Internetzugang funktioniert nicht immer
 

Guten Tag,
habe längere Zeit meine Ruhe gehabt,doch nun muss ich mich melden, denn ich habe ein Problem.
Habe WIN8.1 und FireFox und FritzBox.
Nach dem TowerStart melde mich ins Internet an, über FireFox und WEB.de.Lees ist i.O.
Nach beenden arbeite ich mit anderen Programmen. Nun beabsichtige ich im Internet, so nach ca. 30 -50min erneut zu suchen. Klicke FF an und dann warte ich, da sich das System nicht mit der Startseite WEB.de verbindet.System schalter nach einiger Zeit ab.Nun lasse AdwClean das System durchsuchen und es werden mir einige Files angezeigt (siehr Anhang).
dann kann ich nach einem Neustart des Systemes wieder ohne Probleme in das Internet.:killpc:
Doch nach beenden von demselben ... siehe oben. :headbang:
Kann mir hier jemand helfen.
Schon mal Danke.
paule11

:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:

• Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
• Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
• Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
• Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
• Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
• Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

Danke für deine Mitarbeit!




Zur ersten Analyse bitte FRST ausführen:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

FRST Logfile:
--- --- ---
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Brockhoff at 2015-03-15 09:06:54
Running from C:\Users\Brockhoff\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1-abc.net Duplicate Finder (HKLM-x32\...\1-abc.net Duplicate Finder) (Version: - 1-abc.net Software Development and Distribution)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ALDI TALK Verbindungsassistent (HKLM-x32\...\ALDITALKVerbindungsassistent) (Version: ALDI TALK 4.0 - ALDI TALK Verbindungsassistent)
Anoto penDirector 1.4.0.0 (HKLM-x32\...\Anoto_penDirector) (Version: 1.4.0.0 - Anoto AB)
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.644 - Avira)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avanquest update (HKLM-x32\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.34 - Avanquest Software)
Avira (HKLM-x32\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C0A00}) (Version: 12.10.0.2949 - APN, LLC)
Avira Secure Backup (HKLM\...\Avira Secure Backup) (Version: 1.0.0 - Avira Secure Backup)
Avira System Speedup 1.6 (HKLM-x32\...\Avira System Speedup_is1) (Version: 1.6 - 2000 - 2015 Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Cinebook (x32 Version: 3.2.16 - SSW Software GmbH) Hidden
Citrix Online Launcher (HKLM-x32\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
DesignCAD 20 (HKLM-x32\...\{5870DF31-7BF8-4635-B708-7695CBCD5D48}) (Version: 20.0.0 - IMSIDesign)
DesignCAD 3D Max 22 (HKLM-x32\...\{CCB44106-246E-45A5-8507-801F39EFB55B}) (Version: 22.0.0 - IMSIDesign)
DesignCAD Toolkit Basis Version 1.1c (HKLM-x32\...\DesignCAD Toolkit Basis_is1) (Version: 1.1c - Franzis Verlag)
Duplicate Photo Cleaner (HKLM\...\Duplicate Photo Cleaner_is1) (Version: - WebMinds, Inc.)
Express Zip (HKLM-x32\...\ExpressZip) (Version: 2.18 - NCH Software)
FwD Updater 1.1 (HKLM-x32\...\FwD Updater) (Version: 1.1 - Funkwerk Dabendorf)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GS Modellbahn-Verwaltung 7D Version 1 (HKLM-x32\...\{B8F7C2D1-3094-4BF4-A763-9DC8467B5B46}_is1) (Version: 1 - Dipl.-Ing.(FH) Gert Spießhofer)
HDR projects elements (64-Bit) (HKLM\...\HDR projects elements_is1) (Version: 1.22 - Franzis Verlag GmbH)
HL-2130 (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
InfoBibliothek 2 (HKLM-x32\...\{78D7D7CD-A06B-4514-ACBD-8055BF945A8E}) (Version: 1.08.03.02 - Wolters Kluwer Deutschland GmbH)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 12.5.0 - iolo technologies, LLC)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
KPF-Zeller Speed-Cat USB V4.0 (HKLM-x32\...\Speed-Cat_is1) (Version: - )
LifeCloud Desktop Applications (HKLM-x32\...\{54DC3D01-80CC-44DA-830E-B942F063975B}) (Version: 1.4.4 - Axentra Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Max Local Application (HKLM-x32\...\Max Local Application) (Version: 1.4.1 - ELV Elektronik AG)
Max Local Application (x32 Version: 1.4.0 - eQ-3 Entwicklung GmbH) Hidden
Max Local Application (x32 Version: 1.4.1 - ELV Elektronik AG) Hidden
MAX!Buddy (HKLM-x32\...\MAX!Buddy) (Version: r9.16.2 - Sebastian Kopsan)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mediatek Bluetooth (HKLM\...\{A9409290-2A97-8735-93A3-DF710B1F44B0}) (Version: 11.0.742.0 - Mediatek)
Microsoft Access database engine 2010 (German) (HKLM-x32\...\{90140000-00D1-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MindVisualizer Deutsche Version (HKLM-x32\...\MindVisualizer Deutsche Version_is1) (Version: - InnovationGear.com)
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
MyDriveConnect 3.3.0.1812 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
MyFreeCodec (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\MyFreeCodec) (Version: - )
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
myphotobook.de (x32 Version: 1.5.3 - myphotobook GmbH) Hidden
MyScript Anoto InkRetriever 1.0 (HKLM-x32\...\MyScript Anoto InkRetriever 1.0_is1) (Version: 1.0.0.8 - Vision Objects)
MyScript Studio de_DE pack 1.2 (HKLM-x32\...\MyScript Studio de_DE pack 1.2_is1) (Version: 1.2.0.200 - Vision Objects)
MyScript Studio Notes Edition 1.2 (HKLM-x32\...\MyScript Studio 1.2_is1) (Version: 1.2.0.336 - Vision Objects)
Nero BurnLite 10 (HKLM-x32\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG)
