User: )
Description: An error has occurred (Problem mit Benutzerkonto
).

Error: (03/14/2015 10:57:27 AM) (Source: Avira Secure Backup Crawler) (EventID: 1) (User: )
Description: An error has occurred (Problem mit Benutzerkonto
).

Error: (03/14/2015 10:37:20 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

System errors:
=============
Error: (03/15/2015 08:58:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "iolo System Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (03/15/2015 08:58:55 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Smart Card" ist vom Dienst "Windows Driver Foundation - User-mode Driver Framework" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1070

Error: (03/15/2015 08:58:55 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Driver Foundation - User-mode Driver Framework" wurde nicht richtig gestartet.

Error: (03/14/2015 05:53:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "iolo System Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (03/14/2015 05:51:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "iolo System Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (03/14/2015 01:30:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "iolo System Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (03/14/2015 01:26:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "iolo System Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (03/14/2015 01:26:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Secure Backup Crawler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/14/2015 01:26:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/14/2015 01:26:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Restart the service.

Microsoft Office Sessions:
=========================
Error: (03/15/2015 09:01:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2twinui.appcore.dll6.3.9600.171955389407c802702330000000000087c77f4801d05ef5fd8dca47C:\Windows\Explorer.EXEC:\Windows \System32\twinui.appcore.dll83492e01-cae9-11e4-81a6-0015835015af

Error: (03/14/2015 06:59:40 PM) (Source: Avira Secure Backup Crawler) (EventID: 1) (User: )
Description: Avira Secure Backup CrawlerProblem mit Benutzerkonto

Error: (03/14/2015 05:57:58 PM) (Source: Avira Secure Backup Crawler) (EventID: 1) (User: )
Description: Avira Secure Backup CrawlerProblem mit Benutzerkonto

Error: (03/14/2015 05:53:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2twinui.appcore.dll6.3.9600.171955389407c802702330000000000087c77fa001d05e771bc5f8d6C:\Windows\Explorer.EXEC:\Windows \System32\twinui.appcore.dlla1ac756c-ca6a-11e4-81a5-001999e9fa1d

Error: (03/14/2015 01:31:10 PM) (Source: Avira Secure Backup Crawler) (EventID: 1) (User: )
Description: Avira Secure Backup CrawlerProblem mit Benutzerkonto

Error: (03/14/2015 01:30:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2twinui.appcore.dll6.3.9600.171955389407c802702330000000000087c77ef801d05e525acefa3dC:\Windows\Explorer.EXEC:\Windows \System32\twinui.appcore.dlle0daba8d-ca45-11e4-81a4-0015835015af

Error: (03/14/2015 01:11:33 PM) (Source: Avira Secure Backup Crawler) (EventID: 1) (User: )
Description: Avira Secure Backup CrawlerProblem mit Benutzerkonto

Error: (03/14/2015 00:10:55 PM) (Source: Avira Secure Backup Crawler) (EventID: 1) (User: )
Description: Avira Secure Backup CrawlerProblem mit Benutzerkonto

Error: (03/14/2015 10:57:27 AM) (Source: Avira Secure Backup Crawler) (EventID: 1) (User: )
Description: Avira Secure Backup CrawlerProblem mit Benutzerkonto

Error: (03/14/2015 10:37:20 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\mindvisualizer standard edition\DelZip179.dllc:\program files (x86)\mindvisualizer standard edition\DelZip179.dll8

CodeIntegrity Errors:
===================================
Date: 2014-11-24 18:34:39.559
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:39.420
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:39.286
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:39.153
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:39.018
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:38.885
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:38.747
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:38.614
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:38.478
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:38.345
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2310 CPU @ 2.90GHz
Percentage of memory in use: 70%
Total physical RAM: 3972.38 MB
Available physical RAM: 1170.98 MB
Total Pagefile: 5252.38 MB
Available Pagefile: 1588.02 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:230.76 GB) (Free:72.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (MEDION USB) (Removable) (Total:29.44 GB) (Free:29.44 GB) FAT32
Drive f: (INTENSO) (Removable) (Total:3.73 GB) (Free:2.35 GB) FAT32
Drive g: (SICHERUNG 2) (Fixed) (Total:93.14 GB) (Free:23.74 GB) FAT32
Drive h: (VERBATIM) (Fixed) (Total:931.28 GB) (Free:805.46 GB) FAT32
Drive k: (SCANDISK) (Removable) (Total:29.82 GB) (Free:29.79 GB) FAT32
Drive l: (Sicherung 1) (Fixed) (Total:931.51 GB) (Free:832.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 2893EBBE)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=0C)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 29.5 GB) (Disk ID: F5726138)
Partition 1: (Not Active) - (Size=29.4 GB) - (Type=0C)

========================================================
Disk: 4 (Size: 29.8 GB) (Disk ID: 6E652072)
No partition Table on disk 4.

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: A76C72C3)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 93.2 GB) (Disk ID: 9056D507)
Partition 1: (Not Active) - (Size=93.2 GB) - (Type=06)

==================== End Of Log ============================

[/CODE]

M-K-D-B · 15.03.2015, 10:14

Zukünftig bitte beachten:

Zitat:

Running from C:\Users\Brockhoff\Downloads

Leider hast du unsere Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.
Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter.

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die Logdatei von JRT,
die beiden neuen Logdateien von FRST.

paule11 · 15.03.2015, 12:32

Hoffe nun ist es O.K.

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Brockhoff at 2015-03-15 12:20:09
Running from C:\Users\Brockhoff\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1-abc.net Duplicate Finder (HKLM-x32\...\1-abc.net Duplicate Finder) (Version:  - 1-abc.net Software Development and Distribution)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ALDI TALK Verbindungsassistent (HKLM-x32\...\ALDITALKVerbindungsassistent) (Version: ALDI TALK 4.0 - ALDI TALK Verbindungsassistent)
Anoto penDirector 1.4.0.0 (HKLM-x32\...\Anoto_penDirector) (Version: 1.4.0.0 - Anoto AB)
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.644 - Avira)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avanquest update (HKLM-x32\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.34 - Avanquest Software)
Avira (HKLM-x32\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C0A00}) (Version: 12.10.0.2949 - APN, LLC)
Avira Secure Backup (HKLM\...\Avira Secure Backup) (Version: 1.0.0 - Avira Secure Backup)
Avira System Speedup 1.6 (HKLM-x32\...\Avira System Speedup_is1) (Version: 1.6 - 2000 - 2015 Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Cinebook (x32 Version: 3.2.16 - SSW Software GmbH) Hidden
Citrix Online Launcher (HKLM-x32\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
DesignCAD 20 (HKLM-x32\...\{5870DF31-7BF8-4635-B708-7695CBCD5D48}) (Version: 20.0.0 - IMSIDesign)
DesignCAD 3D Max 22 (HKLM-x32\...\{CCB44106-246E-45A5-8507-801F39EFB55B}) (Version: 22.0.0 - IMSIDesign)
DesignCAD Toolkit Basis Version 1.1c (HKLM-x32\...\DesignCAD Toolkit Basis_is1) (Version: 1.1c - Franzis Verlag)
Duplicate Photo Cleaner (HKLM\...\Duplicate Photo Cleaner_is1) (Version:  - WebMinds, Inc.)
Express Zip (HKLM-x32\...\ExpressZip) (Version: 2.18 - NCH Software)
FwD Updater 1.1 (HKLM-x32\...\FwD Updater) (Version: 1.1 - Funkwerk Dabendorf)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GS Modellbahn-Verwaltung 7D Version 1 (HKLM-x32\...\{B8F7C2D1-3094-4BF4-A763-9DC8467B5B46}_is1) (Version: 1 - Dipl.-Ing.(FH) Gert Spießhofer)
HDR projects elements (64-Bit) (HKLM\...\HDR projects elements_is1) (Version: 1.22 - Franzis Verlag GmbH)
HL-2130 (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
InfoBibliothek 2 (HKLM-x32\...\{78D7D7CD-A06B-4514-ACBD-8055BF945A8E}) (Version: 1.08.03.02 - Wolters Kluwer Deutschland GmbH)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 12.5.0 - iolo technologies, LLC)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
KPF-Zeller Speed-Cat USB V4.0 (HKLM-x32\...\Speed-Cat_is1) (Version:  - )
LifeCloud Desktop Applications (HKLM-x32\...\{54DC3D01-80CC-44DA-830E-B942F063975B}) (Version: 1.4.4 - Axentra Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Max Local Application (HKLM-x32\...\Max Local Application) (Version: 1.4.1 - ELV Elektronik AG)
Max Local Application (x32 Version: 1.4.0 - eQ-3 Entwicklung GmbH) Hidden
Max Local Application (x32 Version: 1.4.1 - ELV Elektronik AG) Hidden
MAX!Buddy (HKLM-x32\...\MAX!Buddy) (Version: r9.16.2 - Sebastian Kopsan)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mediatek Bluetooth (HKLM\...\{A9409290-2A97-8735-93A3-DF710B1F44B0}) (Version: 11.0.742.0 - Mediatek)
Microsoft Access database engine 2010 (German) (HKLM-x32\...\{90140000-00D1-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MindVisualizer Deutsche Version (HKLM-x32\...\MindVisualizer Deutsche Version_is1) (Version:  - InnovationGear.com)
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
MyDriveConnect 3.3.0.1812 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
MyFreeCodec (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\MyFreeCodec) (Version:  - )
MyFreeCodec (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MyFreeCodec) (Version:  - )
MyFreeCodec (HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MyFreeCodec) (Version:  - )
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
myphotobook.de (x32 Version: 1.5.3 - myphotobook GmbH) Hidden
MyScript Anoto InkRetriever 1.0 (HKLM-x32\...\MyScript Anoto InkRetriever 1.0_is1) (Version: 1.0.0.8 - Vision Objects)
MyScript Studio de_DE pack 1.2 (HKLM-x32\...\MyScript Studio de_DE pack 1.2_is1) (Version: 1.2.0.200 - Vision Objects)
MyScript Studio Notes Edition 1.2 (HKLM-x32\...\MyScript Studio 1.2_is1) (Version: 1.2.0.336 - Vision Objects)
Nero BurnLite 10 (HKLM-x32\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG)
Nero BurnLite 10 (HKLM-x32\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG)
Nuance OmniPage 18 (HKLM-x32\...\{F814FDB6-8F71-4697-AEA5-FB39C00364EE}) (Version: 18.0.0000 - Nuance Communications, Inc.)
Nuance PDF Converter Enterprise 8 (HKLM\...\{CCBC433F-343E-402A-9FB0-721218C52127}) (Version: 8.10.7268 - Nuance Communications, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Password Safe (HKLM-x32\...\Password Safe) (Version:  - )
PDF Experte 9 Professional (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 9.01 - Avanquest Software)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.212.0 - Tracker Software Products Ltd)
penDirectorMergeModules (x32 Version: 1.4.0.0 - Anoto AB) Hidden
Photomizer Retro (HKLM-x32\...\{41B5224D-7853-4EA5-0001-C8949A33B608}) (Version: 2.0.14.106 - Engelmann Media GmbH)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PixelNet Software 4.14.4 (HKLM-x32\...\PixelNet Software) (Version: 4.14.4 - ORWO Net)
RAPID Mode (Version: 1.0.1.81 - Samsung Electronics Co., Ltd.) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.787.787.111413 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.21.909.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7272 - Realtek Semiconductor Corp.)
Rechtstipps - Der RechtsBerater (HKLM-x32\...\{69F060A7-E04F-4E33-AA8F-9EBF188823AB}) (Version: 15.02.0 - Akademische Arbeitsgemeinschaft Verlag)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.6 - Samsung)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_4 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_4 - Samsung Electronics Co., Ltd.) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.40.0 - SAMSUNG Electronics Co., Ltd.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
sceye 5th (HKLM-x32\...\{FF751753-5D0A-48A8-AE2B-C545C83C2013}) (Version: 5.5.1 - Silvercreations)
Schirmfoto (HKLM-x32\...\Schirmfoto_is1) (Version: 2014 - Abelssoft)
SimilarImages (HKLM-x32\...\SimilarImages) (Version: 2013.11 - Nils Maier)
SoftMaker Office Standard 2012 (HKLM-x32\...\{8EBB8452-274B-465D-8324-00B0832FBB02}) (Version: 12.0.3398 - SoftMaker Software GmbH)
Sparfuchs (HKLM-x32\...\Sparfuchs_is1) (Version: 2015 - Abelssoft)
SteuerBerater 2014-2015 (HKLM-x32\...\{A671167A-237C-4AFD-913C-0B64768EA8DC}) (Version: 15.01.0 - Akademische Arbeitsgemeinschaft)
Steuer-Spar-Erklärung Plus 2013 (HKLM-x32\...\{D4A69FFE-B7F6-42B6-ACF3-3F238F9A26D8}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung Plus 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.12.92 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung Plus 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.30.147 - Akademische Arbeitsgemeinschaft)
System Checkup 3.5 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.5.4.2 - iolo technologies, LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TraXEx 6.0 (HKLM-x32\...\TraXEx_is1) (Version: 6.0.0.0 - Alexander Miehlke Softwareentwicklung)
Tyre (HKLM-x32\...\Tyre_is1) (Version: 6.3.1.3 - 't Schrijverke)
UpdateStar Drivers (HKLM-x32\...\UpdateStar Drivers) (Version: 7.0.0 - UpdateStar)
USIM Editor  1.0.37.0 (HKLM-x32\...\Card Reader Driver and USIM Editor  Program_is1) (Version:  - )
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VitaDock® Online PC 1.0.530 (HKLM-x32\...\{2DDE97C5-863F-4FFB-84A2-70B21684D747}) (Version: 1.0.530.0 - Medisana)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WashAndGo (HKLM-x32\...\WashAndGo_is1) (Version: 19.3 - Abelssoft)
WEB.DE Online-Speicher 1.11.4174.0 (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\WEB.DE Application {sync-000021}) (Version: 1.11.4174.0 - 1&1 Mail & Media GmbH)
WEB.DE Online-Speicher 1.11.4174.0 (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WEB.DE Application {sync-000021}) (Version: 1.11.4174.0 - 1&1 Mail & Media GmbH)
WEB.DE Online-Speicher 1.5.1888.0 (HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WEB.DE Application {sync-000021}) (Version: 1.5.1888.0 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung CE (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.1.1 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung CE (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.1.1 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung CE (HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.1.1 - 1&1 Mail & Media GmbH)
Windows Driver Package - Prolific (Ser2pl) Ports  (03/12/2010 3.3.11.152) (HKLM\...\1368C87DCBC1A47DB78AD625B2C7E102AF9F447F) (Version: 03/12/2010 3.3.11.152 - Prolific)
Windows-Treiberpaket - SilverCreations AG SceyeDrivers (12/10/2009 3.4.1.20) (HKLM\...\EED52136A3BEC35F575B1E02640D6CB902BACA01) (Version: 12/10/2009 3.4.1.20 - SilverCreations AG)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
WISO Mein Geld 2014 Professional (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\WISO Mein Geld 2014 Professional) (Version:  - Buhl Data Service GmbH)
WISO Mein Geld 2014 Professional (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WISO Mein Geld 2014 Professional) (Version:  - Buhl Data Service GmbH)
WISO Mein Geld 2014 Professional (HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WISO Mein Geld 2014 Professional) (Version:  - Buhl Data Service GmbH)
WISO Mein Geld 2015 Professional .NET (HKLM-x32\...\WISO Mein Geld 2015 Professional .NET) (Version:  - Buhl Data Service GmbH)
WISO Mein Geld 2015 Professional .NET (x32 Version: 20.0.0.0 - Buhl Data Service GmbH) Hidden
Wondershare DVD Slideshow Builder HD-Video Deluxe(Build 6.1.4.4 (HKLM-x32\...\Wondershare DVD Slideshow Builder HD-Video Deluxe_is1) (Version: 6.1.4.48 - WonderShare Software Co.,Ltd.)
Wondershare PDF Editor(Build 3.9.1) (HKLM-x32\...\{75BAE677-F65A-45A4-9931-363FE0CF5E58}_is1) (Version: 3.9.1.2 - Wondershare Software Co.,Ltd.)
Wondershare Video Converter Pro(Build 6.0.1.0) (HKLM-x32\...\Wondershare Video Converter Pro_is1) (Version: 6.0.1.0 - Wondershare Software)
Zoner Photo Studio 15 (HKLM\...\ZonerPhotoStudio15_DE_is1) (Version: 15.0.1.7 - ZONER software)
Zoner Photo Studio 16 (HKLM\...\ZonerPhotoStudio16_DE_is1) (Version: 16.0.1.7 - ZONER software)
Zoner Photo Studio 17 (HKLM\...\ZonerPhotoStudio17_DE_is1) (Version: 17.0.1.4 - ZONER software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3158294459-1416924627-3807266797-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Brockhoff\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

28-02-2015 17:00:21 Removed Note Manager Software
06-03-2015 17:28:07 Rechtstipps - Der RechtsBerater wurde entfernt.
08-03-2015 16:36:11 Installed LifeCloud Desktop Applications
09-03-2015 07:55:57 Create system restore point before cleaning junk files
12-03-2015 10:33:32 Removed Mobile note taker 3.0
15-03-2015 12:15:06 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0767E4BD-9317-4FFA-9B69-3C10F371037C} - System32\Tasks\AdvancedDriverUpdater_UPDATES => C:\Program Files (x86)\Advanced Driver Updater\adu.exe
Task: {07BF256E-F136-4466-8383-A06F5B962A1F} - System32\Tasks\Password Safe => C:\Program Files (x86)\Password Safe\pwsafe.exe [2014-07-28] (SourceForge.net)
Task: {0E68AB68-EA4F-4195-AE31-E68CD5B55A8E} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: {34ADF59F-1EB5-404C-96D6-68A3243F3022} - System32\Tasks\ApnTBMon => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
Task: {523FE8AD-2BAE-49E6-827F-EEBC6F8C3EC2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-06] (Google Inc.)
Task: {52A27926-BD30-47C9-AEE6-076361A52611} - System32\Tasks\HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe [2014-01-29] (Intel Corporation)
Task: {691ED5C3-6C36-4199-ACA2-F494FE90DB28} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3158294459-1416924627-3807266797-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {85B7F723-CD01-42DE-A929-9CB40D2D3791} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe
Task: {85B89210-CDFE-4AA6-B114-E07759150DD6} - System32\Tasks\Schirmfoto => C:\Program Files (x86)\Schirmfoto\schirmfoto.exe [2013-09-30] (Abelssoft GmbH)
Task: {88BD8C68-2B30-4807-B0EA-16F47AC47A2D} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk
Task: {8DA72A00-3FD1-454D-8E2A-5C64D0E012D7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {9430E457-EF3F-4E22-8DAC-30E42BF4EBF4} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {95E4C3A0-D22A-4942-A92F-5B629D10725D} - System32\Tasks\Persistence => C:\WINDOWS\system32\igfxpers.exe [2014-01-29] (Intel Corporation)
Task: {9CBB7919-F0EB-45CB-84CB-8F71B760A606} - System32\Tasks\{D23AFADB-5DFD-4E15-86AD-25B10F1D6DC0} => pcalua.exe -a "C:\Program Files (x86)\PSHD-9.9\Uninstall.exe" -c /fcp=1
Task: {9E75B00A-1C81-41B8-A142-851B11532A9B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-08] (Adobe Systems Incorporated)
Task: {A3FE59EA-0BAE-437B-99C7-C6D2B0DE98CE} - System32\Tasks\AbelssoftPreloader => C:\Program Files (x86)\WashAndGo\AbelssoftPreloader.exe [2015-03-06] (Microsoft)
Task: {ADBE741C-6DAA-4D48-8BFA-EE0A30E57491} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-06] (Google Inc.)
Task: {B2B21DD4-1F6D-492A-AD79-BB66FF26A6C4} - System32\Tasks\{0DC6CDDB-0711-42FB-9A1E-CCC76F140EAF} => pcalua.exe -a "C:\Users\Brockhoff\AppData\Roaming\Security System 2\uninstaller.exe"
Task: {DA6FB7BC-F966-4ABB-AEAB-2684EDC9D1F2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {DAE9D35F-E761-4E05-9D3B-CA84970A962B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-12] (Microsoft Corporation)
Task: {DC7FFE6B-12CB-4E9D-AC3B-D20BBF2D6E5B} - System32\Tasks\Ocster Backup => C:\Program Files\Ocster Backup\bin\backupClient-ox.exe
Task: {EEF37EE3-6FBE-4DF4-B704-14A50E2F1074} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [2015-01-30] (Avira Operations GmbH & Co. KG)
Task: {F8881643-754C-4307-995A-DD79095D7500} - System32\Tasks\WashAndGoNGBackground => C:\Program Files (x86)\WashAndGo\WashAndGo.exe [2015-03-06] (Microsoft)
Task: {FE8DD905-474F-4DA8-9776-35C8FD6053FB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: C:\Windows\Tasks\AbelssoftPreloader.job => C:\Program Files (x86)\WashAndGo\AbelssoftPreloader.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AdvancedDriverUpdater_UPDATES.job => C:\Program Files (x86)\Advanced Driver Updater\adu.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\Windows\Tasks\Schirmfoto.job => C:\Program Files (x86)\Schirmfoto\schirmfoto.exe
Task: C:\Windows\Tasks\WashAndGoNGBackground.job => C:\Program Files (x86)\WashAndGo\WashAndGo.exe