Nero BurnLite 10 (HKLM-x32\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG)
Nuance OmniPage 18 (HKLM-x32\...\{F814FDB6-8F71-4697-AEA5-FB39C00364EE}) (Version: 18.0.0000 - Nuance Communications, Inc.)
Nuance PDF Converter Enterprise 8 (HKLM\...\{CCBC433F-343E-402A-9FB0-721218C52127}) (Version: 8.10.7268 - Nuance Communications, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Password Safe (HKLM-x32\...\Password Safe) (Version: - )
PDF Experte 9 Professional (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 9.01 - Avanquest Software)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.212.0 - Tracker Software Products Ltd)
penDirectorMergeModules (x32 Version: 1.4.0.0 - Anoto AB) Hidden
Photomizer Retro (HKLM-x32\...\{41B5224D-7853-4EA5-0001-C8949A33B608}) (Version: 2.0.14.106 - Engelmann Media GmbH)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PixelNet Software 4.14.4 (HKLM-x32\...\PixelNet Software) (Version: 4.14.4 - ORWO Net)
RAPID Mode (Version: 1.0.1.81 - Samsung Electronics Co., Ltd.) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.787.787.111413 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.21.909.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7272 - Realtek Semiconductor Corp.)
Rechtstipps - Der RechtsBerater (HKLM-x32\...\{69F060A7-E04F-4E33-AA8F-9EBF188823AB}) (Version: 15.02.0 - Akademische Arbeitsgemeinschaft Verlag)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.6 - Samsung)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_4 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_4 - Samsung Electronics Co., Ltd.) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.40.0 - SAMSUNG Electronics Co., Ltd.)
Scansoft PDF Professional (x32 Version: - ) Hidden
sceye 5th (HKLM-x32\...\{FF751753-5D0A-48A8-AE2B-C545C83C2013}) (Version: 5.5.1 - Silvercreations)
Schirmfoto (HKLM-x32\...\Schirmfoto_is1) (Version: 2014 - Abelssoft)
SimilarImages (HKLM-x32\...\SimilarImages) (Version: 2013.11 - Nils Maier)
SoftMaker Office Standard 2012 (HKLM-x32\...\{8EBB8452-274B-465D-8324-00B0832FBB02}) (Version: 12.0.3398 - SoftMaker Software GmbH)
Sparfuchs (HKLM-x32\...\Sparfuchs_is1) (Version: 2015 - Abelssoft)
SteuerBerater 2014-2015 (HKLM-x32\...\{A671167A-237C-4AFD-913C-0B64768EA8DC}) (Version: 15.01.0 - Akademische Arbeitsgemeinschaft)
Steuer-Spar-Erklärung Plus 2013 (HKLM-x32\...\{D4A69FFE-B7F6-42B6-ACF3-3F238F9A26D8}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung Plus 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.12.92 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung Plus 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.30.147 - Akademische Arbeitsgemeinschaft)
System Checkup 3.5 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.5.4.2 - iolo technologies, LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TraXEx 6.0 (HKLM-x32\...\TraXEx_is1) (Version: 6.0.0.0 - Alexander Miehlke Softwareentwicklung)
Tyre (HKLM-x32\...\Tyre_is1) (Version: 6.3.1.3 - 't Schrijverke)
UpdateStar Drivers (HKLM-x32\...\UpdateStar Drivers) (Version: 7.0.0 - UpdateStar)
USIM Editor 1.0.37.0 (HKLM-x32\...\Card Reader Driver and USIM Editor Program_is1) (Version: - )
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VitaDock® Online PC 1.0.530 (HKLM-x32\...\{2DDE97C5-863F-4FFB-84A2-70B21684D747}) (Version: 1.0.530.0 - Medisana)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WashAndGo (HKLM-x32\...\WashAndGo_is1) (Version: 19.3 - Abelssoft)
WEB.DE Online-Speicher 1.11.4174.0 (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\WEB.DE Application {sync-000021}) (Version: 1.11.4174.0 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung CE (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.1.1 - 1&1 Mail & Media GmbH)
Windows Driver Package - Prolific (Ser2pl) Ports (03/12/2010 3.3.11.152) (HKLM\...\1368C87DCBC1A47DB78AD625B2C7E102AF9F447F) (Version: 03/12/2010 3.3.11.152 - Prolific)
Windows-Treiberpaket - SilverCreations AG SceyeDrivers (12/10/2009 3.4.1.20) (HKLM\...\EED52136A3BEC35F575B1E02640D6CB902BACA01) (Version: 12/10/2009 3.4.1.20 - SilverCreations AG)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
WISO Mein Geld 2014 Professional (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\WISO Mein Geld 2014 Professional) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 2015 Professional .NET (HKLM-x32\...\WISO Mein Geld 2015 Professional .NET) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 2015 Professional .NET (x32 Version: 20.0.0.0 - Buhl Data Service GmbH) Hidden
Wondershare DVD Slideshow Builder HD-Video Deluxe(Build 6.1.4.4 (HKLM-x32\...\Wondershare DVD Slideshow Builder HD-Video Deluxe_is1) (Version: 6.1.4.48 - WonderShare Software Co.,Ltd.)
Wondershare PDF Editor(Build 3.9.1) (HKLM-x32\...\{75BAE677-F65A-45A4-9931-363FE0CF5E58}_is1) (Version: 3.9.1.2 - Wondershare Software Co.,Ltd.)
Wondershare Video Converter Pro(Build 6.0.1.0) (HKLM-x32\...\Wondershare Video Converter Pro_is1) (Version: 6.0.1.0 - Wondershare Software)
Zoner Photo Studio 15 (HKLM\...\ZonerPhotoStudio15_DE_is1) (Version: 15.0.1.7 - ZONER software)
Zoner Photo Studio 16 (HKLM\...\ZonerPhotoStudio16_DE_is1) (Version: 16.0.1.7 - ZONER software)
Zoner Photo Studio 17 (HKLM\...\ZonerPhotoStudio17_DE_is1) (Version: 17.0.1.4 - ZONER software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3158294459-1416924627-3807266797-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Brockhoff\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