==================== Loaded Modules (whitelisted) ==============

2015-01-17 13:33 - 2011-09-13 09:16 - 00342984 ____N () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
2014-12-22 22:01 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-12-14 02:42 - 2012-12-14 02:42 - 00094208 _____ () C:\WINDOWS\system32\IccLibDll_x64.dll
2014-11-02 08:21 - 2015-03-06 15:03 - 00059656 _____ () C:\Program Files (x86)\WashAndGo\AbSettings.dll
2014-11-02 08:21 - 2015-03-06 15:03 - 00010504 _____ () C:\Program Files (x86)\WashAndGo\AbUpdateBugReporter.dll
2014-11-02 08:21 - 2015-03-06 15:03 - 01432328 _____ () C:\Program Files (x86)\WashAndGo\AbGui.dll
2014-11-02 08:21 - 2015-01-20 15:14 - 00024840 _____ () C:\Program Files (x86)\WashAndGo\OutlookCleaner.dll
2014-11-02 08:21 - 2015-01-20 15:14 - 00013576 _____ () C:\Program Files (x86)\WashAndGo\AbProcessManager.dll
2014-11-02 08:21 - 2014-10-13 09:43 - 00787968 _____ () C:\Program Files (x86)\WashAndGo\sqlite3.DLL
2013-08-14 22:06 - 2013-09-30 18:22 - 00022144 _____ () C:\Program Files (x86)\Schirmfoto\AbSettingsKeeper.dll
2013-08-14 22:06 - 2013-09-30 18:22 - 00204416 _____ () C:\Program Files (x86)\Schirmfoto\AbBugReporter.dll
2013-08-14 22:06 - 2013-09-30 18:22 - 00050816 _____ () C:\Program Files (x86)\Schirmfoto\AbCommons.dll
2013-08-14 22:06 - 2013-09-30 18:23 - 00250496 _____ () C:\Program Files (x86)\Schirmfoto\SchirmfotoCommon.dll
2013-08-14 22:06 - 2013-09-30 18:22 - 00108160 _____ () C:\Program Files (x86)\Schirmfoto\Cropper.dll
2013-08-14 22:06 - 2013-09-30 18:22 - 01055872 _____ () C:\Program Files (x86)\Schirmfoto\AbScheduler.dll
2013-11-06 15:52 - 2013-11-06 15:52 - 02258000 _____ () C:\Program Files\Avira Secure Backup\Avira Secure BackupCrawler.exe
2015-01-17 13:33 - 2011-09-13 09:16 - 00510920 ____N () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
2013-11-06 11:58 - 2013-11-06 11:58 - 02048000 _____ () C:\Program Files\Avira Secure Backup\ShellExtensionx64\ShellExtension1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-28 18:49 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll
2014-03-10 12:41 - 2014-10-15 12:11 - 00032768 _____ () C:\Program Files\CyberGhost 5\de\CyberGhost.resources.dll
2014-11-12 13:28 - 2014-11-03 08:32 - 01428584 _____ () C:\Program Files\CyberGhost 5\Geckofx-Core.dll
2014-02-26 12:16 - 2014-02-26 12:16 - 00032768 _____ () C:\Program Files (x86)\VitaDock\QHIDDLL.dll
2014-02-27 17:31 - 2014-02-27 17:31 - 00070656 _____ () C:\Program Files (x86)\VitaDock\QtSerialPort.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00026488 _____ () C:\Program Files (x86)\MyDrive Connect\DeviceDetection.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00087416 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterBase.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00398712 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterProxy.dll
2014-01-27 15:46 - 2014-01-27 15:46 - 00241664 _____ () C:\Program Files (x86)\MEDION\LifeCloud Desktop Applications\HipServAgent\libupnp.dll
2014-01-27 15:46 - 2014-01-27 15:46 - 00984064 _____ () C:\Program Files (x86)\MEDION\LifeCloud Desktop Applications\HipServAgent\libxml2.dll
2014-04-03 09:31 - 2011-01-31 08:45 - 00559244 _____ () C:\Program Files (x86)\TraXEx\sqlite3.dll
2014-03-10 12:41 - 2014-10-21 19:44 - 00165416 _____ () C:\Program Files\CyberGhost 5\Data\OpenVPN\liblzo2-2.dll
2014-03-10 12:41 - 2014-10-21 19:44 - 00112736 _____ () C:\Program Files\CyberGhost 5\Data\OpenVPN\libpkcs11-helper-1.dll
2013-11-06 11:59 - 2013-11-06 11:59 - 01633280 _____ () C:\Program Files\Avira Secure Backup\ShellExtension\ShellExtension.dll
2014-12-22 22:06 - 2014-12-22 22:30 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5B8EC693
AlternateDataStreams: C:\ProgramData\TEMP:7C784982
AlternateDataStreams: C:\ProgramData\TEMP:8D09CB9B
AlternateDataStreams: C:\ProgramData\TEMP:A303874F
AlternateDataStreams: C:\ProgramData\TEMP:B6AC352B
AlternateDataStreams: C:\Users\Brockhoff\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Brockhoff\SkyDrive (2).old:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Brockhoff\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img6.jpg
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Brockhoff\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img6.jpg
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 95.169.183.219 - 89.41.60.38

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ASO3DiskOptimizer => 3
MSCONFIG\Services: BTDevManager => 3
MSCONFIG\Services: CGVPNCliService => 2
MSCONFIG\Services: CGVPNCliSrvc => 3
MSCONFIG\Services: ioloSystemService => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: ocster_backup => 2
HKLM\...\StartupApproved\StartupFolder: => "penDirector.lnk"
HKLM\...\StartupApproved\Run: => "Ocster Backup"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run32: => "avgnt"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "COMPUTERBILD-Abzockschutz Premium"
HKLM\...\StartupApproved\Run32: => "InboxMonitor"
HKLM\...\StartupApproved\Run32: => "PDFProHook"
HKLM\...\StartupApproved\Run32: => "Avira Systray"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\StartupApproved\StartupFolder: => "Samsung Magician.lnk"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\StartupApproved\StartupFolder: => "Password Safe.lnk"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\StartupApproved\Run: => "TomTomHOME.exe"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\StartupApproved\Run: => "AviraSpeedup"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\StartupApproved\Run: => "Note Manager"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Samsung Magician.lnk"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Password Safe.lnk"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "TomTomHOME.exe"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "AviraSpeedup"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Note Manager"
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Samsung Magician.lnk"
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Password Safe.lnk"
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "TomTomHOME.exe"
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Zoner Photo Studio Autoupdate"
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Note Manager"

==================== Accounts: =============================

Administrator (S-1-5-21-3158294459-1416924627-3807266797-500 - Administrator - Disabled) => C:\Users\Administrator
Brockhoff (S-1-5-21-3158294459-1416924627-3807266797-1001 - Administrator - Enabled) => C:\Users\Brockhoff
Guest (S-1-5-21-3158294459-1416924627-3807266797-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/15/2015 00:15:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (03/15/2015 00:15:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.


CodeIntegrity Errors:
===================================
  Date: 2014-11-24 18:34:39.559
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-24 18:34:39.420
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-24 18:34:39.286
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-24 18:34:39.153
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-24 18:34:39.018
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-24 18:34:38.885
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-24 18:34:38.747
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-24 18:34:38.614
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-24 18:34:38.478
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-24 18:34:38.345
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2310 CPU @ 2.90GHz
Percentage of memory in use: 81%
Total physical RAM: 3972.38 MB
Available physical RAM: 751.89 MB
Total Pagefile: 5252.38 MB
Available Pagefile: 859.51 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:230.76 GB) (Free:69.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (MEDION USB) (Removable) (Total:29.44 GB) (Free:29.44 GB) FAT32
Drive f: (INTENSO) (Removable) (Total:3.73 GB) (Free:2.35 GB) FAT32
Drive g: (SICHERUNG 2) (Fixed) (Total:93.14 GB) (Free:23.74 GB) FAT32
Drive h: (VERBATIM) (Fixed) (Total:931.28 GB) (Free:805.46 GB) FAT32
Drive k: (SCANDISK) (Removable) (Total:29.82 GB) (Free:29.79 GB) FAT32
Drive l: (Sicherung 1) (Fixed) (Total:931.51 GB) (Free:832.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 2893EBBE)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=0C)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 29.5 GB) (Disk ID: F5726138)
Partition 1: (Not Active) - (Size=29.4 GB) - (Type=0C)

========================================================
Disk: 4 (Size: 29.8 GB) (Disk ID: 6E652072)
No partition Table on disk 4.

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: A76C72C3)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 93.2 GB) (Disk ID: 9056D507)
Partition 1: (Not Active) - (Size=93.2 GB) - (Type=06)

==================== End Of Log ============================
FRST Logfile:

	Code: 

 ATTFilter

  
	Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Brockhoff (administrator) on BROCKHOFF-PC on 15-03-2015 12:19:36
Running from C:\Users\Brockhoff\Desktop
Loaded Profiles: Brockhoff &  (Available profiles: Brockhoff & Administrator)
Platform: Windows 8.1 Pro (X64) OS Language: Englisch (Großbritannien)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe
(Anoto AB) C:\Program Files (x86)\Common Files\Anoto\Pen\Phal\Service\LPhal.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft) C:\Program Files (x86)\WashAndGo\WashAndGo.exe
(Abelssoft GmbH) C:\Program Files (x86)\Schirmfoto\schirmfoto.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\OmniPage18\omnipage.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(1&1 Mail & Media GmbH) C:\Users\Brockhoff\AppData\Local\WEB.DE Application {sync-000021}\webde_onlinespeicher.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe
(CyberGhost S.R.L.) C:\Program Files\CyberGhost 5\CyberGhost.exe
(Medisana) C:\Program Files (x86)\VitaDock\VitaDock.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
() C:\Program Files\Avira Secure Backup\Avira Secure BackupCrawler.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Axentra Corporation) C:\Program Files (x86)\MEDION\LifeCloud Desktop Applications\HipServAgent\HipServAgent.exe
(Alexander Miehlke Softwareentwicklung) C:\Program Files (x86)\TraXEx\TraXEx.exe
(The OpenVPN Project) C:\Program Files\CyberGhost 5\Data\OpenVPN\openvpn.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(SourceForge.net) C:\Program Files (x86)\Password Safe\pwsafe.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [253440 2013-04-23] (Realtek Semiconductor Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-06-17] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe [281776 2014-09-16] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [WISO Mein Geld 2015 Professional .NET] => C:\Program Files (x86)\Buhl\WISO Mein Geld 2015\mg.exe [1119544 2015-02-23] (Buhl Data Service)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704248 2015-03-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKLM-x32\...\Run: [HipServ Agent] => C:\Program Files (x86)\MEDION\LifeCloud Desktop Applications\HipServAgent\HipServAgent.exe [2722920 2014-01-27] (Axentra Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.exe [410216 2014-11-03] (CyberGhost S.R.L.)
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\Run: [VitaDock] => C:\Program Files (x86)\VitaDock\VitaDock.exe [975360 2014-04-09] (Medisana)
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE [774680 2013-06-07] (ZONER software)
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\Policies\Explorer: [CDRAutoRun] 1
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.exe [410216 2014-11-03] (CyberGhost S.R.L.)
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [VitaDock] => C:\Program Files (x86)\VitaDock\VitaDock.exe [975360 2014-04-09] (Medisana)
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE [774680 2013-06-07] (ZONER software)
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [CDRAutoRun] 1
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung)
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TomTomHOME.exe] => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ASO3SPCDone] => "C:\Program Files (x86)\Advanced System Optimizer 3\ASO3.exe"  -startedafteroptimizationPartial
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CyberGhost VPN] => "C:\Program Files\CyberGhost VPN\Cyberghost.exe"
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE [774680 2013-06-07] (ZONER software)
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\AviraSpeedup.exe [5014600 2013-09-06] (Avira)
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [1und1DispatcherCorp] => C:\Users\Brockhoff\AppData\Local\1und1UpdaterCorpE\SchedDispatcher.exe [220808 2013-05-29] (1&1 Mail & Media GmbH)
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.exe [410216 2014-11-03] (CyberGhost S.R.L.)
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [CDRAutoRun] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TraXEx 6.0.lnk
ShortcutTarget: TraXEx 6.0.lnk -> C:\Program Files (x86)\TraXEx\TraXEx.exe (Alexander Miehlke Softwareentwicklung)
Startup: C:\Users\Brockhoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk
ShortcutTarget: Password Safe.lnk -> C:\Program Files (x86)\Password Safe\pwsafe.exe (SourceForge.net)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140611185617798.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140611185617798.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140611185617798.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140611185617798.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [MemopalBackedUp] -> {8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6} => C:\Program Files\Avira Secure Backup\ShellExtensionx64\ShellExtension1.dll ()
ShellIconOverlayIdentifiers: [MemopalError] -> {B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD} => C:\Program Files\Avira Secure Backup\ShellExtensionx64\ShellExtension1.dll ()
ShellIconOverlayIdentifiers: [MemopalPartiallyBackedUp] -> {95DDC869-FC98-4D47-BD34-2EDC9AA09C01} => C:\Program Files\Avira Secure Backup\ShellExtensionx64\ShellExtension1.dll ()
ShellIconOverlayIdentifiers: [MemopalToBackup] -> {2CDD871E-60EB-40BD-9721-A1CB57042F75} => C:\Program Files\Avira Secure Backup\ShellExtensionx64\ShellExtension1.dll ()
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140611185617798.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140611185617798.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140611185617798.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140611185617798.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [MemopalBackedUp] -> {8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6} => C:\Program Files\Avira Secure Backup\ShellExtension\ShellExtension.dll ()
ShellIconOverlayIdentifiers-x32: [MemopalError] -> {B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD} => C:\Program Files\Avira Secure Backup\ShellExtension\ShellExtension.dll ()
ShellIconOverlayIdentifiers-x32: [MemopalPartiallyBackedUp] -> {95DDC869-FC98-4D47-BD34-2EDC9AA09C01} => C:\Program Files\Avira Secure Backup\ShellExtension\ShellExtension.dll ()
ShellIconOverlayIdentifiers-x32: [MemopalToBackup] -> {2CDD871E-60EB-40BD-9721-A1CB57042F75} => C:\Program Files\Avira Secure Backup\ShellExtension\ShellExtension.dll ()
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-3158294459-1416924627-3807266797-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3158294459-1416924627-3807266797-1001] => http=127.0.0.1:8887;https=127.0.0.1:8887
ProxyEnable: [S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => http=127.0.0.1:8887;https=127.0.0.1:8887
ProxyServer: [S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => localhost:8088
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-12-02] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-07] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-07] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll [2012-07-19] (Zeon Corporation)
BHO-x32: ZeonIEEventHelper Class -> {C7DA0384-42AA-428c-B832-88AC343DE1A8} -> C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2012-07-27] (Zeon Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2012-07-27] (Zeon Corporation)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-12-22] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 95.169.183.219 89.41.60.38 37.221.175.198
Tcpip\..\Interfaces\{E742F15A-8CF5-4968-9C03-307C99BFB9EA}: [NameServer] 95.169.183.219,89.41.60.38
Tcpip\..\Interfaces\{F2C9B065-33EA-47EB-B65C-10CDF0218B7A}: [NameServer] 95.169.183.219,89.41.60.38