28-02-2015 17:00:21 Removed Note Manager Software
06-03-2015 17:28:07 Rechtstipps - Der RechtsBerater wurde entfernt.
08-03-2015 16:36:11 Installed LifeCloud Desktop Applications
09-03-2015 07:55:57 Create system restore point before cleaning junk files
12-03-2015 10:33:32 Removed Mobile note taker 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0767E4BD-9317-4FFA-9B69-3C10F371037C} - System32\Tasks\AdvancedDriverUpdater_UPDATES => C:\Program Files (x86)\Advanced Driver Updater\adu.exe
Task: {07BF256E-F136-4466-8383-A06F5B962A1F} - System32\Tasks\Password Safe => C:\Program Files (x86)\Password Safe\pwsafe.exe [2014-07-28] (SourceForge.net)
Task: {0E68AB68-EA4F-4195-AE31-E68CD5B55A8E} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: {146566BA-19D3-40B9-97D5-543E094A5B22} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-12] (Microsoft Corporation)
Task: {34ADF59F-1EB5-404C-96D6-68A3243F3022} - System32\Tasks\ApnTBMon => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
Task: {523FE8AD-2BAE-49E6-827F-EEBC6F8C3EC2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-06] (Google Inc.)
Task: {52A27926-BD30-47C9-AEE6-076361A52611} - System32\Tasks\HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe [2014-01-29] (Intel Corporation)
Task: {691ED5C3-6C36-4199-ACA2-F494FE90DB28} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3158294459-1416924627-3807266797-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {85B7F723-CD01-42DE-A929-9CB40D2D3791} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe
Task: {85B89210-CDFE-4AA6-B114-E07759150DD6} - System32\Tasks\Schirmfoto => C:\Program Files (x86)\Schirmfoto\schirmfoto.exe [2013-09-30] (Abelssoft GmbH)
Task: {88BD8C68-2B30-4807-B0EA-16F47AC47A2D} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk
Task: {8DA72A00-3FD1-454D-8E2A-5C64D0E012D7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {9430E457-EF3F-4E22-8DAC-30E42BF4EBF4} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {95E4C3A0-D22A-4942-A92F-5B629D10725D} - System32\Tasks\Persistence => C:\WINDOWS\system32\igfxpers.exe [2014-01-29] (Intel Corporation)
Task: {9CBB7919-F0EB-45CB-84CB-8F71B760A606} - System32\Tasks\{D23AFADB-5DFD-4E15-86AD-25B10F1D6DC0} => pcalua.exe -a "C:\Program Files (x86)\PSHD-9.9\Uninstall.exe" -c /fcp=1
Task: {9E75B00A-1C81-41B8-A142-851B11532A9B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-08] (Adobe Systems Incorporated)
Task: {A3FE59EA-0BAE-437B-99C7-C6D2B0DE98CE} - System32\Tasks\AbelssoftPreloader => C:\Program Files (x86)\WashAndGo\AbelssoftPreloader.exe [2015-03-06] (Microsoft)
Task: {ADBE741C-6DAA-4D48-8BFA-EE0A30E57491} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-06] (Google Inc.)
Task: {B2B21DD4-1F6D-492A-AD79-BB66FF26A6C4} - System32\Tasks\{0DC6CDDB-0711-42FB-9A1E-CCC76F140EAF} => pcalua.exe -a "C:\Users\Brockhoff\AppData\Roaming\Security System 2\uninstaller.exe"
Task: {DA6FB7BC-F966-4ABB-AEAB-2684EDC9D1F2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {DC7FFE6B-12CB-4E9D-AC3B-D20BBF2D6E5B} - System32\Tasks\Ocster Backup => C:\Program Files\Ocster Backup\bin\backupClient-ox.exe
Task: {EEF37EE3-6FBE-4DF4-B704-14A50E2F1074} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [2015-01-30] (Avira Operations GmbH & Co. KG)
Task: {F8881643-754C-4307-995A-DD79095D7500} - System32\Tasks\WashAndGoNGBackground => C:\Program Files (x86)\WashAndGo\WashAndGo.exe [2015-03-06] (Microsoft)
Task: {FE8DD905-474F-4DA8-9776-35C8FD6053FB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: C:\Windows\Tasks\AbelssoftPreloader.job => C:\Program Files (x86)\WashAndGo\AbelssoftPreloader.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AdvancedDriverUpdater_UPDATES.job => C:\Program Files (x86)\Advanced Driver Updater\adu.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\Windows\Tasks\Schirmfoto.job => C:\Program Files (x86)\Schirmfoto\schirmfoto.exe
Task: C:\Windows\Tasks\WashAndGoNGBackground.job => C:\Program Files (x86)\WashAndGo\WashAndGo.exe

==================== Loaded Modules (whitelisted) ==============

2015-01-17 13:33 - 2011-09-13 09:16 - 00342984 ____N () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
2014-12-22 22:01 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-12-14 02:42 - 2012-12-14 02:42 - 00094208 _____ () C:\WINDOWS\system32\IccLibDll_x64.dll
2013-08-14 22:06 - 2013-09-30 18:22 - 00022144 _____ () C:\Program Files (x86)\Schirmfoto\AbSettingsKeeper.dll
2013-08-14 22:06 - 2013-09-30 18:22 - 00204416 _____ () C:\Program Files (x86)\Schirmfoto\AbBugReporter.dll
2013-08-14 22:06 - 2013-09-30 18:22 - 00050816 _____ () C:\Program Files (x86)\Schirmfoto\AbCommons.dll
2013-08-14 22:06 - 2013-09-30 18:23 - 00250496 _____ () C:\Program Files (x86)\Schirmfoto\SchirmfotoCommon.dll
2013-08-14 22:06 - 2013-09-30 18:22 - 00108160 _____ () C:\Program Files (x86)\Schirmfoto\Cropper.dll
2013-08-14 22:06 - 2013-09-30 18:22 - 01055872 _____ () C:\Program Files (x86)\Schirmfoto\AbScheduler.dll
2014-11-02 08:21 - 2015-03-06 15:03 - 00059656 _____ () C:\Program Files (x86)\WashAndGo\AbSettings.dll
2014-11-02 08:21 - 2015-03-06 15:03 - 00010504 _____ () C:\Program Files (x86)\WashAndGo\AbUpdateBugReporter.dll
2014-11-02 08:21 - 2015-03-06 15:03 - 01432328 _____ () C:\Program Files (x86)\WashAndGo\AbGui.dll
2014-11-02 08:21 - 2015-01-20 15:14 - 00024840 _____ () C:\Program Files (x86)\WashAndGo\OutlookCleaner.dll
2014-11-02 08:21 - 2015-01-20 15:14 - 00013576 _____ () C:\Program Files (x86)\WashAndGo\AbProcessManager.dll
2014-11-02 08:21 - 2014-10-13 09:43 - 00787968 _____ () C:\Program Files (x86)\WashAndGo\sqlite3.DLL
2013-11-06 11:58 - 2013-11-06 11:58 - 02048000 _____ () C:\Program Files\Avira Secure Backup\ShellExtensionx64\ShellExtension1.dll
2014-11-25 16:31 - 2014-11-25 16:31 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2015-01-17 13:33 - 2011-09-13 09:16 - 00510920 ____N () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-28 18:49 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll
2014-03-10 12:41 - 2014-10-15 12:11 - 00032768 _____ () C:\Program Files\CyberGhost 5\de\CyberGhost.resources.dll
2014-11-12 13:28 - 2014-11-03 08:32 - 01428584 _____ () C:\Program Files\CyberGhost 5\Geckofx-Core.dll
2014-02-26 12:16 - 2014-02-26 12:16 - 00032768 _____ () C:\Program Files (x86)\VitaDock\QHIDDLL.dll
2014-02-27 17:31 - 2014-02-27 17:31 - 00070656 _____ () C:\Program Files (x86)\VitaDock\QtSerialPort.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00026488 _____ () C:\Program Files (x86)\MyDrive Connect\DeviceDetection.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00087416 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterBase.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00398712 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterProxy.dll
2014-01-27 15:46 - 2014-01-27 15:46 - 00241664 _____ () C:\Program Files (x86)\MEDION\LifeCloud Desktop Applications\HipServAgent\libupnp.dll
2014-01-27 15:46 - 2014-01-27 15:46 - 00984064 _____ () C:\Program Files (x86)\MEDION\LifeCloud Desktop Applications\HipServAgent\libxml2.dll
2014-04-03 09:31 - 2011-01-31 08:45 - 00559244 _____ () C:\Program Files (x86)\TraXEx\sqlite3.dll
2014-03-10 12:41 - 2014-10-21 19:44 - 00165416 _____ () C:\Program Files\CyberGhost 5\Data\OpenVPN\liblzo2-2.dll
2014-03-10 12:41 - 2014-10-21 19:44 - 00112736 _____ () C:\Program Files\CyberGhost 5\Data\OpenVPN\libpkcs11-helper-1.dll
2013-11-06 11:59 - 2013-11-06 11:59 - 01633280 _____ () C:\Program Files\Avira Secure Backup\ShellExtension\ShellExtension.dll
2014-12-22 22:06 - 2014-12-22 22:30 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5B8EC693
AlternateDataStreams: C:\ProgramData\TEMP:7C784982
AlternateDataStreams: C:\ProgramData\TEMP:8D09CB9B
AlternateDataStreams: C:\ProgramData\TEMP:A303874F
AlternateDataStreams: C:\ProgramData\TEMP:B6AC352B
AlternateDataStreams: C:\Users\Brockhoff\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Brockhoff\SkyDrive (2).old:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Brockhoff\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img6.jpg
DNS Servers: 95.169.183.219 - 89.41.60.38

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ASO3DiskOptimizer => 3
MSCONFIG\Services: BTDevManager => 3
MSCONFIG\Services: CGVPNCliService => 2
MSCONFIG\Services: CGVPNCliSrvc => 3
MSCONFIG\Services: ioloSystemService => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: ocster_backup => 2
HKLM\...\StartupApproved\StartupFolder: => "penDirector.lnk"
HKLM\...\StartupApproved\Run: => "Ocster Backup"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run32: => "avgnt"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "COMPUTERBILD-Abzockschutz Premium"
HKLM\...\StartupApproved\Run32: => "InboxMonitor"
HKLM\...\StartupApproved\Run32: => "PDFProHook"
HKLM\...\StartupApproved\Run32: => "Avira Systray"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\StartupApproved\StartupFolder: => "Samsung Magician.lnk"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\StartupApproved\StartupFolder: => "Password Safe.lnk"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\StartupApproved\Run: => "TomTomHOME.exe"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\StartupApproved\Run: => "AviraSpeedup"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\StartupApproved\Run: => "Note Manager"

==================== Accounts: =============================

Administrator (S-1-5-21-3158294459-1416924627-3807266797-500 - Administrator - Disabled) => C:\Users\Administrator
Brockhoff (S-1-5-21-3158294459-1416924627-3807266797-1001 - Administrator - Enabled) => C:\Users\Brockhoff
Guest (S-1-5-21-3158294459-1416924627-3807266797-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Siggis Galaxy
Description: GT-I9300
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: SAMSUNG Electronics Co. Ltd.
Service: WUDFWpdMtp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/15/2015 09:01:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.3.9600.17667, Zeitstempel: 0x54c6f7c2
Name des fehlerhaften Moduls: twinui.appcore.dll, Version: 6.3.9600.17195, Zeitstempel: 0x5389407c
Ausnahmecode: 0x80270233
Fehleroffset: 0x0000000000087c77
ID des fehlerhaften Prozesses: 0xf48
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Vollständiger Name des fehlerhaften Pakets: Explorer.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Explorer.EXE5

Error: (03/14/2015 06:59:40 PM) (Source: Avira Secure Backup Crawler) (EventID: 1) (User: )
Description: An error has occurred (Problem mit Benutzerkonto
).