FireFox:
========
FF ProfilePath: C:\Users\Brockhoff\AppData\Roaming\Mozilla\Firefox\Profiles\8yymfhip.default-1408376383566
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Homepage: hxxp://www.web.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-08] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-08-29] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-07] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-08-29] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-08-29] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-08-29] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll [2012-07-31] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-3158294459-1416924627-3807266797-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Brockhoff\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-06-30] (Citrix Online)
FF Plugin HKU\S-1-5-21-3158294459-1416924627-3807266797-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-08-29] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @citrixonline.com/appdetectorplugin -> C:\Users\Brockhoff\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-06-30] (Citrix Online)
FF Plugin HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-08-29] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2013-08-29] (Tracker Software Products (Canada) Ltd.)
FF Extension: Adblock Plus - C:\Users\Brockhoff\AppData\Roaming\Mozilla\Firefox\Profiles\8yymfhip.default-1408376383566\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-19]
FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\Video Converter Pro\SVRFirefoxExt
FF Extension: Wondershare Video Converter Ultimate - C:\Program Files (x86)\Wondershare\Video Converter Pro\SVRFirefoxExt [2014-08-31]
FF HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: PDF Converter - C:\Program Files (x86)\Nuance\PDF Professional 8\FireFox [2014-07-19]
FF Extension: No Name - C:\Users\Brockhoff\AppData\Roaming\Mozilla\Firefox\Profiles\8yymfhip.default-1408376383566\extensions\toolbar@web.de [Not Found]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Profile: C:\Users\Brockhoff\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Brockhoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-11]
CHR Extension: (Babylon Translator) - C:\Users\Brockhoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljcdopdmbcpndfopibbkmijkhmbdgpjj [2014-08-11]
CHR Extension: (Google Wallet) - C:\Users\Brockhoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-06]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ljcdopdmbcpndfopibbkmijkhmbdgpjj] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [342984 2011-09-13] ()
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [806192 2015-03-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [992048 2015-03-05] (Avira Operations GmbH & Co. KG)
R3 Avira Secure Backup Crawler; C:\Program Files\Avira Secure Backup\Avira Secure BackupCrawler.exe [2258000 2013-11-06] () [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S4 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [47104 2013-04-25] () [File not signed]
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-11-19] (Nuance Communications, Inc.)
R2 PenRendezvous; C:\Program Files (x86)\Common Files\Anoto\Pen\Phal\Service\LPhal.exe [430080 2009-08-31] (Anoto AB) [File not signed]
R2 PenSup; C:\Program Files (x86)\Common Files\Anoto\Pen\Phal\Service\LPhal.exe [430080 2009-08-31] (Anoto AB) [File not signed]
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28848 2014-09-16] (Samsung Electronics Co., Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 ioloSystemService; "C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-05] (Avira Operations GmbH & Co. KG)
R3 bthav; C:\Windows\system32\drivers\bthav.sys [40448 2008-07-10] (CSR, plc)
R3 BTHprint; C:\Windows\system32\DRIVERS\bthprint.sys [62976 2013-08-22] (Microsoft Corporation)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\ElRawDsk.sys [30752 2013-04-05] (EldoS Corporation)
S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [138752 2015-01-17] (Huawei Technologies Co., Ltd.)
S3 iaStorS; C:\Windows\System32\drivers\iaStorS.sys [646616 2012-07-25] (Intel Corporation)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
R3 MirayVirtualDisk; C:\Windows\System32\drivers\mvd.sys [162384 2013-11-25] (Miray)
R0 rtcrfilt64; C:\Windows\System32\drivers\rtcrfilt64.sys [19600 2012-07-23] (Realtek Semiconductor Corp.)
S3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [532552 2013-03-28] (Realtek Semiconductor Corporation)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [268976 2014-09-16] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111280 2014-09-16] (Samsung Electronics Co., Ltd.)
S3 SCUsbDrvService; C:\Windows\System32\drivers\sceye64.sys [53864 2011-01-14] (Cypress Semiconductor)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-05-15] (Synaptics Incorporated)
S3 tpusbser; C:\Windows\system32\DRIVERS\tpusbser.sys [123648 2013-02-05] (QUALCOMM Incorporated)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-15 12:10 - 2015-03-15 12:17 - 00003025 _____ () C:\Users\Brockhoff\Desktop\JRT.txt
2015-03-15 12:05 - 2015-03-15 12:05 - 01388333 _____ (Thisisu) C:\Users\Brockhoff\Downloads\JRT.exe
2015-03-15 11:41 - 2015-03-15 11:41 - 00003101 _____ () C:\Users\Brockhoff\Desktop\AdwCleaner[S119].txt
2015-03-15 09:08 - 2015-03-15 12:19 - 00033272 _____ () C:\Users\Brockhoff\Desktop\FRST.txt
2015-03-15 09:08 - 2015-03-15 09:08 - 00045327 _____ () C:\Users\Brockhoff\Desktop\Addition.txt
2015-03-15 09:06 - 2015-03-15 09:07 - 00061043 _____ () C:\Users\Brockhoff\Downloads\FRST.txt
2015-03-15 09:06 - 2015-03-15 09:07 - 00045327 _____ () C:\Users\Brockhoff\Downloads\Addition.txt
2015-03-15 09:05 - 2015-03-15 12:19 - 00000000 ___DC () C:\FRST
2015-03-15 09:05 - 2015-03-15 09:05 - 02095616 _____ (Farbar) C:\Users\Brockhoff\Desktop\FRST64.exe
2015-03-13 18:25 - 2015-03-13 18:25 - 00008993 _____ () C:\Users\Brockhoff\Desktop\Guten Tag.tmd
2015-03-13 17:49 - 2015-03-15 11:38 - 00000528 _____ () C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2015-03-13 17:49 - 2015-03-13 17:49 - 00002942 _____ () C:\Windows\System32\Tasks\ParetoLogic Update Version3 Startup Task
2015-03-13 17:48 - 2015-03-13 17:48 - 05813872 _____ (ParetoLogic Inc.) C:\Users\Brockhoff\Downloads\ParetoLogic PC Health Advisor_de(1).exe
2015-03-13 11:16 - 2015-03-13 11:16 - 00005038 _____ () C:\Users\Brockhoff\Documents\Profi prefs.js.html
2015-03-13 10:06 - 2015-03-15 11:38 - 00002304 _____ () C:\Windows\setupact.log
2015-03-13 10:06 - 2015-03-13 10:06 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-12 22:28 - 2015-03-15 12:15 - 01168143 _____ () C:\Windows\WindowsUpdate.log
2015-03-12 19:37 - 2015-03-12 19:38 - 00000874 _____ () C:\Users\Brockhoff\Downloads\FRITZ!Box_Fon_WLAN_7390_84.06.23_12.03.2015_19_37-diagnose.csv
2015-03-12 14:31 - 2015-03-12 16:42 - 00000215 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-03-12 14:26 - 2015-03-13 10:06 - 00540416 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 11:43 - 2015-03-06 03:53 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 11:43 - 2015-03-06 03:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-12 11:43 - 2015-02-26 00:26 - 04178944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 11:43 - 2015-02-20 04:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 11:43 - 2015-02-20 03:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 11:43 - 2015-02-20 03:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-12 11:43 - 2015-02-20 03:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-12 11:43 - 2015-02-07 00:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-03-12 11:43 - 2015-02-06 02:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-03-12 11:43 - 2015-02-06 02:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-03-12 11:43 - 2015-02-05 21:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-03-12 11:43 - 2015-02-04 00:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-03-12 11:43 - 2015-02-04 00:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-03-12 11:43 - 2015-02-04 00:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-03-12 11:43 - 2015-02-03 01:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2015-03-12 11:43 - 2015-02-03 01:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2015-03-12 11:43 - 2015-02-03 00:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-03-12 11:43 - 2015-02-03 00:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2015-03-12 11:43 - 2015-01-31 00:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-03-12 11:43 - 2015-01-31 00:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-03-12 11:43 - 2015-01-31 00:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-12 11:43 - 2015-01-30 04:01 - 00097792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2015-03-12 11:43 - 2015-01-30 04:00 - 00167424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys
2015-03-12 11:43 - 2015-01-30 03:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-03-12 11:43 - 2015-01-30 03:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-03-12 11:43 - 2015-01-30 03:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-03-12 11:43 - 2015-01-30 02:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-03-12 11:43 - 2015-01-30 02:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-03-12 11:43 - 2015-01-30 02:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-03-12 11:43 - 2015-01-30 02:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-03-12 11:43 - 2015-01-30 02:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
2015-03-12 11:43 - 2015-01-30 02:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-03-12 11:43 - 2015-01-30 02:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-03-12 11:43 - 2015-01-30 02:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-03-12 11:43 - 2015-01-30 02:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-03-12 11:43 - 2015-01-30 02:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-03-12 11:43 - 2015-01-29 02:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2015-03-12 11:43 - 2015-01-29 02:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2015-03-12 11:43 - 2015-01-29 02:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-12 11:43 - 2015-01-29 02:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-03-12 11:43 - 2015-01-29 02:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-03-12 11:43 - 2015-01-29 02:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-12 11:43 - 2015-01-29 01:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-03-12 11:43 - 2015-01-29 01:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-03-12 11:43 - 2015-01-29 01:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-03-12 11:43 - 2015-01-29 01:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-03-12 11:43 - 2015-01-28 16:41 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 11:43 - 2015-01-28 16:41 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-03-12 11:43 - 2015-01-28 16:41 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-03-12 11:43 - 2015-01-28 03:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2015-03-12 11:43 - 2015-01-28 02:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
2015-03-12 11:43 - 2015-01-27 05:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-12 11:43 - 2015-01-27 04:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-03-12 11:43 - 2015-01-27 03:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-12 11:43 - 2015-01-24 02:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-03-12 11:43 - 2015-01-23 08:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-03-12 11:43 - 2015-01-23 06:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-03-12 11:43 - 2014-10-29 04:56 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-03-12 11:43 - 2014-10-29 03:49 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-12 11:43 - 2014-10-29 03:46 - 00081920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2015-03-12 11:43 - 2014-10-29 03:46 - 00053248 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2015-03-12 11:43 - 2014-10-29 03:45 - 01198080 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-03-12 11:43 - 2014-10-29 03:44 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-12 11:43 - 2014-10-29 03:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-12 11:43 - 2014-10-29 03:43 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\printui.exe
2015-03-12 11:43 - 2014-10-29 03:37 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2015-03-12 11:43 - 2014-10-29 03:34 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-03-12 11:43 - 2014-10-29 03:34 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WSCollect.exe
2015-03-12 11:43 - 2014-10-29 03:34 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2015-03-12 11:43 - 2014-10-29 03:04 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\findnetprinters.dll
2015-03-12 11:43 - 2014-10-29 03:04 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-12 11:43 - 2014-10-29 03:03 - 00241152 ____C (Microsoft Corporation) C:\Windows\system32\fsquirt.exe
2015-03-12 11:43 - 2014-10-29 03:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-12 11:43 - 2014-10-29 03:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-12 11:43 - 2014-10-29 02:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.exe
2015-03-12 11:43 - 2014-10-29 02:52 - 00289280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\compstui.dll
2015-03-12 11:43 - 2014-10-29 02:51 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-03-12 11:43 - 2014-10-29 02:48 - 00825856 _____ (Microsoft Corporation) C:\Windows\system32\pmcsnap.dll
2015-03-12 11:43 - 2014-10-29 02:45 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\ppcsnap.dll
2015-03-12 11:43 - 2014-10-29 02:45 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll
2015-03-12 11:43 - 2014-10-29 02:28 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\findnetprinters.dll
2015-03-12 11:43 - 2014-10-29 02:28 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\atlthunk.dll
2015-03-12 11:43 - 2014-10-29 02:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-03-12 11:43 - 2014-10-29 02:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\eappprxy.dll
2015-03-12 11:43 - 2014-10-29 02:15 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnntfy.dll
2015-03-12 11:43 - 2014-10-29 02:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2015-03-12 11:43 - 2014-10-29 01:59 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappprxy.dll
2015-03-12 11:43 - 2014-10-29 01:55 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2015-03-12 11:43 - 2014-10-29 01:55 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2015-03-12 11:43 - 2014-10-29 01:44 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2015-03-12 11:43 - 2014-10-29 01:41 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2015-03-12 11:43 - 2014-10-29 01:35 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2015-03-12 11:42 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-12 11:42 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-12 11:42 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-12 11:42 - 2015-02-21 01:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-03-12 11:42 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-12 11:42 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-12 11:42 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-12 11:42 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-12 11:42 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-12 11:42 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-12 11:42 - 2015-02-20 03:35 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-12 11:42 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-12 11:42 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-12 11:42 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-12 11:42 - 2015-02-20 03:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-03-12 11:42 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-12 11:42 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-12 11:42 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-12 11:42 - 2015-02-20 02:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-03-12 11:42 - 2015-02-20 02:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-12 11:42 - 2015-02-20 02:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-03-12 11:42 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-12 11:42 - 2015-02-20 02:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-12 11:42 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-12 11:42 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-12 11:42 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-12 11:42 - 2015-02-20 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-03-12 11:42 - 2015-02-20 02:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-03-12 11:42 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-12 11:42 - 2015-02-20 02:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-03-12 11:42 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-12 11:42 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-12 11:42 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-12 11:42 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-12 11:42 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-12 11:42 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-12 11:42 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-12 11:42 - 2015-02-12 18:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-12 11:42 - 2015-02-12 18:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-12 11:42 - 2015-02-08 00:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-03-12 11:42 - 2015-02-08 00:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-03-12 11:42 - 2015-01-29 19:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 11:42 - 2015-01-29 19:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-12 11:42 - 2015-01-28 02:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 11:42 - 2015-01-28 02:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-12 11:42 - 2015-01-28 00:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-03-12 11:42 - 2015-01-28 00:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-03-12 11:42 - 2015-01-21 06:54 - 01384712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 11:42 - 2015-01-21 06:15 - 01123848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-12 11:42 - 2014-12-11 06:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-03-12 10:34 - 2015-03-15 11:38 - 00000306 _____ () C:\Windows\Tasks\WashAndGoNGBackground.job
2015-03-12 10:34 - 2015-03-12 10:35 - 00002566 _____ () C:\Windows\System32\Tasks\WashAndGoNGBackground
2015-03-11 18:53 - 2015-03-11 18:53 - 00160517 _____ () C:\Users\Brockhoff\Desktop\Kalfaterung Deck.tmd
2015-03-11 10:09 - 2015-03-11 10:09 - 02171392 _____ () C:\Users\Brockhoff\Desktop\adwcleaner_4.112(1).exe
2015-03-10 10:45 - 2015-03-10 10:45 - 02171392 _____ () C:\Users\Brockhoff\Downloads\adwcleaner_4.112.exe
2015-03-09 07:47 - 2015-03-09 07:47 - 05290912 _____ (Abelssoft ) C:\Users\Brockhoff\Downloads\STA-DE_2015.exe
2015-03-08 16:36 - 2015-03-08 16:36 - 00001348 _____ () C:\Users\Brockhoff\Desktop\Navigation zur MEDION® LifeCloud® (www).lnk
2015-03-08 16:36 - 2015-03-08 16:36 - 00000000 ____D () C:\Users\Brockhoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEDION
2015-03-08 16:36 - 2015-03-08 16:36 - 00000000 ____D () C:\Program Files (x86)\MEDION
2015-03-08 16:35 - 2015-03-08 16:35 - 00000000 ____D () C:\Users\Brockhoff\AppData\Local\{620420EA-6AA2-449B-9FA0-BE5524AF01A8}
2015-03-07 16:11 - 2015-03-07 16:11 - 00000740 _____ () C:\Users\Brockhoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\siggis.lnk
2015-03-07 15:39 - 2015-03-07 15:41 - 42925480 _____ (Oracle Corporation) C:\Users\Brockhoff\Downloads\jre-8u40-windows-x64.exe
2015-03-06 18:48 - 2015-03-06 18:48 - 00000883 _____ () C:\Users\Brockhoff\Downloads\FRITZ!Box_Fon_WLAN_7390_84.06.23_06.03.2015_18_48-diagnose.csv
2015-03-06 17:33 - 2015-03-06 17:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rechtstipps
2015-03-06 10:13 - 2015-03-06 10:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-05 19:08 - 2015-03-05 19:08 - 00725344 _____ (Visual Tools Ltd.) C:\Users\Brockhoff\Downloads\Babylon10_setup_ns(4).exe
2015-03-05 18:54 - 2015-03-05 18:54 - 00725344 _____ (Visual Tools Ltd.) C:\Users\Brockhoff\Downloads\Babylon10_setup_ns(3).exe
2015-03-05 17:46 - 2015-03-05 17:46 - 00725344 _____ (Visual Tools Ltd.) C:\Users\Brockhoff\Downloads\Babylon10_setup_ns(2).exe
2015-03-05 15:27 - 2015-03-05 15:28 - 00725344 _____ (Visual Tools Ltd.) C:\Users\Brockhoff\Downloads\Babylon10_setup_ns(1).exe
2015-03-02 19:49 - 2015-03-02 19:50 - 41454688 _____ () C:\Users\Brockhoff\Downloads\WEB.DE_Firefox_Setup(3).exe
2015-03-02 10:09 - 2015-03-02 10:10 - 25671288 _____ (Abelssoft ) C:\Users\Brockhoff\Downloads\WGO-DE_2015.exe
2015-03-02 10:09 - 2015-03-02 10:09 - 05289336 _____ (Abelssoft ) C:\Users\Brockhoff\Downloads\STA-DE_2014.exe
2015-03-02 10:09 - 2015-03-02 10:09 - 04051288 _____ (Abelssoft ) C:\Users\Brockhoff\Downloads\SFT-DE_2014(1).exe
2015-02-26 13:23 - 2015-02-26 13:24 - 41454688 _____ () C:\Users\Brockhoff\Downloads\WEB.DE_Firefox_Setup(2).exe
2015-02-26 13:23 - 2015-02-26 13:23 - 41454688 _____ () C:\Users\Brockhoff\Downloads\WEB.DE_Firefox_Setup(1).exe
2015-02-25 12:03 - 2014-12-13 22:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 12:03 - 2014-12-13 22:28 - 00513488 _____ () C:\Windows\system32\locale.nls
2015-02-25 12:03 - 2014-10-29 02:27 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-02-25 12:03 - 2014-10-29 02:27 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2015-02-25 12:03 - 2014-10-29 02:04 - 00868352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-02-25 12:03 - 2014-10-29 02:04 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2015-02-23 13:55 - 2015-02-23 13:55 - 00000000 ____D () C:\Users\Brockhoff\Desktop\Eigene Dateien
2015-02-21 08:47 - 2015-02-21 08:49 - 175605432 _____ () C:\Users\Brockhoff\Downloads\avira_antivirus_pro_de.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-15 12:17 - 2013-11-19 14:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-15 12:15 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-03-15 12:07 - 2014-01-06 20:21 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-15 12:07 - 2013-12-22 11:19 - 00000000 __RDO () C:\Users\Brockhoff\SkyDrive
2015-03-15 12:07 - 2013-06-14 21:07 - 00011601 _____ () C:\Users\Brockhoff\AppData\Local\BTServer.log
2015-03-15 12:00 - 2014-11-13 17:35 - 00000000 ____D () C:\Users\Brockhoff\AppData\Roaming\ClassicShell
2015-03-15 12:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-03-15 11:43 - 2014-03-18 18:46 - 00000000 ____D () C:\Users\Brockhoff\AppData\Local\PasswordSafe
2015-03-15 11:43 - 2013-11-14 13:43 - 02021900 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-15 11:43 - 2013-06-10 18:46 - 00948942 _____ () C:\Windows\system32\perfh007.dat
2015-03-15 11:43 - 2013-06-10 18:46 - 00210240 _____ () C:\Windows\system32\perfc007.dat
2015-03-15 11:41 - 2014-05-06 15:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-15 11:41 - 2013-01-30 13:08 - 00000000 ____D () C:\Users\Brockhoff\Documents\Outlook-Dateien
2015-03-15 11:38 - 2014-11-15 08:57 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-15 11:38 - 2014-11-02 08:28 - 00000312 _____ () C:\Windows\Tasks\AbelssoftPreloader.job
2015-03-15 11:38 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-15 11:38 - 2013-08-14 22:07 - 00000286 _____ () C:\Windows\Tasks\Schirmfoto.job
2015-03-15 11:37 - 2014-06-13 06:31 - 00000000 ___DC () C:\AdwCleaner
2015-03-15 11:37 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-03-15 09:02 - 2014-01-02 20:03 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9F78DAD6-5CE2-41E2-B716-28203F59D04B}
2015-03-14 19:01 - 2015-01-05 11:31 - 00000000 ____D () C:\Users\Brockhoff\AppData\Roaming\MyPhoneExplorer
2015-03-14 18:02 - 2013-06-10 18:34 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3158294459-1416924627-3807266797-1001
2015-03-14 18:01 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-03-14 13:34 - 2014-08-07 18:46 - 00000000 ____D () C:\Users\Brockhoff\Desktop\Backs, Malware
2015-03-13 22:48 - 2014-03-18 18:46 - 00000000 ____D () C:\Users\Brockhoff\Documents\My Safes
2015-03-13 22:29 - 2012-11-20 15:08 - 00000000 ____D () C:\Users\Brockhoff\Documents\WISO Mein Geld
2015-03-13 22:08 - 2014-06-30 16:04 - 00000000 ____D () C:\Users\Brockhoff\Desktop\Bildschirmfotos
2015-03-13 18:25 - 2012-12-16 17:27 - 00000000 ____D () C:\Users\Brockhoff\Documents\SoftMaker
2015-03-13 10:32 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-03-12 22:30 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2015-03-12 22:30 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 22:30 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 22:30 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-12 22:30 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\WinStore
2015-03-12 22:30 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\en-GB
2015-03-12 22:30 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\en-GB
2015-03-12 22:30 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-12 22:30 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-12 22:30 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-12 17:52 - 2013-08-16 20:55 - 00000000 ____D () C:\Users\Brockhoff\AppData\Roaming\vlc
2015-03-12 17:09 - 2013-08-18 13:55 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 17:06 - 2013-06-12 17:37 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-12 16:43 - 2014-08-09 10:36 - 00437952 _____ () C:\Users\Brockhoff\Schnellerfassung.bse
2015-03-12 14:37 - 2014-12-22 22:47 - 00003112 _____ () C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3158294459-1416924627-3807266797-1001
2015-03-12 14:37 - 2014-12-22 22:47 - 00000000 ___RD () C:\Users\Brockhoff\OneDrive
2015-03-12 10:42 - 2013-08-28 21:10 - 00000000 ____D () C:\Users\Brockhoff\Desktop\Schreiben allg Unterlagen
2015-03-12 10:33 - 2013-06-14 21:59 - 00000000 ____D () C:\Program Files (x86)\STAEDTLER
2015-03-12 10:31 - 2012-11-21 08:20 - 00000000 ____D () C:\Users\Brockhoff\Desktop\WISO  Steuer  Recht
2015-03-11 15:08 - 2014-01-06 20:22 - 00002162 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-10 10:16 - 2014-11-02 08:21 - 00000000 ____D () C:\Program Files (x86)\WashAndGo
2015-03-10 10:16 - 2013-08-14 22:06 - 00000000 ____D () C:\Users\Brockhoff\AppData\Local\Abelssoft
2015-03-10 10:15 - 2014-11-02 08:21 - 00001002 _____ () C:\Users\Public\Desktop\WashAndGo.lnk
2015-03-09 18:55 - 2014-11-13 14:45 - 00000000 ____D () C:\Users\Brockhoff\Documents\Datenbank
2015-03-09 18:43 - 2014-11-26 14:20 - 00000000 ____D () C:\Users\Brockhoff\Desktop\Datenbank
2015-03-08 18:42 - 2013-11-05 15:08 - 00000000 ____D () C:\Users\Brockhoff\AppData\Roaming\dvdcss
2015-03-08 16:34 - 2014-03-10 12:41 - 00000000 ____D () C:\Users\Brockhoff\AppData\Local\CyberGhost
2015-03-07 15:42 - 2014-07-13 19:01 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-03-07 15:42 - 2014-01-28 14:28 - 00000000 ____D () C:\Program Files\Java
2015-03-07 15:42 - 2013-12-07 13:35 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-07 15:42 - 2013-12-07 13:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-06 18:39 - 2014-08-14 17:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-06 17:17 - 2012-11-21 12:05 - 00000000 ____D () C:\Users\Brockhoff\Documents\Steuerfälle
2015-03-06 16:30 - 2014-02-14 11:35 - 00000000 ____D () C:\Users\Brockhoff\Documents\BelegManager
2015-03-05 13:19 - 2014-11-06 11:20 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-05 13:19 - 2014-11-06 11:20 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-05 13:19 - 2014-11-06 11:20 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-05 13:15 - 2014-11-06 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-05 13:15 - 2013-06-14 21:07 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-05 13:15 - 2013-06-12 18:32 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-04 22:24 - 2014-09-25 16:28 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-04 22:24 - 2014-09-25 16:28 - 00178144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-02 19:51 - 2014-08-14 17:02 - 00001142 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-02 19:51 - 2014-08-14 17:02 - 00001130 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-01 19:48 - 2013-11-06 08:33 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-03-01 16:13 - 2014-01-31 18:49 - 00000000 ____D () C:\Users\Brockhoff\AppData\Roaming\MAXBuddy
2015-03-01 16:02 - 2014-01-28 14:28 - 00000000 ____D () C:\Users\Brockhoff\.MAX
2015-03-01 16:02 - 2014-01-28 14:28 - 00000000 ____D () C:\ProgramData\MAX
2015-02-28 17:01 - 2013-06-16 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps
2015-02-28 17:00 - 2014-01-28 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Note Manager
2015-02-27 20:18 - 2015-01-21 17:57 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2015-02-27 15:35 - 2013-06-10 18:26 - 00000000 ____D () C:\Users\Brockhoff\AppData\Local\Packages
2015-02-26 13:20 - 2013-10-06 19:48 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-25 14:30 - 2013-10-04 16:04 - 00000000 ____D () C:\Users\Brockhoff\AppData\Local\WEB.DE Application {sync-000021}
2015-02-25 12:45 - 2013-04-07 13:29 - 00000000 ____D () C:\Users\Brockhoff\Documents\Schreiben
2015-02-25 10:46 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Globalization
2015-02-25 09:59 - 2014-12-22 22:01 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-23 14:23 - 2013-06-16 11:49 - 00000000 ____D () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft
2015-02-23 11:20 - 2013-02-08 12:31 - 00000000 ____D () C:\Users\Brockhoff\Documents\Backup MyPhone
2015-02-13 18:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2013-06-14 21:07 - 2015-03-15 12:07 - 0011601 _____ () C:\Users\Brockhoff\AppData\Local\BTServer.log
2013-12-17 10:13 - 2013-12-17 10:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-03-12 14:31 - 2015-03-12 16:42 - 0000215 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\Users\Brockhoff\g2ax_customer_downloadhelper_win32_x86.exe
C:\Users\Public\AlexaNSISPlugin.3440.dll
C:\Users\Public\AlexaNSISPlugin.664.dll


Some content of TEMP:
====================
C:\Users\Brockhoff\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-15 12:14

==================== End Of Log ============================
         
 --- --- ---
AdwCleaner Logfile:
 Code: 

 ATTFilter
 
 # AdwCleaner v4.112 - Logfile created 15/03/2015 at 11:37:04
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Local]
# Operating system : Windows 8.1 Pro  (x64)
# Username : Brockhoff - BROCKHOFF-PC
# Running from : C:\Users\Brockhoff\Desktop\adwcleaner_4.112(1).exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>;;localhost;127.0.0.1

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v36.0.1 (x86 de)

[8yymfhip.default-1408376383566\prefs.js] - Line Deleted : user_pref("avira.safe_search.installed", "[\"safesearch\"]");
[8yymfhip.default-1408376383566\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");
[8yymfhip.default-1408376383566\prefs.js] - Line Deleted : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
[8yymfhip.default-1408376383566\prefs.js] - Line Deleted : user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"14c1843d09cfe-025d98de0098518-45574336-0-14c1843d09d349\"");
[8yymfhip.default-1408376383566\prefs.js] - Line Deleted : user_pref("extensions.safesearch.SAUTH_expires_at", "1426941040");
[8yymfhip.default-1408376383566\prefs.js] - Line Deleted : user_pref("extensions.safesearch.SAUTH_rndsnr", "\"c4f4fe455a5bf62fbdac22244050f142b699d953\"");
[8yymfhip.default-1408376383566\prefs.js] - Line Deleted : user_pref("extensions.safesearch.SAUTH_userid", "5910522741");
[8yymfhip.default-1408376383566\prefs.js] - Line Deleted : user_pref("extensions.safesearch.SAUTH_utoken", "\"4d27ba0700cb843bf8978bfb9048f488e157e4d3\"");
[8yymfhip.default-1408376383566\prefs.js] - Line Deleted : user_pref("extensions.safesearch.install", "1426336239779");
[8yymfhip.default-1408376383566\prefs.js] - Line Deleted : user_pref("extensions.xpiState", "{\"app-profile\":{\"nuance@pdf8\":{\"d\":\"C:\\\\Program Files (x86)\\\\Nuance\\\\PDF Professional 8\\\\FireFox\",\"e\":true,\"v\":\"8\",\"st\":1405759415903,\"mt\":1[...]

-\\ Google Chrome v41.0.2272.89


-\\ Opera v0.0.0.0


*************************

AdwCleaner[R122].txt - [2495 bytes] - [12/03/2015 14:22:42]
AdwCleaner[R123].txt - [2850 bytes] - [13/03/2015 10:56:12]
AdwCleaner[R124].txt - [2609 bytes] - [13/03/2015 15:51:03]
AdwCleaner[R125].txt - [3803 bytes] - [14/03/2015 13:24:04]
AdwCleaner[R126].txt - [2921 bytes] - [15/03/2015 11:35:07]
AdwCleaner[S116].txt - [2677 bytes] - [12/03/2015 14:26:10]
AdwCleaner[S117].txt - [3034 bytes] - [13/03/2015 11:00:02]
AdwCleaner[S118].txt - [3968 bytes] - [14/03/2015 13:26:15]
AdwCleaner[S119].txt - [2958 bytes] - [15/03/2015 11:37:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S119].txt - [3019  bytes] ##########
         
 --- --- ---

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 8.1 Pro x64
Ran by Brockhoff on 15.03.2015 at 12:06:17,66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browserpluginhelper



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9"
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65DEE40A-3E93-4CAE-9F98-B8E06DCEE2BF}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] C:\Users\Brockhoff\AppData\Roaming\mozilla\firefox\profiles\8yymfhip.default-1408376383566\searchplugins\avira-safesearch.xml
Successfully deleted: [Folder] C:\Users\Brockhoff\AppData\Roaming\mozilla\firefox\profiles\8yymfhip.default-1408376383566\extensions\safesearch@avira.com
Successfully deleted: [Folder] C:\Users\Brockhoff\AppData\Roaming\mozilla\firefox\profiles\8yymfhip.default-1408376383566\extensions\toolbar@web.de
Successfully deleted the following from C:\Users\Brockhoff\AppData\Roaming\mozilla\firefox\profiles\8yymfhip.default-1408376383566\prefs.js

user_pref("avira.safe_search.installed", "[\"safesearch\"]");
user_pref("avira.safe_search.search_was_active", "false");
user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-
user_pref("extensions.bootstrappedAddons", "{\"safesearch@avira.com\":{\"version\":\"1.1.4\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Brockhoff\\\\AppData\\\\Roa
user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"14c1d1b15f432a-0419c77c52c20a-45574336-0-14c1d1b15f532a\"");
user_pref("extensions.safesearch.SAUTH_rndsnr", "\"9e0fa2623eb3b58b200fc4e68776848f2f5abfe1\"");
user_pref("extensions.safesearch.install", "1426417456637");
user_pref("extensions.xpiState", "{\"app-profile\":{\"nuance@pdf8\":{\"d\":\"C:\\\\Program Files (x86)\\\\Nuance\\\\PDF Professional 8\\\\FireFox\",\"e\":true,\"v\":\"8\",\"st



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\chgdeabpmphfhkoemjjglmilajldekbp



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.03.2015 at 12:10:48,54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 15.03.2015
Suchlauf-Zeit: 11:42:21
Logdatei: mbam-log.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.03.15.02
Rootkit Datenbank: v2015.02.25.01
Lizenz: Premium
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Aktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Brockhoff

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 438196
Verstrichene Zeit: 20 Min, 8 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

M-K-D-B · 15.03.2015, 15:56

Servus,

ähm ja... hast du meinen letzten Post auch bis zu Ende gelesen?

Was ist mit den Logdateien von AdwCleaner, MBAM, JRT und dem Kontrollscan mit FRST?

paule11 · 15.03.2015, 18:33

Habe alle5 txt Dateien einzel kopiert und in die Zwischenablage zwischen die CODE Tags einkopiert.Konnte nach End of File die einzelnen Dateien lesen.Ich mache doch hier nichts falsch.
paule11

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Brockhoff (administrator) on BROCKHOFF-PC on 15-03-2015 12:19:36
Running from C:\Users\Brockhoff\Desktop
Loaded Profiles: Brockhoff &  (Available profiles: Brockhoff & Administrator)
Platform: Windows 8.1 Pro (X64) OS Language: Englisch (Großbritannien)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe
(Anoto AB) C:\Program Files (x86)\Common Files\Anoto\Pen\Phal\Service\LPhal.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft) C:\Program Files (x86)\WashAndGo\WashAndGo.exe
(Abelssoft GmbH) C:\Program Files (x86)\Schirmfoto\schirmfoto.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\OmniPage18\omnipage.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(1&1 Mail & Media GmbH) C:\Users\Brockhoff\AppData\Local\WEB.DE Application {sync-000021}\webde_onlinespeicher.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe
(CyberGhost S.R.L.) C:\Program Files\CyberGhost 5\CyberGhost.exe
(Medisana) C:\Program Files (x86)\VitaDock\VitaDock.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
() C:\Program Files\Avira Secure Backup\Avira Secure BackupCrawler.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Axentra Corporation) C:\Program Files (x86)\MEDION\LifeCloud Desktop Applications\HipServAgent\HipServAgent.exe
(Alexander Miehlke Softwareentwicklung) C:\Program Files (x86)\TraXEx\TraXEx.exe
(The OpenVPN Project) C:\Program Files\CyberGhost 5\Data\OpenVPN\openvpn.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(SourceForge.net) C:\Program Files (x86)\Password Safe\pwsafe.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [253440 2013-04-23] (Realtek Semiconductor Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-06-17] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\RAPID\CacheFilter\SamsungRapidApp.exe [281776 2014-09-16] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [WISO Mein Geld 2015 Professional .NET] => C:\Program Files (x86)\Buhl\WISO Mein Geld 2015\mg.exe [1119544 2015-02-23] (Buhl Data Service)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704248 2015-03-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKLM-x32\...\Run: [HipServ Agent] => C:\Program Files (x86)\MEDION\LifeCloud Desktop Applications\HipServAgent\HipServAgent.exe [2722920 2014-01-27] (Axentra Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.exe [410216 2014-11-03] (CyberGhost S.R.L.)
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\Run: [VitaDock] => C:\Program Files (x86)\VitaDock\VitaDock.exe [975360 2014-04-09] (Medisana)
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE [774680 2013-06-07] (ZONER software)
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\Policies\Explorer: [CDRAutoRun] 1
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.exe [410216 2014-11-03] (CyberGhost S.R.L.)
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [VitaDock] => C:\Program Files (x86)\VitaDock\VitaDock.exe [975360 2014-04-09] (Medisana)
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE [774680 2013-06-07] (ZONER software)
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [CDRAutoRun] 1
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung)
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TomTomHOME.exe] => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ASO3SPCDone] => "C:\Program Files (x86)\Advanced System Optimizer 3\ASO3.exe"  -startedafteroptimizationPartial
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CyberGhost VPN] => "C:\Program Files\CyberGhost VPN\Cyberghost.exe"
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE [774680 2013-06-07] (ZONER software)
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\AviraSpeedup.exe [5014600 2013-09-06] (Avira)
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [1und1DispatcherCorp] => C:\Users\Brockhoff\AppData\Local\1und1UpdaterCorpE\SchedDispatcher.exe [220808 2013-05-29] (1&1 Mail & Media GmbH)
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.exe [410216 2014-11-03] (CyberGhost S.R.L.)
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [CDRAutoRun] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TraXEx 6.0.lnk
ShortcutTarget: TraXEx 6.0.lnk -> C:\Program Files (x86)\TraXEx\TraXEx.exe (Alexander Miehlke Softwareentwicklung)
Startup: C:\Users\Brockhoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk
ShortcutTarget: Password Safe.lnk -> C:\Program Files (x86)\Password Safe\pwsafe.exe (SourceForge.net)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140611185617798.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140611185617798.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140611185617798.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20140611185617798.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [MemopalBackedUp] -> {8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6} => C:\Program Files\Avira Secure Backup\ShellExtensionx64\ShellExtension1.dll ()
ShellIconOverlayIdentifiers: [MemopalError] -> {B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD} => C:\Program Files\Avira Secure Backup\ShellExtensionx64\ShellExtension1.dll ()
ShellIconOverlayIdentifiers: [MemopalPartiallyBackedUp] -> {95DDC869-FC98-4D47-BD34-2EDC9AA09C01} => C:\Program Files\Avira Secure Backup\ShellExtensionx64\ShellExtension1.dll ()
ShellIconOverlayIdentifiers: [MemopalToBackup] -> {2CDD871E-60EB-40BD-9721-A1CB57042F75} => C:\Program Files\Avira Secure Backup\ShellExtensionx64\ShellExtension1.dll ()
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140611185617798.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140611185617798.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140611185617798.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20140611185617798.dll (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [MemopalBackedUp] -> {8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6} => C:\Program Files\Avira Secure Backup\ShellExtension\ShellExtension.dll ()
ShellIconOverlayIdentifiers-x32: [MemopalError] -> {B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD} => C:\Program Files\Avira Secure Backup\ShellExtension\ShellExtension.dll ()
ShellIconOverlayIdentifiers-x32: [MemopalPartiallyBackedUp] -> {95DDC869-FC98-4D47-BD34-2EDC9AA09C01} => C:\Program Files\Avira Secure Backup\ShellExtension\ShellExtension.dll ()
ShellIconOverlayIdentifiers-x32: [MemopalToBackup] -> {2CDD871E-60EB-40BD-9721-A1CB57042F75} => C:\Program Files\Avira Secure Backup\ShellExtension\ShellExtension.dll ()
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-3158294459-1416924627-3807266797-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3158294459-1416924627-3807266797-1001] => http=127.0.0.1:8887;https=127.0.0.1:8887
ProxyEnable: [S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => http=127.0.0.1:8887;https=127.0.0.1:8887
ProxyServer: [S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => localhost:8088
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-12-02] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-07] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-07] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll [2012-07-19] (Zeon Corporation)
BHO-x32: ZeonIEEventHelper Class -> {C7DA0384-42AA-428c-B832-88AC343DE1A8} -> C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2012-07-27] (Zeon Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2012-07-27] (Zeon Corporation)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-12-22] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 95.169.183.219 89.41.60.38 37.221.175.198
Tcpip\..\Interfaces\{E742F15A-8CF5-4968-9C03-307C99BFB9EA}: [NameServer] 95.169.183.219,89.41.60.38
Tcpip\..\Interfaces\{F2C9B065-33EA-47EB-B65C-10CDF0218B7A}: [NameServer] 95.169.183.219,89.41.60.38