Error: (03/14/2015 05:57:58 PM) (Source: Avira Secure Backup Crawler) (EventID: 1) (User: )
Description: An error has occurred (Problem mit Benutzerkonto
).

Error: (03/14/2015 05:53:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.3.9600.17667, Zeitstempel: 0x54c6f7c2
Name des fehlerhaften Moduls: twinui.appcore.dll, Version: 6.3.9600.17195, Zeitstempel: 0x5389407c
Ausnahmecode: 0x80270233
Fehleroffset: 0x0000000000087c77
ID des fehlerhaften Prozesses: 0xfa0
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Vollständiger Name des fehlerhaften Pakets: Explorer.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Explorer.EXE5

Error: (03/14/2015 01:31:10 PM) (Source: Avira Secure Backup Crawler) (EventID: 1) (User: )
Description: An error has occurred (Problem mit Benutzerkonto
).

Error: (03/14/2015 01:30:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.3.9600.17667, Zeitstempel: 0x54c6f7c2
Name des fehlerhaften Moduls: twinui.appcore.dll, Version: 6.3.9600.17195, Zeitstempel: 0x5389407c
Ausnahmecode: 0x80270233
Fehleroffset: 0x0000000000087c77
ID des fehlerhaften Prozesses: 0xef8
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Vollständiger Name des fehlerhaften Pakets: Explorer.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Explorer.EXE5

Error: (03/14/2015 01:11:33 PM) (Source: Avira Secure Backup Crawler) (EventID: 1) (User: )
Description: An error has occurred (Problem mit Benutzerkonto
).

Error: (03/14/2015 00:10:55 PM) (Source: Avira Secure Backup Crawler) (EventID: 1) (User: )
Description: An error has occurred (Problem mit Benutzerkonto
).

Error: (03/14/2015 10:57:27 AM) (Source: Avira Secure Backup Crawler) (EventID: 1) (User: )
Description: An error has occurred (Problem mit Benutzerkonto
).

Error: (03/14/2015 10:37:20 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.


System errors:
=============
Error: (03/15/2015 08:58:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "iolo System Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (03/15/2015 08:58:55 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Smart Card" ist vom Dienst "Windows Driver Foundation - User-mode Driver Framework" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1070

Error: (03/15/2015 08:58:55 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Driver Foundation - User-mode Driver Framework" wurde nicht richtig gestartet.

Error: (03/14/2015 05:53:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "iolo System Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (03/14/2015 05:51:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "iolo System Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (03/14/2015 01:30:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "iolo System Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (03/14/2015 01:26:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "iolo System Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (03/14/2015 01:26:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Secure Backup Crawler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/14/2015 01:26:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/14/2015 01:26:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Restart the service.


Microsoft Office Sessions:
=========================
Error: (03/15/2015 09:01:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2twinui.appcore.dll6.3.9600.171955389407c802702330000000000087c77f4801d05ef5fd8dca47C:\Windows\Explorer.EXEC:\Windows \System32\twinui.appcore.dll83492e01-cae9-11e4-81a6-0015835015af

Error: (03/14/2015 06:59:40 PM) (Source: Avira Secure Backup Crawler) (EventID: 1) (User: )
Description: Avira Secure Backup CrawlerProblem mit Benutzerkonto

Error: (03/14/2015 05:57:58 PM) (Source: Avira Secure Backup Crawler) (EventID: 1) (User: )
Description: Avira Secure Backup CrawlerProblem mit Benutzerkonto

Error: (03/14/2015 05:53:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2twinui.appcore.dll6.3.9600.171955389407c802702330000000000087c77fa001d05e771bc5f8d6C:\Windows\Explorer.EXEC:\Windows \System32\twinui.appcore.dlla1ac756c-ca6a-11e4-81a5-001999e9fa1d

Error: (03/14/2015 01:31:10 PM) (Source: Avira Secure Backup Crawler) (EventID: 1) (User: )
Description: Avira Secure Backup CrawlerProblem mit Benutzerkonto

Error: (03/14/2015 01:30:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2twinui.appcore.dll6.3.9600.171955389407c802702330000000000087c77ef801d05e525acefa3dC:\Windows\Explorer.EXEC:\Windows \System32\twinui.appcore.dlle0daba8d-ca45-11e4-81a4-0015835015af

Error: (03/14/2015 01:11:33 PM) (Source: Avira Secure Backup Crawler) (EventID: 1) (User: )
Description: Avira Secure Backup CrawlerProblem mit Benutzerkonto

Error: (03/14/2015 00:10:55 PM) (Source: Avira Secure Backup Crawler) (EventID: 1) (User: )
Description: Avira Secure Backup CrawlerProblem mit Benutzerkonto

Error: (03/14/2015 10:57:27 AM) (Source: Avira Secure Backup Crawler) (EventID: 1) (User: )
Description: Avira Secure Backup CrawlerProblem mit Benutzerkonto

Error: (03/14/2015 10:37:20 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\mindvisualizer standard edition\DelZip179.dllc:\program files (x86)\mindvisualizer standard edition\DelZip179.dll8