FireFox:
========
FF ProfilePath: C:\Users\Brockhoff\AppData\Roaming\Mozilla\Firefox\Profiles\8yymfhip.default-1408376383566
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Homepage: hxxp://www.web.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-08] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-08-29] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-07] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-08-29] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-08-29] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-08-29] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll [2012-07-31] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-3158294459-1416924627-3807266797-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Brockhoff\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-06-30] (Citrix Online)
FF Plugin HKU\S-1-5-21-3158294459-1416924627-3807266797-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-08-29] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @citrixonline.com/appdetectorplugin -> C:\Users\Brockhoff\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-06-30] (Citrix Online)
FF Plugin HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-08-29] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2013-08-29] (Tracker Software Products (Canada) Ltd.)
FF Extension: Adblock Plus - C:\Users\Brockhoff\AppData\Roaming\Mozilla\Firefox\Profiles\8yymfhip.default-1408376383566\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-19]
FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\Video Converter Pro\SVRFirefoxExt
FF Extension: Wondershare Video Converter Ultimate - C:\Program Files (x86)\Wondershare\Video Converter Pro\SVRFirefoxExt [2014-08-31]
FF HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: PDF Converter - C:\Program Files (x86)\Nuance\PDF Professional 8\FireFox [2014-07-19]
FF Extension: No Name - C:\Users\Brockhoff\AppData\Roaming\Mozilla\Firefox\Profiles\8yymfhip.default-1408376383566\extensions\toolbar@web.de [Not Found]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Profile: C:\Users\Brockhoff\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Brockhoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-11]
CHR Extension: (Babylon Translator) - C:\Users\Brockhoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljcdopdmbcpndfopibbkmijkhmbdgpjj [2014-08-11]
CHR Extension: (Google Wallet) - C:\Users\Brockhoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-06]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ljcdopdmbcpndfopibbkmijkhmbdgpjj] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [342984 2011-09-13] ()
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [806192 2015-03-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [992048 2015-03-05] (Avira Operations GmbH & Co. KG)
R3 Avira Secure Backup Crawler; C:\Program Files\Avira Secure Backup\Avira Secure BackupCrawler.exe [2258000 2013-11-06] () [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S4 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [47104 2013-04-25] () [File not signed]
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-11-19] (Nuance Communications, Inc.)
R2 PenRendezvous; C:\Program Files (x86)\Common Files\Anoto\Pen\Phal\Service\LPhal.exe [430080 2009-08-31] (Anoto AB) [File not signed]
R2 PenSup; C:\Program Files (x86)\Common Files\Anoto\Pen\Phal\Service\LPhal.exe [430080 2009-08-31] (Anoto AB) [File not signed]
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28848 2014-09-16] (Samsung Electronics Co., Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 ioloSystemService; "C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-05] (Avira Operations GmbH & Co. KG)
R3 bthav; C:\Windows\system32\drivers\bthav.sys [40448 2008-07-10] (CSR, plc)
R3 BTHprint; C:\Windows\system32\DRIVERS\bthprint.sys [62976 2013-08-22] (Microsoft Corporation)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\ElRawDsk.sys [30752 2013-04-05] (EldoS Corporation)
S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [138752 2015-01-17] (Huawei Technologies Co., Ltd.)
S3 iaStorS; C:\Windows\System32\drivers\iaStorS.sys [646616 2012-07-25] (Intel Corporation)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
R3 MirayVirtualDisk; C:\Windows\System32\drivers\mvd.sys [162384 2013-11-25] (Miray)
R0 rtcrfilt64; C:\Windows\System32\drivers\rtcrfilt64.sys [19600 2012-07-23] (Realtek Semiconductor Corp.)
S3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [532552 2013-03-28] (Realtek Semiconductor Corporation)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [268976 2014-09-16] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111280 2014-09-16] (Samsung Electronics Co., Ltd.)
S3 SCUsbDrvService; C:\Windows\System32\drivers\sceye64.sys [53864 2011-01-14] (Cypress Semiconductor)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-05-15] (Synaptics Incorporated)
S3 tpusbser; C:\Windows\system32\DRIVERS\tpusbser.sys [123648 2013-02-05] (QUALCOMM Incorporated)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-15 12:10 - 2015-03-15 12:17 - 00003025 _____ () C:\Users\Brockhoff\Desktop\JRT.txt
2015-03-15 12:05 - 2015-03-15 12:05 - 01388333 _____ (Thisisu) C:\Users\Brockhoff\Downloads\JRT.exe
2015-03-15 11:41 - 2015-03-15 11:41 - 00003101 _____ () C:\Users\Brockhoff\Desktop\AdwCleaner[S119].txt
2015-03-15 09:08 - 2015-03-15 12:19 - 00033272 _____ () C:\Users\Brockhoff\Desktop\FRST.txt
2015-03-15 09:08 - 2015-03-15 09:08 - 00045327 _____ () C:\Users\Brockhoff\Desktop\Addition.txt
2015-03-15 09:06 - 2015-03-15 09:07 - 00061043 _____ () C:\Users\Brockhoff\Downloads\FRST.txt
2015-03-15 09:06 - 2015-03-15 09:07 - 00045327 _____ () C:\Users\Brockhoff\Downloads\Addition.txt
2015-03-15 09:05 - 2015-03-15 12:19 - 00000000 ___DC () C:\FRST
2015-03-15 09:05 - 2015-03-15 09:05 - 02095616 _____ (Farbar) C:\Users\Brockhoff\Desktop\FRST64.exe
2015-03-13 18:25 - 2015-03-13 18:25 - 00008993 _____ () C:\Users\Brockhoff\Desktop\Guten Tag.tmd
2015-03-13 17:49 - 2015-03-15 11:38 - 00000528 _____ () C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2015-03-13 17:49 - 2015-03-13 17:49 - 00002942 _____ () C:\Windows\System32\Tasks\ParetoLogic Update Version3 Startup Task
2015-03-13 17:48 - 2015-03-13 17:48 - 05813872 _____ (ParetoLogic Inc.) C:\Users\Brockhoff\Downloads\ParetoLogic PC Health Advisor_de(1).exe
2015-03-13 11:16 - 2015-03-13 11:16 - 00005038 _____ () C:\Users\Brockhoff\Documents\Profi prefs.js.html
2015-03-13 10:06 - 2015-03-15 11:38 - 00002304 _____ () C:\Windows\setupact.log
2015-03-13 10:06 - 2015-03-13 10:06 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-12 22:28 - 2015-03-15 12:15 - 01168143 _____ () C:\Windows\WindowsUpdate.log
2015-03-12 19:37 - 2015-03-12 19:38 - 00000874 _____ () C:\Users\Brockhoff\Downloads\FRITZ!Box_Fon_WLAN_7390_84.06.23_12.03.2015_19_37-diagnose.csv
2015-03-12 14:31 - 2015-03-12 16:42 - 00000215 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-03-12 14:26 - 2015-03-13 10:06 - 00540416 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 11:43 - 2015-03-06 03:53 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 11:43 - 2015-03-06 03:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-12 11:43 - 2015-02-26 00:26 - 04178944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 11:43 - 2015-02-20 04:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 11:43 - 2015-02-20 03:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 11:43 - 2015-02-20 03:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-12 11:43 - 2015-02-20 03:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-12 11:43 - 2015-02-07 00:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-03-12 11:43 - 2015-02-06 02:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-03-12 11:43 - 2015-02-06 02:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-03-12 11:43 - 2015-02-05 21:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-03-12 11:43 - 2015-02-04 00:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-03-12 11:43 - 2015-02-04 00:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-03-12 11:43 - 2015-02-04 00:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-03-12 11:43 - 2015-02-03 01:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2015-03-12 11:43 - 2015-02-03 01:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2015-03-12 11:43 - 2015-02-03 00:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-03-12 11:43 - 2015-02-03 00:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2015-03-12 11:43 - 2015-01-31 00:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-03-12 11:43 - 2015-01-31 00:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-03-12 11:43 - 2015-01-31 00:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-12 11:43 - 2015-01-30 04:01 - 00097792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2015-03-12 11:43 - 2015-01-30 04:00 - 00167424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys
2015-03-12 11:43 - 2015-01-30 03:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-03-12 11:43 - 2015-01-30 03:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-03-12 11:43 - 2015-01-30 03:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-03-12 11:43 - 2015-01-30 02:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-03-12 11:43 - 2015-01-30 02:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-03-12 11:43 - 2015-01-30 02:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-03-12 11:43 - 2015-01-30 02:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-03-12 11:43 - 2015-01-30 02:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
2015-03-12 11:43 - 2015-01-30 02:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-03-12 11:43 - 2015-01-30 02:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-03-12 11:43 - 2015-01-30 02:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-03-12 11:43 - 2015-01-30 02:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-03-12 11:43 - 2015-01-30 02:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-03-12 11:43 - 2015-01-29 02:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2015-03-12 11:43 - 2015-01-29 02:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2015-03-12 11:43 - 2015-01-29 02:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-12 11:43 - 2015-01-29 02:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-03-12 11:43 - 2015-01-29 02:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-03-12 11:43 - 2015-01-29 02:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-12 11:43 - 2015-01-29 01:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-03-12 11:43 - 2015-01-29 01:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-03-12 11:43 - 2015-01-29 01:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-03-12 11:43 - 2015-01-29 01:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-03-12 11:43 - 2015-01-28 16:41 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 11:43 - 2015-01-28 16:41 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-03-12 11:43 - 2015-01-28 16:41 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-03-12 11:43 - 2015-01-28 03:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2015-03-12 11:43 - 2015-01-28 02:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
2015-03-12 11:43 - 2015-01-27 05:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-12 11:43 - 2015-01-27 04:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-03-12 11:43 - 2015-01-27 03:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-12 11:43 - 2015-01-24 02:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-03-12 11:43 - 2015-01-23 08:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-03-12 11:43 - 2015-01-23 06:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-03-12 11:43 - 2014-10-29 04:56 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-03-12 11:43 - 2014-10-29 03:49 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-12 11:43 - 2014-10-29 03:46 - 00081920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2015-03-12 11:43 - 2014-10-29 03:46 - 00053248 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2015-03-12 11:43 - 2014-10-29 03:45 - 01198080 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-03-12 11:43 - 2014-10-29 03:44 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-12 11:43 - 2014-10-29 03:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-12 11:43 - 2014-10-29 03:43 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\printui.exe
2015-03-12 11:43 - 2014-10-29 03:37 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2015-03-12 11:43 - 2014-10-29 03:34 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-03-12 11:43 - 2014-10-29 03:34 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WSCollect.exe
2015-03-12 11:43 - 2014-10-29 03:34 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2015-03-12 11:43 - 2014-10-29 03:04 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\findnetprinters.dll
2015-03-12 11:43 - 2014-10-29 03:04 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-12 11:43 - 2014-10-29 03:03 - 00241152 ____C (Microsoft Corporation) C:\Windows\system32\fsquirt.exe
2015-03-12 11:43 - 2014-10-29 03:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-12 11:43 - 2014-10-29 03:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-12 11:43 - 2014-10-29 02:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.exe
2015-03-12 11:43 - 2014-10-29 02:52 - 00289280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\compstui.dll
2015-03-12 11:43 - 2014-10-29 02:51 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-03-12 11:43 - 2014-10-29 02:48 - 00825856 _____ (Microsoft Corporation) C:\Windows\system32\pmcsnap.dll
2015-03-12 11:43 - 2014-10-29 02:45 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\ppcsnap.dll
2015-03-12 11:43 - 2014-10-29 02:45 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll
2015-03-12 11:43 - 2014-10-29 02:28 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\findnetprinters.dll
2015-03-12 11:43 - 2014-10-29 02:28 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\atlthunk.dll
2015-03-12 11:43 - 2014-10-29 02:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-03-12 11:43 - 2014-10-29 02:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\eappprxy.dll
2015-03-12 11:43 - 2014-10-29 02:15 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnntfy.dll
2015-03-12 11:43 - 2014-10-29 02:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2015-03-12 11:43 - 2014-10-29 01:59 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappprxy.dll
2015-03-12 11:43 - 2014-10-29 01:55 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2015-03-12 11:43 - 2014-10-29 01:55 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2015-03-12 11:43 - 2014-10-29 01:44 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2015-03-12 11:43 - 2014-10-29 01:41 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2015-03-12 11:43 - 2014-10-29 01:35 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2015-03-12 11:42 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-12 11:42 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-12 11:42 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-12 11:42 - 2015-02-21 01:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-03-12 11:42 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-12 11:42 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-12 11:42 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-12 11:42 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-12 11:42 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-12 11:42 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-12 11:42 - 2015-02-20 03:35 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-12 11:42 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-12 11:42 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-12 11:42 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-12 11:42 - 2015-02-20 03:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-03-12 11:42 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-12 11:42 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-12 11:42 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-12 11:42 - 2015-02-20 02:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-03-12 11:42 - 2015-02-20 02:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-12 11:42 - 2015-02-20 02:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-03-12 11:42 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-12 11:42 - 2015-02-20 02:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-12 11:42 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-12 11:42 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-12 11:42 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-12 11:42 - 2015-02-20 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-03-12 11:42 - 2015-02-20 02:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-03-12 11:42 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-12 11:42 - 2015-02-20 02:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-03-12 11:42 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-12 11:42 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-12 11:42 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-12 11:42 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-12 11:42 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-12 11:42 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-12 11:42 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-12 11:42 - 2015-02-12 18:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-12 11:42 - 2015-02-12 18:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-12 11:42 - 2015-02-08 00:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-03-12 11:42 - 2015-02-08 00:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-03-12 11:42 - 2015-01-29 19:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 11:42 - 2015-01-29 19:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-12 11:42 - 2015-01-28 02:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 11:42 - 2015-01-28 02:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-12 11:42 - 2015-01-28 00:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-03-12 11:42 - 2015-01-28 00:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-03-12 11:42 - 2015-01-21 06:54 - 01384712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 11:42 - 2015-01-21 06:15 - 01123848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-12 11:42 - 2014-12-11 06:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-03-12 10:34 - 2015-03-15 11:38 - 00000306 _____ () C:\Windows\Tasks\WashAndGoNGBackground.job
2015-03-12 10:34 - 2015-03-12 10:35 - 00002566 _____ () C:\Windows\System32\Tasks\WashAndGoNGBackground
2015-03-11 18:53 - 2015-03-11 18:53 - 00160517 _____ () C:\Users\Brockhoff\Desktop\Kalfaterung Deck.tmd
2015-03-11 10:09 - 2015-03-11 10:09 - 02171392 _____ () C:\Users\Brockhoff\Desktop\adwcleaner_4.112(1).exe
2015-03-10 10:45 - 2015-03-10 10:45 - 02171392 _____ () C:\Users\Brockhoff\Downloads\adwcleaner_4.112.exe
2015-03-09 07:47 - 2015-03-09 07:47 - 05290912 _____ (Abelssoft ) C:\Users\Brockhoff\Downloads\STA-DE_2015.exe
2015-03-08 16:36 - 2015-03-08 16:36 - 00001348 _____ () C:\Users\Brockhoff\Desktop\Navigation zur MEDION® LifeCloud® (www).lnk
2015-03-08 16:36 - 2015-03-08 16:36 - 00000000 ____D () C:\Users\Brockhoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEDION
2015-03-08 16:36 - 2015-03-08 16:36 - 00000000 ____D () C:\Program Files (x86)\MEDION
2015-03-08 16:35 - 2015-03-08 16:35 - 00000000 ____D () C:\Users\Brockhoff\AppData\Local\{620420EA-6AA2-449B-9FA0-BE5524AF01A8}
2015-03-07 16:11 - 2015-03-07 16:11 - 00000740 _____ () C:\Users\Brockhoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\siggis.lnk
2015-03-07 15:39 - 2015-03-07 15:41 - 42925480 _____ (Oracle Corporation) C:\Users\Brockhoff\Downloads\jre-8u40-windows-x64.exe
2015-03-06 18:48 - 2015-03-06 18:48 - 00000883 _____ () C:\Users\Brockhoff\Downloads\FRITZ!Box_Fon_WLAN_7390_84.06.23_06.03.2015_18_48-diagnose.csv
2015-03-06 17:33 - 2015-03-06 17:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rechtstipps
2015-03-06 10:13 - 2015-03-06 10:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-05 19:08 - 2015-03-05 19:08 - 00725344 _____ (Visual Tools Ltd.) C:\Users\Brockhoff\Downloads\Babylon10_setup_ns(4).exe
2015-03-05 18:54 - 2015-03-05 18:54 - 00725344 _____ (Visual Tools Ltd.) C:\Users\Brockhoff\Downloads\Babylon10_setup_ns(3).exe
2015-03-05 17:46 - 2015-03-05 17:46 - 00725344 _____ (Visual Tools Ltd.) C:\Users\Brockhoff\Downloads\Babylon10_setup_ns(2).exe
2015-03-05 15:27 - 2015-03-05 15:28 - 00725344 _____ (Visual Tools Ltd.) C:\Users\Brockhoff\Downloads\Babylon10_setup_ns(1).exe
2015-03-02 19:49 - 2015-03-02 19:50 - 41454688 _____ () C:\Users\Brockhoff\Downloads\WEB.DE_Firefox_Setup(3).exe
2015-03-02 10:09 - 2015-03-02 10:10 - 25671288 _____ (Abelssoft ) C:\Users\Brockhoff\Downloads\WGO-DE_2015.exe
2015-03-02 10:09 - 2015-03-02 10:09 - 05289336 _____ (Abelssoft ) C:\Users\Brockhoff\Downloads\STA-DE_2014.exe
2015-03-02 10:09 - 2015-03-02 10:09 - 04051288 _____ (Abelssoft ) C:\Users\Brockhoff\Downloads\SFT-DE_2014(1).exe
2015-02-26 13:23 - 2015-02-26 13:24 - 41454688 _____ () C:\Users\Brockhoff\Downloads\WEB.DE_Firefox_Setup(2).exe
2015-02-26 13:23 - 2015-02-26 13:23 - 41454688 _____ () C:\Users\Brockhoff\Downloads\WEB.DE_Firefox_Setup(1).exe
2015-02-25 12:03 - 2014-12-13 22:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 12:03 - 2014-12-13 22:28 - 00513488 _____ () C:\Windows\system32\locale.nls
2015-02-25 12:03 - 2014-10-29 02:27 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-02-25 12:03 - 2014-10-29 02:27 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2015-02-25 12:03 - 2014-10-29 02:04 - 00868352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-02-25 12:03 - 2014-10-29 02:04 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2015-02-23 13:55 - 2015-02-23 13:55 - 00000000 ____D () C:\Users\Brockhoff\Desktop\Eigene Dateien
2015-02-21 08:47 - 2015-02-21 08:49 - 175605432 _____ () C:\Users\Brockhoff\Downloads\avira_antivirus_pro_de.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-15 12:17 - 2013-11-19 14:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-15 12:15 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-03-15 12:07 - 2014-01-06 20:21 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-15 12:07 - 2013-12-22 11:19 - 00000000 __RDO () C:\Users\Brockhoff\SkyDrive
2015-03-15 12:07 - 2013-06-14 21:07 - 00011601 _____ () C:\Users\Brockhoff\AppData\Local\BTServer.log
2015-03-15 12:00 - 2014-11-13 17:35 - 00000000 ____D () C:\Users\Brockhoff\AppData\Roaming\ClassicShell
2015-03-15 12:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-03-15 11:43 - 2014-03-18 18:46 - 00000000 ____D () C:\Users\Brockhoff\AppData\Local\PasswordSafe
2015-03-15 11:43 - 2013-11-14 13:43 - 02021900 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-15 11:43 - 2013-06-10 18:46 - 00948942 _____ () C:\Windows\system32\perfh007.dat
2015-03-15 11:43 - 2013-06-10 18:46 - 00210240 _____ () C:\Windows\system32\perfc007.dat
2015-03-15 11:41 - 2014-05-06 15:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-15 11:41 - 2013-01-30 13:08 - 00000000 ____D () C:\Users\Brockhoff\Documents\Outlook-Dateien
2015-03-15 11:38 - 2014-11-15 08:57 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-15 11:38 - 2014-11-02 08:28 - 00000312 _____ () C:\Windows\Tasks\AbelssoftPreloader.job
2015-03-15 11:38 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-15 11:38 - 2013-08-14 22:07 - 00000286 _____ () C:\Windows\Tasks\Schirmfoto.job
2015-03-15 11:37 - 2014-06-13 06:31 - 00000000 ___DC () C:\AdwCleaner
2015-03-15 11:37 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-03-15 09:02 - 2014-01-02 20:03 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9F78DAD6-5CE2-41E2-B716-28203F59D04B}
2015-03-14 19:01 - 2015-01-05 11:31 - 00000000 ____D () C:\Users\Brockhoff\AppData\Roaming\MyPhoneExplorer
2015-03-14 18:02 - 2013-06-10 18:34 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3158294459-1416924627-3807266797-1001
2015-03-14 18:01 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-03-14 13:34 - 2014-08-07 18:46 - 00000000 ____D () C:\Users\Brockhoff\Desktop\Backs, Malware
2015-03-13 22:48 - 2014-03-18 18:46 - 00000000 ____D () C:\Users\Brockhoff\Documents\My Safes
2015-03-13 22:29 - 2012-11-20 15:08 - 00000000 ____D () C:\Users\Brockhoff\Documents\WISO Mein Geld
2015-03-13 22:08 - 2014-06-30 16:04 - 00000000 ____D () C:\Users\Brockhoff\Desktop\Bildschirmfotos
2015-03-13 18:25 - 2012-12-16 17:27 - 00000000 ____D () C:\Users\Brockhoff\Documents\SoftMaker
2015-03-13 10:32 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-03-12 22:30 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2015-03-12 22:30 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 22:30 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 22:30 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-12 22:30 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\WinStore
2015-03-12 22:30 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\en-GB
2015-03-12 22:30 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\en-GB
2015-03-12 22:30 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-12 22:30 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-12 22:30 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-12 17:52 - 2013-08-16 20:55 - 00000000 ____D () C:\Users\Brockhoff\AppData\Roaming\vlc
2015-03-12 17:09 - 2013-08-18 13:55 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 17:06 - 2013-06-12 17:37 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-12 16:43 - 2014-08-09 10:36 - 00437952 _____ () C:\Users\Brockhoff\Schnellerfassung.bse
2015-03-12 14:37 - 2014-12-22 22:47 - 00003112 _____ () C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3158294459-1416924627-3807266797-1001
2015-03-12 14:37 - 2014-12-22 22:47 - 00000000 ___RD () C:\Users\Brockhoff\OneDrive
2015-03-12 10:42 - 2013-08-28 21:10 - 00000000 ____D () C:\Users\Brockhoff\Desktop\Schreiben allg Unterlagen
2015-03-12 10:33 - 2013-06-14 21:59 - 00000000 ____D () C:\Program Files (x86)\STAEDTLER
2015-03-12 10:31 - 2012-11-21 08:20 - 00000000 ____D () C:\Users\Brockhoff\Desktop\WISO  Steuer  Recht
2015-03-11 15:08 - 2014-01-06 20:22 - 00002162 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-10 10:16 - 2014-11-02 08:21 - 00000000 ____D () C:\Program Files (x86)\WashAndGo
2015-03-10 10:16 - 2013-08-14 22:06 - 00000000 ____D () C:\Users\Brockhoff\AppData\Local\Abelssoft
2015-03-10 10:15 - 2014-11-02 08:21 - 00001002 _____ () C:\Users\Public\Desktop\WashAndGo.lnk
2015-03-09 18:55 - 2014-11-13 14:45 - 00000000 ____D () C:\Users\Brockhoff\Documents\Datenbank
2015-03-09 18:43 - 2014-11-26 14:20 - 00000000 ____D () C:\Users\Brockhoff\Desktop\Datenbank
2015-03-08 18:42 - 2013-11-05 15:08 - 00000000 ____D () C:\Users\Brockhoff\AppData\Roaming\dvdcss
2015-03-08 16:34 - 2014-03-10 12:41 - 00000000 ____D () C:\Users\Brockhoff\AppData\Local\CyberGhost
2015-03-07 15:42 - 2014-07-13 19:01 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-03-07 15:42 - 2014-01-28 14:28 - 00000000 ____D () C:\Program Files\Java
2015-03-07 15:42 - 2013-12-07 13:35 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-07 15:42 - 2013-12-07 13:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-06 18:39 - 2014-08-14 17:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-06 17:17 - 2012-11-21 12:05 - 00000000 ____D () C:\Users\Brockhoff\Documents\Steuerfälle
2015-03-06 16:30 - 2014-02-14 11:35 - 00000000 ____D () C:\Users\Brockhoff\Documents\BelegManager
2015-03-05 13:19 - 2014-11-06 11:20 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-05 13:19 - 2014-11-06 11:20 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-05 13:19 - 2014-11-06 11:20 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-05 13:15 - 2014-11-06 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-05 13:15 - 2013-06-14 21:07 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-05 13:15 - 2013-06-12 18:32 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-04 22:24 - 2014-09-25 16:28 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-04 22:24 - 2014-09-25 16:28 - 00178144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-02 19:51 - 2014-08-14 17:02 - 00001142 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-02 19:51 - 2014-08-14 17:02 - 00001130 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-01 19:48 - 2013-11-06 08:33 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-03-01 16:13 - 2014-01-31 18:49 - 00000000 ____D () C:\Users\Brockhoff\AppData\Roaming\MAXBuddy
2015-03-01 16:02 - 2014-01-28 14:28 - 00000000 ____D () C:\Users\Brockhoff\.MAX
2015-03-01 16:02 - 2014-01-28 14:28 - 00000000 ____D () C:\ProgramData\MAX
2015-02-28 17:01 - 2013-06-16 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps
2015-02-28 17:00 - 2014-01-28 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Note Manager
2015-02-27 20:18 - 2015-01-21 17:57 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2015-02-27 15:35 - 2013-06-10 18:26 - 00000000 ____D () C:\Users\Brockhoff\AppData\Local\Packages
2015-02-26 13:20 - 2013-10-06 19:48 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-25 14:30 - 2013-10-04 16:04 - 00000000 ____D () C:\Users\Brockhoff\AppData\Local\WEB.DE Application {sync-000021}
2015-02-25 12:45 - 2013-04-07 13:29 - 00000000 ____D () C:\Users\Brockhoff\Documents\Schreiben
2015-02-25 10:46 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Globalization
2015-02-25 09:59 - 2014-12-22 22:01 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-23 14:23 - 2013-06-16 11:49 - 00000000 ____D () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft
2015-02-23 11:20 - 2013-02-08 12:31 - 00000000 ____D () C:\Users\Brockhoff\Documents\Backup MyPhone
2015-02-13 18:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2013-06-14 21:07 - 2015-03-15 12:07 - 0011601 _____ () C:\Users\Brockhoff\AppData\Local\BTServer.log
2013-12-17 10:13 - 2013-12-17 10:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-03-12 14:31 - 2015-03-12 16:42 - 0000215 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\Users\Brockhoff\g2ax_customer_downloadhelper_win32_x86.exe
C:\Users\Public\AlexaNSISPlugin.3440.dll
C:\Users\Public\AlexaNSISPlugin.664.dll


Some content of TEMP:
====================
C:\Users\Brockhoff\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-15 12:14

==================== End Of Log ============================

--- --- ---
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Brockhoff at 2015-03-15 12:20:09
Running from C:\Users\Brockhoff\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1-abc.net Duplicate Finder (HKLM-x32\...\1-abc.net Duplicate Finder) (Version: - 1-abc.net Software Development and Distribution)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ALDI TALK Verbindungsassistent (HKLM-x32\...\ALDITALKVerbindungsassistent) (Version: ALDI TALK 4.0 - ALDI TALK Verbindungsassistent)
Anoto penDirector 1.4.0.0 (HKLM-x32\...\Anoto_penDirector) (Version: 1.4.0.0 - Anoto AB)
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.644 - Avira)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avanquest update (HKLM-x32\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.34 - Avanquest Software)
Avira (HKLM-x32\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C0A00}) (Version: 12.10.0.2949 - APN, LLC)
Avira Secure Backup (HKLM\...\Avira Secure Backup) (Version: 1.0.0 - Avira Secure Backup)
Avira System Speedup 1.6 (HKLM-x32\...\Avira System Speedup_is1) (Version: 1.6 - 2000 - 2015 Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Cinebook (x32 Version: 3.2.16 - SSW Software GmbH) Hidden
Citrix Online Launcher (HKLM-x32\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
DesignCAD 20 (HKLM-x32\...\{5870DF31-7BF8-4635-B708-7695CBCD5D48}) (Version: 20.0.0 - IMSIDesign)
DesignCAD 3D Max 22 (HKLM-x32\...\{CCB44106-246E-45A5-8507-801F39EFB55B}) (Version: 22.0.0 - IMSIDesign)
DesignCAD Toolkit Basis Version 1.1c (HKLM-x32\...\DesignCAD Toolkit Basis_is1) (Version: 1.1c - Franzis Verlag)
Duplicate Photo Cleaner (HKLM\...\Duplicate Photo Cleaner_is1) (Version: - WebMinds, Inc.)
Express Zip (HKLM-x32\...\ExpressZip) (Version: 2.18 - NCH Software)
FwD Updater 1.1 (HKLM-x32\...\FwD Updater) (Version: 1.1 - Funkwerk Dabendorf)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GS Modellbahn-Verwaltung 7D Version 1 (HKLM-x32\...\{B8F7C2D1-3094-4BF4-A763-9DC8467B5B46}_is1) (Version: 1 - Dipl.-Ing.(FH) Gert Spießhofer)
HDR projects elements (64-Bit) (HKLM\...\HDR projects elements_is1) (Version: 1.22 - Franzis Verlag GmbH)
HL-2130 (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
InfoBibliothek 2 (HKLM-x32\...\{78D7D7CD-A06B-4514-ACBD-8055BF945A8E}) (Version: 1.08.03.02 - Wolters Kluwer Deutschland GmbH)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 12.5.0 - iolo technologies, LLC)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
KPF-Zeller Speed-Cat USB V4.0 (HKLM-x32\...\Speed-Cat_is1) (Version: - )
LifeCloud Desktop Applications (HKLM-x32\...\{54DC3D01-80CC-44DA-830E-B942F063975B}) (Version: 1.4.4 - Axentra Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Max Local Application (HKLM-x32\...\Max Local Application) (Version: 1.4.1 - ELV Elektronik AG)
Max Local Application (x32 Version: 1.4.0 - eQ-3 Entwicklung GmbH) Hidden
Max Local Application (x32 Version: 1.4.1 - ELV Elektronik AG) Hidden
MAX!Buddy (HKLM-x32\...\MAX!Buddy) (Version: r9.16.2 - Sebastian Kopsan)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mediatek Bluetooth (HKLM\...\{A9409290-2A97-8735-93A3-DF710B1F44B0}) (Version: 11.0.742.0 - Mediatek)
Microsoft Access database engine 2010 (German) (HKLM-x32\...\{90140000-00D1-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MindVisualizer Deutsche Version (HKLM-x32\...\MindVisualizer Deutsche Version_is1) (Version: - InnovationGear.com)
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
MyDriveConnect 3.3.0.1812 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
MyFreeCodec (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\MyFreeCodec) (Version: - )
MyFreeCodec (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MyFreeCodec) (Version: - )
MyFreeCodec (HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MyFreeCodec) (Version: - )
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
myphotobook.de (x32 Version: 1.5.3 - myphotobook GmbH) Hidden
MyScript Anoto InkRetriever 1.0 (HKLM-x32\...\MyScript Anoto InkRetriever 1.0_is1) (Version: 1.0.0.8 - Vision Objects)
MyScript Studio de_DE pack 1.2 (HKLM-x32\...\MyScript Studio de_DE pack 1.2_is1) (Version: 1.2.0.200 - Vision Objects)
MyScript Studio Notes Edition 1.2 (HKLM-x32\...\MyScript Studio 1.2_is1) (Version: 1.2.0.336 - Vision Objects)
Nero BurnLite 10 (HKLM-x32\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG)
Nero BurnLite 10 (HKLM-x32\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG)
Nuance OmniPage 18 (HKLM-x32\...\{F814FDB6-8F71-4697-AEA5-FB39C00364EE}) (Version: 18.0.0000 - Nuance Communications, Inc.)
Nuance PDF Converter Enterprise 8 (HKLM\...\{CCBC433F-343E-402A-9FB0-721218C52127}) (Version: 8.10.7268 - Nuance Communications, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Password Safe (HKLM-x32\...\Password Safe) (Version: - )
PDF Experte 9 Professional (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 9.01 - Avanquest Software)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.212.0 - Tracker Software Products Ltd)
penDirectorMergeModules (x32 Version: 1.4.0.0 - Anoto AB) Hidden
Photomizer Retro (HKLM-x32\...\{41B5224D-7853-4EA5-0001-C8949A33B608}) (Version: 2.0.14.106 - Engelmann Media GmbH)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PixelNet Software 4.14.4 (HKLM-x32\...\PixelNet Software) (Version: 4.14.4 - ORWO Net)
RAPID Mode (Version: 1.0.1.81 - Samsung Electronics Co., Ltd.) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.787.787.111413 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.21.909.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7272 - Realtek Semiconductor Corp.)
Rechtstipps - Der RechtsBerater (HKLM-x32\...\{69F060A7-E04F-4E33-AA8F-9EBF188823AB}) (Version: 15.02.0 - Akademische Arbeitsgemeinschaft Verlag)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.6 - Samsung)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_4 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_4 - Samsung Electronics Co., Ltd.) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.40.0 - SAMSUNG Electronics Co., Ltd.)
Scansoft PDF Professional (x32 Version: - ) Hidden
sceye 5th (HKLM-x32\...\{FF751753-5D0A-48A8-AE2B-C545C83C2013}) (Version: 5.5.1 - Silvercreations)
Schirmfoto (HKLM-x32\...\Schirmfoto_is1) (Version: 2014 - Abelssoft)
SimilarImages (HKLM-x32\...\SimilarImages) (Version: 2013.11 - Nils Maier)
SoftMaker Office Standard 2012 (HKLM-x32\...\{8EBB8452-274B-465D-8324-00B0832FBB02}) (Version: 12.0.3398 - SoftMaker Software GmbH)
Sparfuchs (HKLM-x32\...\Sparfuchs_is1) (Version: 2015 - Abelssoft)
SteuerBerater 2014-2015 (HKLM-x32\...\{A671167A-237C-4AFD-913C-0B64768EA8DC}) (Version: 15.01.0 - Akademische Arbeitsgemeinschaft)
Steuer-Spar-Erklärung Plus 2013 (HKLM-x32\...\{D4A69FFE-B7F6-42B6-ACF3-3F238F9A26D8}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung Plus 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.12.92 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung Plus 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.30.147 - Akademische Arbeitsgemeinschaft)
System Checkup 3.5 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.5.4.2 - iolo technologies, LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TraXEx 6.0 (HKLM-x32\...\TraXEx_is1) (Version: 6.0.0.0 - Alexander Miehlke Softwareentwicklung)
Tyre (HKLM-x32\...\Tyre_is1) (Version: 6.3.1.3 - 't Schrijverke)
UpdateStar Drivers (HKLM-x32\...\UpdateStar Drivers) (Version: 7.0.0 - UpdateStar)
USIM Editor 1.0.37.0 (HKLM-x32\...\Card Reader Driver and USIM Editor Program_is1) (Version: - )
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VitaDock® Online PC 1.0.530 (HKLM-x32\...\{2DDE97C5-863F-4FFB-84A2-70B21684D747}) (Version: 1.0.530.0 - Medisana)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WashAndGo (HKLM-x32\...\WashAndGo_is1) (Version: 19.3 - Abelssoft)
WEB.DE Online-Speicher 1.11.4174.0 (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\WEB.DE Application {sync-000021}) (Version: 1.11.4174.0 - 1&1 Mail & Media GmbH)
WEB.DE Online-Speicher 1.11.4174.0 (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WEB.DE Application {sync-000021}) (Version: 1.11.4174.0 - 1&1 Mail & Media GmbH)
WEB.DE Online-Speicher 1.5.1888.0 (HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WEB.DE Application {sync-000021}) (Version: 1.5.1888.0 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung CE (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.1.1 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung CE (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.1.1 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung CE (HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.1.1 - 1&1 Mail & Media GmbH)
Windows Driver Package - Prolific (Ser2pl) Ports (03/12/2010 3.3.11.152) (HKLM\...\1368C87DCBC1A47DB78AD625B2C7E102AF9F447F) (Version: 03/12/2010 3.3.11.152 - Prolific)
Windows-Treiberpaket - SilverCreations AG SceyeDrivers (12/10/2009 3.4.1.20) (HKLM\...\EED52136A3BEC35F575B1E02640D6CB902BACA01) (Version: 12/10/2009 3.4.1.20 - SilverCreations AG)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
WISO Mein Geld 2014 Professional (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\WISO Mein Geld 2014 Professional) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 2014 Professional (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WISO Mein Geld 2014 Professional) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 2014 Professional (HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WISO Mein Geld 2014 Professional) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 2015 Professional .NET (HKLM-x32\...\WISO Mein Geld 2015 Professional .NET) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 2015 Professional .NET (x32 Version: 20.0.0.0 - Buhl Data Service GmbH) Hidden
Wondershare DVD Slideshow Builder HD-Video Deluxe(Build 6.1.4.4 (HKLM-x32\...\Wondershare DVD Slideshow Builder HD-Video Deluxe_is1) (Version: 6.1.4.48 - WonderShare Software Co.,Ltd.)
Wondershare PDF Editor(Build 3.9.1) (HKLM-x32\...\{75BAE677-F65A-45A4-9931-363FE0CF5E58}_is1) (Version: 3.9.1.2 - Wondershare Software Co.,Ltd.)
Wondershare Video Converter Pro(Build 6.0.1.0) (HKLM-x32\...\Wondershare Video Converter Pro_is1) (Version: 6.0.1.0 - Wondershare Software)
Zoner Photo Studio 15 (HKLM\...\ZonerPhotoStudio15_DE_is1) (Version: 15.0.1.7 - ZONER software)
Zoner Photo Studio 16 (HKLM\...\ZonerPhotoStudio16_DE_is1) (Version: 16.0.1.7 - ZONER software)
Zoner Photo Studio 17 (HKLM\...\ZonerPhotoStudio17_DE_is1) (Version: 17.0.1.4 - ZONER software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3158294459-1416924627-3807266797-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Brockhoff\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

28-02-2015 17:00:21 Removed Note Manager Software
06-03-2015 17:28:07 Rechtstipps - Der RechtsBerater wurde entfernt.
08-03-2015 16:36:11 Installed LifeCloud Desktop Applications
09-03-2015 07:55:57 Create system restore point before cleaning junk files
12-03-2015 10:33:32 Removed Mobile note taker 3.0
15-03-2015 12:15:06 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0767E4BD-9317-4FFA-9B69-3C10F371037C} - System32\Tasks\AdvancedDriverUpdater_UPDATES => C:\Program Files (x86)\Advanced Driver Updater\adu.exe
Task: {07BF256E-F136-4466-8383-A06F5B962A1F} - System32\Tasks\Password Safe => C:\Program Files (x86)\Password Safe\pwsafe.exe [2014-07-28] (SourceForge.net)
Task: {0E68AB68-EA4F-4195-AE31-E68CD5B55A8E} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: {34ADF59F-1EB5-404C-96D6-68A3243F3022} - System32\Tasks\ApnTBMon => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
Task: {523FE8AD-2BAE-49E6-827F-EEBC6F8C3EC2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-06] (Google Inc.)
Task: {52A27926-BD30-47C9-AEE6-076361A52611} - System32\Tasks\HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe [2014-01-29] (Intel Corporation)
Task: {691ED5C3-6C36-4199-ACA2-F494FE90DB28} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3158294459-1416924627-3807266797-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {85B7F723-CD01-42DE-A929-9CB40D2D3791} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe
Task: {85B89210-CDFE-4AA6-B114-E07759150DD6} - System32\Tasks\Schirmfoto => C:\Program Files (x86)\Schirmfoto\schirmfoto.exe [2013-09-30] (Abelssoft GmbH)
Task: {88BD8C68-2B30-4807-B0EA-16F47AC47A2D} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk
Task: {8DA72A00-3FD1-454D-8E2A-5C64D0E012D7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {9430E457-EF3F-4E22-8DAC-30E42BF4EBF4} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {95E4C3A0-D22A-4942-A92F-5B629D10725D} - System32\Tasks\Persistence => C:\WINDOWS\system32\igfxpers.exe [2014-01-29] (Intel Corporation)
Task: {9CBB7919-F0EB-45CB-84CB-8F71B760A606} - System32\Tasks\{D23AFADB-5DFD-4E15-86AD-25B10F1D6DC0} => pcalua.exe -a "C:\Program Files (x86)\PSHD-9.9\Uninstall.exe" -c /fcp=1
Task: {9E75B00A-1C81-41B8-A142-851B11532A9B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-08] (Adobe Systems Incorporated)
Task: {A3FE59EA-0BAE-437B-99C7-C6D2B0DE98CE} - System32\Tasks\AbelssoftPreloader => C:\Program Files (x86)\WashAndGo\AbelssoftPreloader.exe [2015-03-06] (Microsoft)
Task: {ADBE741C-6DAA-4D48-8BFA-EE0A30E57491} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-06] (Google Inc.)
Task: {B2B21DD4-1F6D-492A-AD79-BB66FF26A6C4} - System32\Tasks\{0DC6CDDB-0711-42FB-9A1E-CCC76F140EAF} => pcalua.exe -a "C:\Users\Brockhoff\AppData\Roaming\Security System 2\uninstaller.exe"
Task: {DA6FB7BC-F966-4ABB-AEAB-2684EDC9D1F2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {DAE9D35F-E761-4E05-9D3B-CA84970A962B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-12] (Microsoft Corporation)
Task: {DC7FFE6B-12CB-4E9D-AC3B-D20BBF2D6E5B} - System32\Tasks\Ocster Backup => C:\Program Files\Ocster Backup\bin\backupClient-ox.exe
Task: {EEF37EE3-6FBE-4DF4-B704-14A50E2F1074} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [2015-01-30] (Avira Operations GmbH & Co. KG)
Task: {F8881643-754C-4307-995A-DD79095D7500} - System32\Tasks\WashAndGoNGBackground => C:\Program Files (x86)\WashAndGo\WashAndGo.exe [2015-03-06] (Microsoft)
Task: {FE8DD905-474F-4DA8-9776-35C8FD6053FB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: C:\Windows\Tasks\AbelssoftPreloader.job => C:\Program Files (x86)\WashAndGo\AbelssoftPreloader.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AdvancedDriverUpdater_UPDATES.job => C:\Program Files (x86)\Advanced Driver Updater\adu.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\Windows\Tasks\Schirmfoto.job => C:\Program Files (x86)\Schirmfoto\schirmfoto.exe
Task: C:\Windows\Tasks\WashAndGoNGBackground.job => C:\Program Files (x86)\WashAndGo\WashAndGo.exe

==================== Loaded Modules (whitelisted) ==============

2015-01-17 13:33 - 2011-09-13 09:16 - 00342984 ____N () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
2014-12-22 22:01 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-12-14 02:42 - 2012-12-14 02:42 - 00094208 _____ () C:\WINDOWS\system32\IccLibDll_x64.dll
2014-11-02 08:21 - 2015-03-06 15:03 - 00059656 _____ () C:\Program Files (x86)\WashAndGo\AbSettings.dll
2014-11-02 08:21 - 2015-03-06 15:03 - 00010504 _____ () C:\Program Files (x86)\WashAndGo\AbUpdateBugReporter.dll
2014-11-02 08:21 - 2015-03-06 15:03 - 01432328 _____ () C:\Program Files (x86)\WashAndGo\AbGui.dll
2014-11-02 08:21 - 2015-01-20 15:14 - 00024840 _____ () C:\Program Files (x86)\WashAndGo\OutlookCleaner.dll
2014-11-02 08:21 - 2015-01-20 15:14 - 00013576 _____ () C:\Program Files (x86)\WashAndGo\AbProcessManager.dll
2014-11-02 08:21 - 2014-10-13 09:43 - 00787968 _____ () C:\Program Files (x86)\WashAndGo\sqlite3.DLL
2013-08-14 22:06 - 2013-09-30 18:22 - 00022144 _____ () C:\Program Files (x86)\Schirmfoto\AbSettingsKeeper.dll
2013-08-14 22:06 - 2013-09-30 18:22 - 00204416 _____ () C:\Program Files (x86)\Schirmfoto\AbBugReporter.dll
2013-08-14 22:06 - 2013-09-30 18:22 - 00050816 _____ () C:\Program Files (x86)\Schirmfoto\AbCommons.dll
2013-08-14 22:06 - 2013-09-30 18:23 - 00250496 _____ () C:\Program Files (x86)\Schirmfoto\SchirmfotoCommon.dll
2013-08-14 22:06 - 2013-09-30 18:22 - 00108160 _____ () C:\Program Files (x86)\Schirmfoto\Cropper.dll
2013-08-14 22:06 - 2013-09-30 18:22 - 01055872 _____ () C:\Program Files (x86)\Schirmfoto\AbScheduler.dll
2013-11-06 15:52 - 2013-11-06 15:52 - 02258000 _____ () C:\Program Files\Avira Secure Backup\Avira Secure BackupCrawler.exe
2015-01-17 13:33 - 2011-09-13 09:16 - 00510920 ____N () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
2013-11-06 11:58 - 2013-11-06 11:58 - 02048000 _____ () C:\Program Files\Avira Secure Backup\ShellExtensionx64\ShellExtension1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-28 18:49 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll
2014-03-10 12:41 - 2014-10-15 12:11 - 00032768 _____ () C:\Program Files\CyberGhost 5\de\CyberGhost.resources.dll
2014-11-12 13:28 - 2014-11-03 08:32 - 01428584 _____ () C:\Program Files\CyberGhost 5\Geckofx-Core.dll
2014-02-26 12:16 - 2014-02-26 12:16 - 00032768 _____ () C:\Program Files (x86)\VitaDock\QHIDDLL.dll
2014-02-27 17:31 - 2014-02-27 17:31 - 00070656 _____ () C:\Program Files (x86)\VitaDock\QtSerialPort.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00026488 _____ () C:\Program Files (x86)\MyDrive Connect\DeviceDetection.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00087416 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterBase.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00398712 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterProxy.dll
2014-01-27 15:46 - 2014-01-27 15:46 - 00241664 _____ () C:\Program Files (x86)\MEDION\LifeCloud Desktop Applications\HipServAgent\libupnp.dll
2014-01-27 15:46 - 2014-01-27 15:46 - 00984064 _____ () C:\Program Files (x86)\MEDION\LifeCloud Desktop Applications\HipServAgent\libxml2.dll
2014-04-03 09:31 - 2011-01-31 08:45 - 00559244 _____ () C:\Program Files (x86)\TraXEx\sqlite3.dll
2014-03-10 12:41 - 2014-10-21 19:44 - 00165416 _____ () C:\Program Files\CyberGhost 5\Data\OpenVPN\liblzo2-2.dll
2014-03-10 12:41 - 2014-10-21 19:44 - 00112736 _____ () C:\Program Files\CyberGhost 5\Data\OpenVPN\libpkcs11-helper-1.dll
2013-11-06 11:59 - 2013-11-06 11:59 - 01633280 _____ () C:\Program Files\Avira Secure Backup\ShellExtension\ShellExtension.dll
2014-12-22 22:06 - 2014-12-22 22:30 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5B8EC693
AlternateDataStreams: C:\ProgramData\TEMP:7C784982
AlternateDataStreams: C:\ProgramData\TEMP:8D09CB9B
AlternateDataStreams: C:\ProgramData\TEMP:A303874F
AlternateDataStreams: C:\ProgramData\TEMP:B6AC352B
AlternateDataStreams: C:\Users\Brockhoff\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Brockhoff\SkyDrive (2).old:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Brockhoff\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img6.jpg
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Brockhoff\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img6.jpg
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 95.169.183.219 - 89.41.60.38