CodeIntegrity Errors:
===================================
Date: 2014-11-24 18:34:39.559
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:39.420
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:39.286
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:39.153
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:39.018
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:38.885
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:38.747
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:38.614
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:38.478
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:38.345
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2310 CPU @ 2.90GHz
Percentage of memory in use: 70%
Total physical RAM: 3972.38 MB
Available physical RAM: 1170.98 MB
Total Pagefile: 5252.38 MB
Available Pagefile: 1588.02 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:230.76 GB) (Free:72.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (MEDION USB) (Removable) (Total:29.44 GB) (Free:29.44 GB) FAT32
Drive f: (INTENSO) (Removable) (Total:3.73 GB) (Free:2.35 GB) FAT32
Drive g: (SICHERUNG 2) (Fixed) (Total:93.14 GB) (Free:23.74 GB) FAT32
Drive h: (VERBATIM) (Fixed) (Total:931.28 GB) (Free:805.46 GB) FAT32
Drive k: (SCANDISK) (Removable) (Total:29.82 GB) (Free:29.79 GB) FAT32
Drive l: (Sicherung 1) (Fixed) (Total:931.51 GB) (Free:832.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 2893EBBE)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=0C)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 29.5 GB) (Disk ID: F5726138)
Partition 1: (Not Active) - (Size=29.4 GB) - (Type=0C)

========================================================
Disk: 4 (Size: 29.8 GB) (Disk ID: 6E652072)
No partition Table on disk 4.

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: A76C72C3)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 93.2 GB) (Disk ID: 9056D507)
Partition 1: (Not Active) - (Size=93.2 GB) - (Type=06)

==================== End Of Log ============================

[/CODE]

Zukünftig bitte beachten:
Leider hast du unsere Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.
Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter.






Schritt 1
Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware

• Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
• Starte Malwarebytes' Anti-Malware (MBAM).
• Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
• Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
• Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
• Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
• Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
• Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 4

• Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
• FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
• Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

• die Logdatei von AdwCleaner,
• die Logdatei von MBAM,
• die Logdatei von JRT,
• die beiden neuen Logdateien von FRST.

Hoffe nun ist es O.K.

Servus,


ähm ja... hast du meinen letzten Post auch bis zu Ende gelesen?

Was ist mit den Logdateien von AdwCleaner, MBAM, JRT und dem Kontrollscan mit FRST?

Habe alle5 txt Dateien einzel kopiert und in die Zwischenablage zwischen die CODE Tags einkopiert.Konnte nach End of File die einzelnen Dateien lesen.Ich mache doch hier nichts falsch.
paule11