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ASO3DiskOptimizer => 3
MSCONFIG\Services: BTDevManager => 3
MSCONFIG\Services: CGVPNCliService => 2
MSCONFIG\Services: CGVPNCliSrvc => 3
MSCONFIG\Services: ioloSystemService => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: ocster_backup => 2
HKLM\...\StartupApproved\StartupFolder: => "penDirector.lnk"
HKLM\...\StartupApproved\Run: => "Ocster Backup"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run32: => "avgnt"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "COMPUTERBILD-Abzockschutz Premium"
HKLM\...\StartupApproved\Run32: => "InboxMonitor"
HKLM\...\StartupApproved\Run32: => "PDFProHook"
HKLM\...\StartupApproved\Run32: => "Avira Systray"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\StartupApproved\StartupFolder: => "Samsung Magician.lnk"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\StartupApproved\StartupFolder: => "Password Safe.lnk"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\StartupApproved\Run: => "TomTomHOME.exe"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\StartupApproved\Run: => "AviraSpeedup"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\StartupApproved\Run: => "Note Manager"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Samsung Magician.lnk"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Password Safe.lnk"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "TomTomHOME.exe"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "AviraSpeedup"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Note Manager"
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Samsung Magician.lnk"
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Password Safe.lnk"
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "TomTomHOME.exe"
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Zoner Photo Studio Autoupdate"
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Note Manager"

==================== Accounts: =============================

Administrator (S-1-5-21-3158294459-1416924627-3807266797-500 - Administrator - Disabled) => C:\Users\Administrator
Brockhoff (S-1-5-21-3158294459-1416924627-3807266797-1001 - Administrator - Enabled) => C:\Users\Brockhoff
Guest (S-1-5-21-3158294459-1416924627-3807266797-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/15/2015 00:15:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (03/15/2015 00:15:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

CodeIntegrity Errors:
===================================
Date: 2014-11-24 18:34:39.559
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:39.420
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:39.286
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:39.153
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:39.018
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:38.885
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:38.747
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:38.614
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:38.478
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:38.345
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2310 CPU @ 2.90GHz
Percentage of memory in use: 81%
Total physical RAM: 3972.38 MB
Available physical RAM: 751.89 MB
Total Pagefile: 5252.38 MB
Available Pagefile: 859.51 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:230.76 GB) (Free:69.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (MEDION USB) (Removable) (Total:29.44 GB) (Free:29.44 GB) FAT32
Drive f: (INTENSO) (Removable) (Total:3.73 GB) (Free:2.35 GB) FAT32
Drive g: (SICHERUNG 2) (Fixed) (Total:93.14 GB) (Free:23.74 GB) FAT32
Drive h: (VERBATIM) (Fixed) (Total:931.28 GB) (Free:805.46 GB) FAT32
Drive k: (SCANDISK) (Removable) (Total:29.82 GB) (Free:29.79 GB) FAT32
Drive l: (Sicherung 1) (Fixed) (Total:931.51 GB) (Free:832.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 2893EBBE)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=0C)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 29.5 GB) (Disk ID: F5726138)
Partition 1: (Not Active) - (Size=29.4 GB) - (Type=0C)

========================================================
Disk: 4 (Size: 29.8 GB) (Disk ID: 6E652072)
No partition Table on disk 4.

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: A76C72C3)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 93.2 GB) (Disk ID: 9056D507)
Partition 1: (Not Active) - (Size=93.2 GB) - (Type=06)

==================== End Of Log ============================AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v4.112 - Logfile created 15/03/2015 at 11:37:04
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Local]
# Operating system : Windows 8.1 Pro  (x64)
# Username : Brockhoff - BROCKHOFF-PC
# Running from : C:\Users\Brockhoff\Desktop\adwcleaner_4.112(1).exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>;;localhost;127.0.0.1

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v36.0.1 (x86 de)

[8yymfhip.default-1408376383566\prefs.js] - Line Deleted : user_pref("avira.safe_search.installed", "[\"safesearch\"]");
[8yymfhip.default-1408376383566\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");
[8yymfhip.default-1408376383566\prefs.js] - Line Deleted : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
[8yymfhip.default-1408376383566\prefs.js] - Line Deleted : user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"14c1843d09cfe-025d98de0098518-45574336-0-14c1843d09d349\"");
[8yymfhip.default-1408376383566\prefs.js] - Line Deleted : user_pref("extensions.safesearch.SAUTH_expires_at", "1426941040");
[8yymfhip.default-1408376383566\prefs.js] - Line Deleted : user_pref("extensions.safesearch.SAUTH_rndsnr", "\"c4f4fe455a5bf62fbdac22244050f142b699d953\"");
[8yymfhip.default-1408376383566\prefs.js] - Line Deleted : user_pref("extensions.safesearch.SAUTH_userid", "5910522741");
[8yymfhip.default-1408376383566\prefs.js] - Line Deleted : user_pref("extensions.safesearch.SAUTH_utoken", "\"4d27ba0700cb843bf8978bfb9048f488e157e4d3\"");
[8yymfhip.default-1408376383566\prefs.js] - Line Deleted : user_pref("extensions.safesearch.install", "1426336239779");
[8yymfhip.default-1408376383566\prefs.js] - Line Deleted : user_pref("extensions.xpiState", "{\"app-profile\":{\"nuance@pdf8\":{\"d\":\"C:\\\\Program Files (x86)\\\\Nuance\\\\PDF Professional 8\\\\FireFox\",\"e\":true,\"v\":\"8\",\"st\":1405759415903,\"mt\":1[...]

-\\ Google Chrome v41.0.2272.89


-\\ Opera v0.0.0.0


*************************

AdwCleaner[R122].txt - [2495 bytes] - [12/03/2015 14:22:42]
AdwCleaner[R123].txt - [2850 bytes] - [13/03/2015 10:56:12]
AdwCleaner[R124].txt - [2609 bytes] - [13/03/2015 15:51:03]
AdwCleaner[R125].txt - [3803 bytes] - [14/03/2015 13:24:04]
AdwCleaner[R126].txt - [2921 bytes] - [15/03/2015 11:35:07]
AdwCleaner[S116].txt - [2677 bytes] - [12/03/2015 14:26:10]
AdwCleaner[S117].txt - [3034 bytes] - [13/03/2015 11:00:02]
AdwCleaner[S118].txt - [3968 bytes] - [14/03/2015 13:26:15]
AdwCleaner[S119].txt - [2958 bytes] - [15/03/2015 11:37:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S119].txt - [3019  bytes] ##########

--- --- ---
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 8.1 Pro x64
Ran by Brockhoff on 15.03.2015 at 12:06:17,66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browserpluginhelper

~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9"
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65DEE40A-3E93-4CAE-9F98-B8E06DCEE2BF}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"

~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] C:\Users\Brockhoff\AppData\Roaming\mozilla\firefox\profiles\8yymfhip.default-1408376383566\searchplugins\avira-safesearch.xml
Successfully deleted: [Folder] C:\Users\Brockhoff\AppData\Roaming\mozilla\firefox\profiles\8yymfhip.default-1408376383566\extensions\safesearch@avira.com
Successfully deleted: [Folder] C:\Users\Brockhoff\AppData\Roaming\mozilla\firefox\profiles\8yymfhip.default-1408376383566\extensions\toolbar@web.de
Successfully deleted the following from C:\Users\Brockhoff\AppData\Roaming\mozilla\firefox\profiles\8yymfhip.default-1408376383566\prefs.js

user_pref("avira.safe_search.installed", "[\"safesearch\"]");
user_pref("avira.safe_search.search_was_active", "false");
user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-
user_pref("extensions.bootstrappedAddons", "{\"safesearch@avira.com\":{\"version\":\"1.1.4\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Brockhoff\\\\AppData\\\\Roa
user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"14c1d1b15f432a-0419c77c52c20a-45574336-0-14c1d1b15f532a\"");
user_pref("extensions.safesearch.SAUTH_rndsnr", "\"9e0fa2623eb3b58b200fc4e68776848f2f5abfe1\"");
user_pref("extensions.safesearch.install", "1426417456637");
user_pref("extensions.xpiState", "{\"app-profile\":{\"nuance@pdf8\":{\"d\":\"C:\\\\Program Files (x86)\\\\Nuance\\\\PDF Professional 8\\\\FireFox\",\"e\":true,\"v\":\"8\",\"st

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\chgdeabpmphfhkoemjjglmilajldekbp

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.03.2015 at 12:10:48,54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 15.03.2015
Suchlauf-Zeit: 11:42:21
Logdatei: mbam-log.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.03.15.02
Rootkit Datenbank: v2015.02.25.01
Lizenz: Premium
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Aktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Brockhoff

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 438196
Verstrichene Zeit: 20 Min, 8 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)

(end)

[/CODE]

M-K-D-B · 15.03.2015, 20:55

Servus,

hast du die folgenden Programme bewusst/absichtlich installiert?
Advanced Driver Updater
System Mechanic (Iolo)

Bitte beide über die Systemsteuerung deinstallieren und den Rechner neu starten!

Anschließend FRST neu ausführen und beide Logdateien davon posten:

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

paule11 · 16.03.2015, 19:32

Hallo Trojaner-Board,
hatte die beiden Programme (Advanced Driver Updater,System Mechani(Iolo))
installiert,aber vor längerem (dachte ich)deinstalliert. Kann sie nicht auf dem Desktop finden noch unter Systemsteuerung--- Programme.
paule11

M-K-D-B · 16.03.2015, 19:33

Servus,

ok, FRST trotzdem bitte wie beschrieben ausführen.

paule11 · 17.03.2015, 08:40

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Brockhoff at 2015-03-17 08:29:34
Running from C:\Users\Brockhoff\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1-abc.net Duplicate Finder (HKLM-x32\...\1-abc.net Duplicate Finder) (Version:  - 1-abc.net Software Development and Distribution)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ALDI TALK Verbindungsassistent (HKLM-x32\...\ALDITALKVerbindungsassistent) (Version: ALDI TALK 4.0 - ALDI TALK Verbindungsassistent)
Anoto penDirector 1.4.0.0 (HKLM-x32\...\Anoto_penDirector) (Version: 1.4.0.0 - Anoto AB)
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.644 - Avira)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C0A00}) (Version: 12.10.0.2949 - APN, LLC)
Avira Secure Backup (HKLM\...\Avira Secure Backup) (Version: 1.0.0 - Avira Secure Backup)
Avira System Speedup 1.6 (HKLM-x32\...\Avira System Speedup_is1) (Version: 1.6 - 2000 - 2015 Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Cinebook (x32 Version: 3.2.16 - SSW Software GmbH) Hidden
Citrix Online Launcher (HKLM-x32\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
DesignCAD 20 (HKLM-x32\...\{5870DF31-7BF8-4635-B708-7695CBCD5D48}) (Version: 20.0.0 - IMSIDesign)
DesignCAD 3D Max 22 (HKLM-x32\...\{CCB44106-246E-45A5-8507-801F39EFB55B}) (Version: 22.0.0 - IMSIDesign)
DesignCAD Toolkit Basis Version 1.1c (HKLM-x32\...\DesignCAD Toolkit Basis_is1) (Version: 1.1c - Franzis Verlag)
Duplicate Photo Cleaner (HKLM\...\Duplicate Photo Cleaner_is1) (Version:  - WebMinds, Inc.)
FwD Updater 1.1 (HKLM-x32\...\FwD Updater) (Version: 1.1 - Funkwerk Dabendorf)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoToAssist Customer 2.3.0.818 (HKLM-x32\...\GoToAssist Express Customer) (Version: 2.3.0.818 - Citrix Online)
GS Modellbahn-Verwaltung 7D Version 1 (HKLM-x32\...\{B8F7C2D1-3094-4BF4-A763-9DC8467B5B46}_is1) (Version: 1 - Dipl.-Ing.(FH) Gert Spießhofer)
HDR projects elements (64-Bit) (HKLM\...\HDR projects elements_is1) (Version: 1.22 - Franzis Verlag GmbH)
HL-2130 (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
InfoBibliothek 2 (HKLM-x32\...\{78D7D7CD-A06B-4514-ACBD-8055BF945A8E}) (Version: 1.08.03.02 - Wolters Kluwer Deutschland GmbH)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 12.5.0 - iolo technologies, LLC)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
KPF-Zeller Speed-Cat USB V4.0 (HKLM-x32\...\Speed-Cat_is1) (Version:  - )
LifeCloud Desktop Applications (HKLM-x32\...\{54DC3D01-80CC-44DA-830E-B942F063975B}) (Version: 1.4.4 - Axentra Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Max Local Application (HKLM-x32\...\Max Local Application) (Version: 1.4.1 - ELV Elektronik AG)
Max Local Application (x32 Version: 1.4.0 - eQ-3 Entwicklung GmbH) Hidden
Max Local Application (x32 Version: 1.4.1 - ELV Elektronik AG) Hidden
MAX!Buddy (HKLM-x32\...\MAX!Buddy) (Version: r9.16.2 - Sebastian Kopsan)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mediatek Bluetooth (HKLM\...\{A9409290-2A97-8735-93A3-DF710B1F44B0}) (Version: 11.0.742.0 - Mediatek)
Microsoft Access database engine 2010 (German) (HKLM-x32\...\{90140000-00D1-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MindVisualizer Deutsche Version (HKLM-x32\...\MindVisualizer Deutsche Version_is1) (Version:  - InnovationGear.com)
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\MyFreeCodec) (Version:  - )
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
myphotobook.de (x32 Version: 1.5.3 - myphotobook GmbH) Hidden
MyScript Anoto InkRetriever 1.0 (HKLM-x32\...\MyScript Anoto InkRetriever 1.0_is1) (Version: 1.0.0.8 - Vision Objects)
MyScript Studio de_DE pack 1.2 (HKLM-x32\...\MyScript Studio de_DE pack 1.2_is1) (Version: 1.2.0.200 - Vision Objects)
MyScript Studio Notes Edition 1.2 (HKLM-x32\...\MyScript Studio 1.2_is1) (Version: 1.2.0.336 - Vision Objects)
Nero BurnLite 10 (HKLM-x32\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG)
Nero BurnLite 10 (HKLM-x32\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG)
Nuance OmniPage 18 (HKLM-x32\...\{F814FDB6-8F71-4697-AEA5-FB39C00364EE}) (Version: 18.0.0000 - Nuance Communications, Inc.)
Nuance PDF Converter Enterprise 8 (HKLM\...\{CCBC433F-343E-402A-9FB0-721218C52127}) (Version: 8.10.7268 - Nuance Communications, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Password Safe (HKLM-x32\...\Password Safe) (Version:  - )
PDF Experte 9 Professional (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 9.01 - Avanquest Software)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.212.0 - Tracker Software Products Ltd)
penDirectorMergeModules (x32 Version: 1.4.0.0 - Anoto AB) Hidden
Photomizer Retro (HKLM-x32\...\{41B5224D-7853-4EA5-0001-C8949A33B608}) (Version: 2.0.14.106 - Engelmann Media GmbH)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PixelNet Software 4.14.4 (HKLM-x32\...\PixelNet Software) (Version: 4.14.4 - ORWO Net)
RAPID Mode (Version: 1.0.1.81 - Samsung Electronics Co., Ltd.) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.787.787.111413 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.21.909.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7272 - Realtek Semiconductor Corp.)
Rechtstipps - Der RechtsBerater (HKLM-x32\...\{69F060A7-E04F-4E33-AA8F-9EBF188823AB}) (Version: 15.02.0 - Akademische Arbeitsgemeinschaft Verlag)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.6 - Samsung)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_4 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_4 - Samsung Electronics Co., Ltd.) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.40.0 - SAMSUNG Electronics Co., Ltd.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
sceye 5th (HKLM-x32\...\{FF751753-5D0A-48A8-AE2B-C545C83C2013}) (Version: 5.5.1 - Silvercreations)
Schirmfoto (HKLM-x32\...\Schirmfoto_is1) (Version: 2014 - Abelssoft)
SimilarImages (HKLM-x32\...\SimilarImages) (Version: 2013.11 - Nils Maier)
SoftMaker Office Standard 2012 (HKLM-x32\...\{8EBB8452-274B-465D-8324-00B0832FBB02}) (Version: 12.0.3398 - SoftMaker Software GmbH)
Sparfuchs (HKLM-x32\...\Sparfuchs_is1) (Version: 2015 - Abelssoft)
SteuerBerater 2014-2015 (HKLM-x32\...\{A671167A-237C-4AFD-913C-0B64768EA8DC}) (Version: 15.01.0 - Akademische Arbeitsgemeinschaft)
Steuer-Spar-Erklärung Plus 2013 (HKLM-x32\...\{D4A69FFE-B7F6-42B6-ACF3-3F238F9A26D8}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung Plus 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.12.92 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung Plus 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.30.147 - Akademische Arbeitsgemeinschaft)
System Checkup 3.5 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.5.4.2 - iolo technologies, LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.39052 - TeamViewer)
TraXEx 6.0 (HKLM-x32\...\TraXEx_is1) (Version: 6.0.0.0 - Alexander Miehlke Softwareentwicklung)
Tyre (HKLM-x32\...\Tyre_is1) (Version: 6.3.1.3 - 't Schrijverke)
UpdateStar Drivers (HKLM-x32\...\UpdateStar Drivers) (Version: 7.0.0 - UpdateStar)
USIM Editor  1.0.37.0 (HKLM-x32\...\Card Reader Driver and USIM Editor  Program_is1) (Version:  - )
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VitaDock® Online PC 1.0.530 (HKLM-x32\...\{2DDE97C5-863F-4FFB-84A2-70B21684D747}) (Version: 1.0.530.0 - Medisana)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WashAndGo (HKLM-x32\...\WashAndGo_is1) (Version: 19.3 - Abelssoft)
WEB.DE Online-Speicher 1.11.4174.0 (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\WEB.DE Application {sync-000021}) (Version: 1.11.4174.0 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung CE (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.1.1 - 1&1 Mail & Media GmbH)
Windows Driver Package - Prolific (Ser2pl) Ports  (03/12/2010 3.3.11.152) (HKLM\...\1368C87DCBC1A47DB78AD625B2C7E102AF9F447F) (Version: 03/12/2010 3.3.11.152 - Prolific)
Windows-Treiberpaket - SilverCreations AG SceyeDrivers (12/10/2009 3.4.1.20) (HKLM\...\EED52136A3BEC35F575B1E02640D6CB902BACA01) (Version: 12/10/2009 3.4.1.20 - SilverCreations AG)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
WISO Mein Geld 2014 Professional (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\WISO Mein Geld 2014 Professional) (Version:  - Buhl Data Service GmbH)
WISO Mein Geld 2015 Professional .NET (HKLM-x32\...\WISO Mein Geld 2015 Professional .NET) (Version:  - Buhl Data Service GmbH)
WISO Mein Geld 2015 Professional .NET (x32 Version: 20.0.0.0 - Buhl Data Service GmbH) Hidden
Wondershare DVD Slideshow Builder HD-Video Deluxe(Build 6.1.4.4 (HKLM-x32\...\Wondershare DVD Slideshow Builder HD-Video Deluxe_is1) (Version: 6.1.4.48 - WonderShare Software Co.,Ltd.)
Wondershare PDF Editor(Build 3.9.1) (HKLM-x32\...\{75BAE677-F65A-45A4-9931-363FE0CF5E58}_is1) (Version: 3.9.1.2 - Wondershare Software Co.,Ltd.)
Wondershare Video Converter Pro(Build 6.0.1.0) (HKLM-x32\...\Wondershare Video Converter Pro_is1) (Version: 6.0.1.0 - Wondershare Software)
Zoner Photo Studio 15 (HKLM\...\ZonerPhotoStudio15_DE_is1) (Version: 15.0.1.7 - ZONER software)
Zoner Photo Studio 16 (HKLM\...\ZonerPhotoStudio16_DE_is1) (Version: 16.0.1.7 - ZONER software)
Zoner Photo Studio 17 (HKLM\...\ZonerPhotoStudio17_DE_is1) (Version: 17.0.1.4 - ZONER software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3158294459-1416924627-3807266797-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Brockhoff\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

28-02-2015 17:00:21 Removed Note Manager Software
06-03-2015 17:28:07 Rechtstipps - Der RechtsBerater wurde entfernt.
08-03-2015 16:36:11 Installed LifeCloud Desktop Applications
09-03-2015 07:55:57 Create system restore point before cleaning junk files
12-03-2015 10:33:32 Removed Mobile note taker 3.0
15-03-2015 12:15:06 Windows Update
16-03-2015 15:34:15 Removed TomTom HOME Visual Studio Merge Modules