FRST Logfile:
--- --- ---
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Brockhoff at 2015-03-15 12:20:09
Running from C:\Users\Brockhoff\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1-abc.net Duplicate Finder (HKLM-x32\...\1-abc.net Duplicate Finder) (Version: - 1-abc.net Software Development and Distribution)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ALDI TALK Verbindungsassistent (HKLM-x32\...\ALDITALKVerbindungsassistent) (Version: ALDI TALK 4.0 - ALDI TALK Verbindungsassistent)
Anoto penDirector 1.4.0.0 (HKLM-x32\...\Anoto_penDirector) (Version: 1.4.0.0 - Anoto AB)
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.644 - Avira)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avanquest update (HKLM-x32\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.34 - Avanquest Software)
Avira (HKLM-x32\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C0A00}) (Version: 12.10.0.2949 - APN, LLC)
Avira Secure Backup (HKLM\...\Avira Secure Backup) (Version: 1.0.0 - Avira Secure Backup)
Avira System Speedup 1.6 (HKLM-x32\...\Avira System Speedup_is1) (Version: 1.6 - 2000 - 2015 Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Cinebook (x32 Version: 3.2.16 - SSW Software GmbH) Hidden
Citrix Online Launcher (HKLM-x32\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
DesignCAD 20 (HKLM-x32\...\{5870DF31-7BF8-4635-B708-7695CBCD5D48}) (Version: 20.0.0 - IMSIDesign)
DesignCAD 3D Max 22 (HKLM-x32\...\{CCB44106-246E-45A5-8507-801F39EFB55B}) (Version: 22.0.0 - IMSIDesign)
DesignCAD Toolkit Basis Version 1.1c (HKLM-x32\...\DesignCAD Toolkit Basis_is1) (Version: 1.1c - Franzis Verlag)
Duplicate Photo Cleaner (HKLM\...\Duplicate Photo Cleaner_is1) (Version: - WebMinds, Inc.)
Express Zip (HKLM-x32\...\ExpressZip) (Version: 2.18 - NCH Software)
FwD Updater 1.1 (HKLM-x32\...\FwD Updater) (Version: 1.1 - Funkwerk Dabendorf)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GS Modellbahn-Verwaltung 7D Version 1 (HKLM-x32\...\{B8F7C2D1-3094-4BF4-A763-9DC8467B5B46}_is1) (Version: 1 - Dipl.-Ing.(FH) Gert Spießhofer)
HDR projects elements (64-Bit) (HKLM\...\HDR projects elements_is1) (Version: 1.22 - Franzis Verlag GmbH)
HL-2130 (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
InfoBibliothek 2 (HKLM-x32\...\{78D7D7CD-A06B-4514-ACBD-8055BF945A8E}) (Version: 1.08.03.02 - Wolters Kluwer Deutschland GmbH)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 12.5.0 - iolo technologies, LLC)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
KPF-Zeller Speed-Cat USB V4.0 (HKLM-x32\...\Speed-Cat_is1) (Version: - )
LifeCloud Desktop Applications (HKLM-x32\...\{54DC3D01-80CC-44DA-830E-B942F063975B}) (Version: 1.4.4 - Axentra Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Max Local Application (HKLM-x32\...\Max Local Application) (Version: 1.4.1 - ELV Elektronik AG)
Max Local Application (x32 Version: 1.4.0 - eQ-3 Entwicklung GmbH) Hidden
Max Local Application (x32 Version: 1.4.1 - ELV Elektronik AG) Hidden
MAX!Buddy (HKLM-x32\...\MAX!Buddy) (Version: r9.16.2 - Sebastian Kopsan)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mediatek Bluetooth (HKLM\...\{A9409290-2A97-8735-93A3-DF710B1F44B0}) (Version: 11.0.742.0 - Mediatek)
Microsoft Access database engine 2010 (German) (HKLM-x32\...\{90140000-00D1-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MindVisualizer Deutsche Version (HKLM-x32\...\MindVisualizer Deutsche Version_is1) (Version: - InnovationGear.com)
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
MyDriveConnect 3.3.0.1812 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
MyFreeCodec (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\MyFreeCodec) (Version: - )
MyFreeCodec (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MyFreeCodec) (Version: - )
MyFreeCodec (HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MyFreeCodec) (Version: - )
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
myphotobook.de (x32 Version: 1.5.3 - myphotobook GmbH) Hidden
MyScript Anoto InkRetriever 1.0 (HKLM-x32\...\MyScript Anoto InkRetriever 1.0_is1) (Version: 1.0.0.8 - Vision Objects)
MyScript Studio de_DE pack 1.2 (HKLM-x32\...\MyScript Studio de_DE pack 1.2_is1) (Version: 1.2.0.200 - Vision Objects)
MyScript Studio Notes Edition 1.2 (HKLM-x32\...\MyScript Studio 1.2_is1) (Version: 1.2.0.336 - Vision Objects)
Nero BurnLite 10 (HKLM-x32\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG)
Nero BurnLite 10 (HKLM-x32\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG)
Nuance OmniPage 18 (HKLM-x32\...\{F814FDB6-8F71-4697-AEA5-FB39C00364EE}) (Version: 18.0.0000 - Nuance Communications, Inc.)
Nuance PDF Converter Enterprise 8 (HKLM\...\{CCBC433F-343E-402A-9FB0-721218C52127}) (Version: 8.10.7268 - Nuance Communications, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Password Safe (HKLM-x32\...\Password Safe) (Version: - )
PDF Experte 9 Professional (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 9.01 - Avanquest Software)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.212.0 - Tracker Software Products Ltd)
penDirectorMergeModules (x32 Version: 1.4.0.0 - Anoto AB) Hidden
Photomizer Retro (HKLM-x32\...\{41B5224D-7853-4EA5-0001-C8949A33B608}) (Version: 2.0.14.106 - Engelmann Media GmbH)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PixelNet Software 4.14.4 (HKLM-x32\...\PixelNet Software) (Version: 4.14.4 - ORWO Net)
RAPID Mode (Version: 1.0.1.81 - Samsung Electronics Co., Ltd.) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.787.787.111413 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.21.909.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7272 - Realtek Semiconductor Corp.)
Rechtstipps - Der RechtsBerater (HKLM-x32\...\{69F060A7-E04F-4E33-AA8F-9EBF188823AB}) (Version: 15.02.0 - Akademische Arbeitsgemeinschaft Verlag)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.6 - Samsung)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_4 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_4 - Samsung Electronics Co., Ltd.) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.40.0 - SAMSUNG Electronics Co., Ltd.)
Scansoft PDF Professional (x32 Version: - ) Hidden
sceye 5th (HKLM-x32\...\{FF751753-5D0A-48A8-AE2B-C545C83C2013}) (Version: 5.5.1 - Silvercreations)
Schirmfoto (HKLM-x32\...\Schirmfoto_is1) (Version: 2014 - Abelssoft)
SimilarImages (HKLM-x32\...\SimilarImages) (Version: 2013.11 - Nils Maier)
SoftMaker Office Standard 2012 (HKLM-x32\...\{8EBB8452-274B-465D-8324-00B0832FBB02}) (Version: 12.0.3398 - SoftMaker Software GmbH)
Sparfuchs (HKLM-x32\...\Sparfuchs_is1) (Version: 2015 - Abelssoft)
SteuerBerater 2014-2015 (HKLM-x32\...\{A671167A-237C-4AFD-913C-0B64768EA8DC}) (Version: 15.01.0 - Akademische Arbeitsgemeinschaft)
Steuer-Spar-Erklärung Plus 2013 (HKLM-x32\...\{D4A69FFE-B7F6-42B6-ACF3-3F238F9A26D8}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung Plus 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.12.92 - Akademische Arbeitsgemeinschaft)
SteuerSparErklärung Plus 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.30.147 - Akademische Arbeitsgemeinschaft)
System Checkup 3.5 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.5.4.2 - iolo technologies, LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TraXEx 6.0 (HKLM-x32\...\TraXEx_is1) (Version: 6.0.0.0 - Alexander Miehlke Softwareentwicklung)
Tyre (HKLM-x32\...\Tyre_is1) (Version: 6.3.1.3 - 't Schrijverke)
UpdateStar Drivers (HKLM-x32\...\UpdateStar Drivers) (Version: 7.0.0 - UpdateStar)
USIM Editor 1.0.37.0 (HKLM-x32\...\Card Reader Driver and USIM Editor Program_is1) (Version: - )
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VitaDock® Online PC 1.0.530 (HKLM-x32\...\{2DDE97C5-863F-4FFB-84A2-70B21684D747}) (Version: 1.0.530.0 - Medisana)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WashAndGo (HKLM-x32\...\WashAndGo_is1) (Version: 19.3 - Abelssoft)
WEB.DE Online-Speicher 1.11.4174.0 (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\WEB.DE Application {sync-000021}) (Version: 1.11.4174.0 - 1&1 Mail & Media GmbH)
WEB.DE Online-Speicher 1.11.4174.0 (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WEB.DE Application {sync-000021}) (Version: 1.11.4174.0 - 1&1 Mail & Media GmbH)
WEB.DE Online-Speicher 1.5.1888.0 (HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WEB.DE Application {sync-000021}) (Version: 1.5.1888.0 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung CE (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.1.1 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung CE (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.1.1 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung CE (HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.1.1 - 1&1 Mail & Media GmbH)
Windows Driver Package - Prolific (Ser2pl) Ports (03/12/2010 3.3.11.152) (HKLM\...\1368C87DCBC1A47DB78AD625B2C7E102AF9F447F) (Version: 03/12/2010 3.3.11.152 - Prolific)
Windows-Treiberpaket - SilverCreations AG SceyeDrivers (12/10/2009 3.4.1.20) (HKLM\...\EED52136A3BEC35F575B1E02640D6CB902BACA01) (Version: 12/10/2009 3.4.1.20 - SilverCreations AG)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
WISO Mein Geld 2014 Professional (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\WISO Mein Geld 2014 Professional) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 2014 Professional (HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WISO Mein Geld 2014 Professional) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 2014 Professional (HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WISO Mein Geld 2014 Professional) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 2015 Professional .NET (HKLM-x32\...\WISO Mein Geld 2015 Professional .NET) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 2015 Professional .NET (x32 Version: 20.0.0.0 - Buhl Data Service GmbH) Hidden
Wondershare DVD Slideshow Builder HD-Video Deluxe(Build 6.1.4.4 (HKLM-x32\...\Wondershare DVD Slideshow Builder HD-Video Deluxe_is1) (Version: 6.1.4.48 - WonderShare Software Co.,Ltd.)
Wondershare PDF Editor(Build 3.9.1) (HKLM-x32\...\{75BAE677-F65A-45A4-9931-363FE0CF5E58}_is1) (Version: 3.9.1.2 - Wondershare Software Co.,Ltd.)
Wondershare Video Converter Pro(Build 6.0.1.0) (HKLM-x32\...\Wondershare Video Converter Pro_is1) (Version: 6.0.1.0 - Wondershare Software)
Zoner Photo Studio 15 (HKLM\...\ZonerPhotoStudio15_DE_is1) (Version: 15.0.1.7 - ZONER software)
Zoner Photo Studio 16 (HKLM\...\ZonerPhotoStudio16_DE_is1) (Version: 16.0.1.7 - ZONER software)
Zoner Photo Studio 17 (HKLM\...\ZonerPhotoStudio17_DE_is1) (Version: 17.0.1.4 - ZONER software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3158294459-1416924627-3807266797-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Brockhoff\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