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0767E4BD-9317-4FFA-9B69-3C10F371037C} - System32\Tasks\AdvancedDriverUpdater_UPDATES => C:\Program Files (x86)\Advanced Driver Updater\adu.exe
Task: {07BF256E-F136-4466-8383-A06F5B962A1F} - System32\Tasks\Password Safe => C:\Program Files (x86)\Password Safe\pwsafe.exe [2014-07-28] (SourceForge.net)
Task: {0E68AB68-EA4F-4195-AE31-E68CD5B55A8E} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: {22F71981-B88F-4D7D-A966-B09728A82175} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {31FEB329-EFE2-40DF-96F9-A7B88FFB024A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {34ADF59F-1EB5-404C-96D6-68A3243F3022} - System32\Tasks\ApnTBMon => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
Task: {4AC6066D-EF69-435E-860B-305E96F0F92B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-12] (Microsoft Corporation)
Task: {523FE8AD-2BAE-49E6-827F-EEBC6F8C3EC2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-06] (Google Inc.)
Task: {52A27926-BD30-47C9-AEE6-076361A52611} - System32\Tasks\HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe [2014-01-29] (Intel Corporation)
Task: {691ED5C3-6C36-4199-ACA2-F494FE90DB28} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3158294459-1416924627-3807266797-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {85B7F723-CD01-42DE-A929-9CB40D2D3791} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe
Task: {85B89210-CDFE-4AA6-B114-E07759150DD6} - System32\Tasks\Schirmfoto => C:\Program Files (x86)\Schirmfoto\schirmfoto.exe [2013-09-30] (Abelssoft GmbH)
Task: {88BD8C68-2B30-4807-B0EA-16F47AC47A2D} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk
Task: {8DA72A00-3FD1-454D-8E2A-5C64D0E012D7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {9430E457-EF3F-4E22-8DAC-30E42BF4EBF4} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {95E4C3A0-D22A-4942-A92F-5B629D10725D} - System32\Tasks\Persistence => C:\WINDOWS\system32\igfxpers.exe [2014-01-29] (Intel Corporation)
Task: {9CBB7919-F0EB-45CB-84CB-8F71B760A606} - System32\Tasks\{D23AFADB-5DFD-4E15-86AD-25B10F1D6DC0} => pcalua.exe -a "C:\Program Files (x86)\PSHD-9.9\Uninstall.exe" -c /fcp=1
Task: {9E75B00A-1C81-41B8-A142-851B11532A9B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-08] (Adobe Systems Incorporated)
Task: {A3FE59EA-0BAE-437B-99C7-C6D2B0DE98CE} - System32\Tasks\AbelssoftPreloader => C:\Program Files (x86)\WashAndGo\AbelssoftPreloader.exe [2015-03-06] (Microsoft)
Task: {ADBE741C-6DAA-4D48-8BFA-EE0A30E57491} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-06] (Google Inc.)
Task: {B2B21DD4-1F6D-492A-AD79-BB66FF26A6C4} - System32\Tasks\{0DC6CDDB-0711-42FB-9A1E-CCC76F140EAF} => pcalua.exe -a "C:\Users\Brockhoff\AppData\Roaming\Security System 2\uninstaller.exe"
Task: {DC7FFE6B-12CB-4E9D-AC3B-D20BBF2D6E5B} - System32\Tasks\Ocster Backup => C:\Program Files\Ocster Backup\bin\backupClient-ox.exe
Task: {EEF37EE3-6FBE-4DF4-B704-14A50E2F1074} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [2015-01-30] (Avira Operations GmbH & Co. KG)
Task: {F8881643-754C-4307-995A-DD79095D7500} - System32\Tasks\WashAndGoNGBackground => C:\Program Files (x86)\WashAndGo\WashAndGo.exe [2015-03-06] (Microsoft)
Task: C:\Windows\Tasks\AbelssoftPreloader.job => C:\Program Files (x86)\WashAndGo\AbelssoftPreloader.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AdvancedDriverUpdater_UPDATES.job => C:\Program Files (x86)\Advanced Driver Updater\adu.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\Windows\Tasks\Schirmfoto.job => C:\Program Files (x86)\Schirmfoto\schirmfoto.exe
Task: C:\Windows\Tasks\WashAndGoNGBackground.job => C:\Program Files (x86)\WashAndGo\WashAndGo.exe

==================== Loaded Modules (whitelisted) ==============

2015-01-17 13:33 - 2011-09-13 09:16 - 00342984 ____N () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
2014-12-22 22:01 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-12-14 02:42 - 2012-12-14 02:42 - 00094208 _____ () C:\WINDOWS\system32\IccLibDll_x64.dll
2013-08-14 22:06 - 2013-09-30 18:22 - 00022144 _____ () C:\Program Files (x86)\Schirmfoto\AbSettingsKeeper.dll
2013-08-14 22:06 - 2013-09-30 18:22 - 00204416 _____ () C:\Program Files (x86)\Schirmfoto\AbBugReporter.dll
2013-08-14 22:06 - 2013-09-30 18:22 - 00050816 _____ () C:\Program Files (x86)\Schirmfoto\AbCommons.dll
2013-08-14 22:06 - 2013-09-30 18:23 - 00250496 _____ () C:\Program Files (x86)\Schirmfoto\SchirmfotoCommon.dll
2013-08-14 22:06 - 2013-09-30 18:22 - 00108160 _____ () C:\Program Files (x86)\Schirmfoto\Cropper.dll
2013-08-14 22:06 - 2013-09-30 18:22 - 01055872 _____ () C:\Program Files (x86)\Schirmfoto\AbScheduler.dll
2014-11-02 08:21 - 2015-03-06 15:03 - 00059656 _____ () C:\Program Files (x86)\WashAndGo\AbSettings.dll
2014-11-02 08:21 - 2015-03-06 15:03 - 00010504 _____ () C:\Program Files (x86)\WashAndGo\AbUpdateBugReporter.dll
2014-11-02 08:21 - 2015-03-06 15:03 - 01432328 _____ () C:\Program Files (x86)\WashAndGo\AbGui.dll
2014-11-02 08:21 - 2015-01-20 15:14 - 00024840 _____ () C:\Program Files (x86)\WashAndGo\OutlookCleaner.dll
2014-11-02 08:21 - 2015-01-20 15:14 - 00013576 _____ () C:\Program Files (x86)\WashAndGo\AbProcessManager.dll
2014-11-02 08:21 - 2014-10-13 09:43 - 00787968 _____ () C:\Program Files (x86)\WashAndGo\sqlite3.DLL
2013-11-06 11:58 - 2013-11-06 11:58 - 02048000 _____ () C:\Program Files\Avira Secure Backup\ShellExtensionx64\ShellExtension1.dll
2015-01-17 13:33 - 2011-09-13 09:16 - 00510920 ____N () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
2013-11-06 15:52 - 2013-11-06 15:52 - 02258000 _____ () C:\Program Files\Avira Secure Backup\Avira Secure BackupCrawler.exe
2014-08-31 10:18 - 2012-09-21 09:25 - 00727952 _____ () C:\Windows\SysWOW64\WSCM64.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-28 18:49 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll
2014-03-10 12:41 - 2014-10-15 12:11 - 00032768 _____ () C:\Program Files\CyberGhost 5\de\CyberGhost.resources.dll
2014-11-12 13:28 - 2014-11-03 08:32 - 01428584 _____ () C:\Program Files\CyberGhost 5\Geckofx-Core.dll
2014-02-26 12:16 - 2014-02-26 12:16 - 00032768 _____ () C:\Program Files (x86)\VitaDock\QHIDDLL.dll
2014-02-27 17:31 - 2014-02-27 17:31 - 00070656 _____ () C:\Program Files (x86)\VitaDock\QtSerialPort.dll
2014-01-27 15:46 - 2014-01-27 15:46 - 00241664 _____ () C:\Program Files (x86)\MEDION\LifeCloud Desktop Applications\HipServAgent\libupnp.dll
2014-01-27 15:46 - 2014-01-27 15:46 - 00984064 _____ () C:\Program Files (x86)\MEDION\LifeCloud Desktop Applications\HipServAgent\libxml2.dll
2014-04-03 09:31 - 2011-01-31 08:45 - 00559244 _____ () C:\Program Files (x86)\TraXEx\sqlite3.dll
2014-12-22 22:06 - 2014-12-22 22:30 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2013-11-06 11:59 - 2013-11-06 11:59 - 01633280 _____ () C:\Program Files\Avira Secure Backup\ShellExtension\ShellExtension.dll
2014-03-10 12:41 - 2014-10-21 19:44 - 00165416 _____ () C:\Program Files\CyberGhost 5\Data\OpenVPN\liblzo2-2.dll
2014-03-10 12:41 - 2014-10-21 19:44 - 00112736 _____ () C:\Program Files\CyberGhost 5\Data\OpenVPN\libpkcs11-helper-1.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5B8EC693
AlternateDataStreams: C:\ProgramData\TEMP:7C784982
AlternateDataStreams: C:\ProgramData\TEMP:8D09CB9B
AlternateDataStreams: C:\ProgramData\TEMP:A303874F
AlternateDataStreams: C:\ProgramData\TEMP:B6AC352B
AlternateDataStreams: C:\Users\Brockhoff\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Brockhoff\SkyDrive (2).old:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Brockhoff\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img6.jpg
DNS Servers: 95.169.183.219 - 89.41.60.38

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ASO3DiskOptimizer => 3
MSCONFIG\Services: BTDevManager => 3
MSCONFIG\Services: CGVPNCliService => 2
MSCONFIG\Services: CGVPNCliSrvc => 3
MSCONFIG\Services: ioloSystemService => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: ocster_backup => 2
HKLM\...\StartupApproved\StartupFolder: => "penDirector.lnk"
HKLM\...\StartupApproved\Run: => "Ocster Backup"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run32: => "avgnt"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "COMPUTERBILD-Abzockschutz Premium"
HKLM\...\StartupApproved\Run32: => "InboxMonitor"
HKLM\...\StartupApproved\Run32: => "PDFProHook"
HKLM\...\StartupApproved\Run32: => "Avira Systray"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\StartupApproved\StartupFolder: => "Samsung Magician.lnk"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\StartupApproved\StartupFolder: => "Password Safe.lnk"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\StartupApproved\Run: => "TomTomHOME.exe"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\StartupApproved\Run: => "AviraSpeedup"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\StartupApproved\Run: => "Note Manager"

==================== Accounts: =============================

Administrator (S-1-5-21-3158294459-1416924627-3807266797-500 - Administrator - Disabled) => C:\Users\Administrator
Brockhoff (S-1-5-21-3158294459-1416924627-3807266797-1001 - Administrator - Enabled) => C:\Users\Brockhoff
Guest (S-1-5-21-3158294459-1416924627-3807266797-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/17/2015 08:11:58 AM) (Source: Avira Secure Backup Crawler) (EventID: 1) (User: )
Description: An error has occurred (Problem mit Benutzerkonto
).

Error: (03/17/2015 06:55:24 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (03/17/2015 06:54:51 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/17/2015 06:47:12 AM) (Source: Avira Secure Backup Crawler) (EventID: 1) (User: )
Description: An error has occurred (Problem mit Benutzerkonto
).

Error: (03/17/2015 06:45:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17667 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: e34

Startzeit: 01d060756be92821

Endzeit: 6

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: c794c693-cc68-11e4-81b0-0015835015af

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (03/16/2015 07:38:37 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: BROCKHOFF-PC)
Description: Die Anwendung oder der Dienst "Microsoft Office Document Cache Sync Client Interface" konnte nicht heruntergefahren werden.

Error: (03/16/2015 07:22:56 PM) (Source: Avira Secure Backup Crawler) (EventID: 1) (User: )
Description: An error has occurred (Problem mit Benutzerkonto
).

Error: (03/16/2015 07:22:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.3.9600.17667, Zeitstempel: 0x54c6f7c2
Name des fehlerhaften Moduls: twinui.appcore.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54503801
Ausnahmecode: 0x80270233
Fehleroffset: 0x000000000008cb57
ID des fehlerhaften Prozesses: 0xb6c
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Vollständiger Name des fehlerhaften Pakets: Explorer.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Explorer.EXE5

Error: (03/16/2015 04:35:01 PM) (Source: Avira Secure Backup Crawler) (EventID: 1) (User: )
Description: An error has occurred (Problem mit Benutzerkonto
).

Error: (03/16/2015 03:34:24 PM) (Source: Avira Secure Backup Crawler) (EventID: 1) (User: )
Description: An error has occurred (Problem mit Benutzerkonto
).


System errors:
=============
Error: (03/17/2015 06:46:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "iolo System Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/17/2015 06:43:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "iolo System Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/16/2015 07:22:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "iolo System Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/16/2015 07:19:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "iolo System Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/16/2015 03:30:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "iolo System Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/16/2015 03:28:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "iolo System Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/16/2015 03:21:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "iolo System Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/16/2015 03:15:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "iolo System Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/16/2015 02:52:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "iolo System Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/16/2015 02:49:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "iolo System Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (03/17/2015 08:11:58 AM) (Source: Avira Secure Backup Crawler) (EventID: 1) (User: )
Description: Avira Secure Backup CrawlerProblem mit Benutzerkonto

Error: (03/17/2015 06:55:24 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\mindvisualizer standard edition\DelZip179.dllc:\program files (x86)\mindvisualizer standard edition\DelZip179.dll8

Error: (03/17/2015 06:54:51 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files (x86)\Common Files\Anoto\Pen\Phal\Driver\ia64\DpInst.exe

Error: (03/17/2015 06:47:12 AM) (Source: Avira Secure Backup Crawler) (EventID: 1) (User: )
Description: Avira Secure Backup CrawlerProblem mit Benutzerkonto

Error: (03/17/2015 06:45:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.17667e3401d060756be928216C:\Windows\Explorer.EXEc794c693-cc68-11e4-81b0-0015835015af

Error: (03/16/2015 07:38:37 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: BROCKHOFF-PC)
Description: 1C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exeMicrosoft Office Document Cache Sync Client Interface02117360243003A005C00500072006F006700720061006D002000460069006C00650073005C004D006900630072006F0073006F006600740020004F00660066006900630065002000310035005C0072006F006F0074005C007600660073005C00500072006F006700720061006D00460069006C006500730043006F006D006D006F006E005800380036005C004D006900630072006F0073006F006600740020005300680061007200650064005C004F0046004600490043004500310035005C00630032007200330032002E0064006C006C00000043003A005C00500072006F006700720061006D0044006100740061005C004D006900630072006F0073006F00660074005C004F00660066006900630065005C0043006C00690063006B0054006F00520075006E005000610063006B006100670065004C006F0063006B00650072000000

Error: (03/16/2015 07:22:56 PM) (Source: Avira Secure Backup Crawler) (EventID: 1) (User: )
Description: Avira Secure Backup CrawlerProblem mit Benutzerkonto

Error: (03/16/2015 07:22:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2twinui.appcore.dll6.3.9600.174155450380180270233000000000008cb57b6c01d06015d4a3e312C:\Windows\Explorer.EXEC:\Windows\System32\twinui.appcore.dll5a42cfb5-cc09-11e4-81af-001999e9fa1d

Error: (03/16/2015 04:35:01 PM) (Source: Avira Secure Backup Crawler) (EventID: 1) (User: )
Description: Avira Secure Backup CrawlerProblem mit Benutzerkonto

Error: (03/16/2015 03:34:24 PM) (Source: Avira Secure Backup Crawler) (EventID: 1) (User: )
Description: Avira Secure Backup CrawlerProblem mit Benutzerkonto


CodeIntegrity Errors:
===================================
  Date: 2014-11-24 18:34:39.559
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-24 18:34:39.420
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-24 18:34:39.286
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-24 18:34:39.153
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-24 18:34:39.018
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-24 18:34:38.885
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-24 18:34:38.747
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-24 18:34:38.614
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-24 18:34:38.478
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-24 18:34:38.345
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2310 CPU @ 2.90GHz
Percentage of memory in use: 65%
Total physical RAM: 3972.38 MB
Available physical RAM: 1371.14 MB
Total Pagefile: 5252.38 MB
Available Pagefile: 1261.21 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:230.76 GB) (Free:78.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (WD WESTERN) (Fixed) (Total:74.51 GB) (Free:23.16 GB) FAT32
Drive f: (INTENSO) (Removable) (Total:3.73 GB) (Free:2.35 GB) FAT32
Drive g: (SICHERUNG 2) (Fixed) (Total:93.14 GB) (Free:23.74 GB) FAT32
Drive h: (VERBATIM) (Fixed) (Total:931.28 GB) (Free:805.46 GB) FAT32
Drive k: (SCANDISK) (Removable) (Total:29.82 GB) (Free:29.79 GB) FAT32
Drive l: (Sicherung 1) (Fixed) (Total:931.51 GB) (Free:832.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 2893EBBE)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=0C)

========================================================
Disk: 3 (Size: 29.8 GB) (Disk ID: 6E652072)
No partition Table on disk 3.

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: A76C72C3)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 93.2 GB) (Disk ID: 9056D507)
Partition 1: (Not Active) - (Size=93.2 GB) - (Type=06)

========================================================
Disk: 6 (Size: 74.5 GB) (Disk ID: 28F12A69)
Partition 1: (Active) - (Size=74.5 GB) - (Type=0C)

==================== End Of Log ============================

M-K-D-B · 17.03.2015, 14:42

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
S2 ioloSystemService; "C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" [X]
Task: C:\Windows\Tasks\AdvancedDriverUpdater_UPDATES.job => C:\Program Files (x86)\Advanced Driver Updater\adu.exe
C:\Program Files (x86)\Advanced Driver Updater
Task: {B2B21DD4-1F6D-492A-AD79-BB66FF26A6C4} - System32\Tasks\{0DC6CDDB-0711-42FB-9A1E-CCC76F140EAF} => pcalua.exe -a "C:\Users\Brockhoff\AppData\Roaming\Security System 2\uninstaller.exe"
C:\Users\Brockhoff\AppData\Roaming\Security System 2
Task: {9CBB7919-F0EB-45CB-84CB-8F71B760A606} - System32\Tasks\{D23AFADB-5DFD-4E15-86AD-25B10F1D6DC0} => pcalua.exe -a "C:\Program Files (x86)\PSHD-9.9\Uninstall.exe" -c /fcp=1
C:\Program Files (x86)\PSHD-9.9
Task: {88BD8C68-2B30-4807-B0EA-16F47AC47A2D} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk
Task: {85B7F723-CD01-42DE-A929-9CB40D2D3791} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe
Task: {0767E4BD-9317-4FFA-9B69-3C10F371037C} - System32\Tasks\AdvancedDriverUpdater_UPDATES => C:\Program Files (x86)\Advanced Driver Updater\adu.exe
RemoveProxy:
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.

Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

ATTFilter

:filefind
*System Mechanic*
*Advanced Driver Updater*

:folderfind
*System Mechanic*
*Advanced Driver Updater*

:regfind
System Mechanic
Advanced Driver Updater

Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.

Schritt 3

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von SystemLook,
die beiden neuen Logdateien von FRST.

paule11 · 19.03.2015, 09:04

Hallo Trojaner-Board,
ich bin vom 20.03.2015 -28.03.2015 einschl. nicht am PC.
Also erst wieder am 29.03.
Ich hoffe , das Ihr mir dann weiter helfen werdet das Problem auszuschalten.
Danke
paule11

M-K-D-B · 19.03.2015, 17:57

Zitat:

Zitat von paule11

Hallo Trojaner-Board,
ich bin vom 20.03.2015 -28.03.2015 einschl. nicht am PC.
Also erst wieder am 29.03.
Ich hoffe , das Ihr mir dann weiter helfen werdet das Problem auszuschalten.
Danke
paule11

Danke für die Info.

Kein Problem, dann bis zum 29.03.

Bis dann.

M-K-D-B · 30.03.2015, 12:04

Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!

15.03.2015, 15:56	#6
M-K-D-B /// TB-Ausbilder	Internetzugang funktioniert nicht immer Servus, ähm ja... hast du meinen letzten Post auch bis zu Ende gelesen? Was ist mit den Logdateien von AdwCleaner, MBAM, JRT und dem Kontrollscan mit FRST?

16.03.2015, 19:33	#10
M-K-D-B /// TB-Ausbilder	Internetzugang funktioniert nicht immer Servus, ok, FRST trotzdem bitte wie beschrieben ausführen.

30.03.2015, 12:04	#15
M-K-D-B /// TB-Ausbilder	Internetzugang funktioniert nicht immer Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen!

Internetzugang funktioniert nicht immer

Log-Analyse und Auswertung: Internetzugang funktioniert nicht immer