28-02-2015 17:00:21 Removed Note Manager Software
06-03-2015 17:28:07 Rechtstipps - Der RechtsBerater wurde entfernt.
08-03-2015 16:36:11 Installed LifeCloud Desktop Applications
09-03-2015 07:55:57 Create system restore point before cleaning junk files
12-03-2015 10:33:32 Removed Mobile note taker 3.0
15-03-2015 12:15:06 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0767E4BD-9317-4FFA-9B69-3C10F371037C} - System32\Tasks\AdvancedDriverUpdater_UPDATES => C:\Program Files (x86)\Advanced Driver Updater\adu.exe
Task: {07BF256E-F136-4466-8383-A06F5B962A1F} - System32\Tasks\Password Safe => C:\Program Files (x86)\Password Safe\pwsafe.exe [2014-07-28] (SourceForge.net)
Task: {0E68AB68-EA4F-4195-AE31-E68CD5B55A8E} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: {34ADF59F-1EB5-404C-96D6-68A3243F3022} - System32\Tasks\ApnTBMon => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
Task: {523FE8AD-2BAE-49E6-827F-EEBC6F8C3EC2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-06] (Google Inc.)
Task: {52A27926-BD30-47C9-AEE6-076361A52611} - System32\Tasks\HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe [2014-01-29] (Intel Corporation)
Task: {691ED5C3-6C36-4199-ACA2-F494FE90DB28} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3158294459-1416924627-3807266797-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {85B7F723-CD01-42DE-A929-9CB40D2D3791} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe
Task: {85B89210-CDFE-4AA6-B114-E07759150DD6} - System32\Tasks\Schirmfoto => C:\Program Files (x86)\Schirmfoto\schirmfoto.exe [2013-09-30] (Abelssoft GmbH)
Task: {88BD8C68-2B30-4807-B0EA-16F47AC47A2D} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk
Task: {8DA72A00-3FD1-454D-8E2A-5C64D0E012D7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {9430E457-EF3F-4E22-8DAC-30E42BF4EBF4} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {95E4C3A0-D22A-4942-A92F-5B629D10725D} - System32\Tasks\Persistence => C:\WINDOWS\system32\igfxpers.exe [2014-01-29] (Intel Corporation)
Task: {9CBB7919-F0EB-45CB-84CB-8F71B760A606} - System32\Tasks\{D23AFADB-5DFD-4E15-86AD-25B10F1D6DC0} => pcalua.exe -a "C:\Program Files (x86)\PSHD-9.9\Uninstall.exe" -c /fcp=1
Task: {9E75B00A-1C81-41B8-A142-851B11532A9B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-08] (Adobe Systems Incorporated)
Task: {A3FE59EA-0BAE-437B-99C7-C6D2B0DE98CE} - System32\Tasks\AbelssoftPreloader => C:\Program Files (x86)\WashAndGo\AbelssoftPreloader.exe [2015-03-06] (Microsoft)
Task: {ADBE741C-6DAA-4D48-8BFA-EE0A30E57491} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-06] (Google Inc.)
Task: {B2B21DD4-1F6D-492A-AD79-BB66FF26A6C4} - System32\Tasks\{0DC6CDDB-0711-42FB-9A1E-CCC76F140EAF} => pcalua.exe -a "C:\Users\Brockhoff\AppData\Roaming\Security System 2\uninstaller.exe"
Task: {DA6FB7BC-F966-4ABB-AEAB-2684EDC9D1F2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {DAE9D35F-E761-4E05-9D3B-CA84970A962B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-12] (Microsoft Corporation)
Task: {DC7FFE6B-12CB-4E9D-AC3B-D20BBF2D6E5B} - System32\Tasks\Ocster Backup => C:\Program Files\Ocster Backup\bin\backupClient-ox.exe
Task: {EEF37EE3-6FBE-4DF4-B704-14A50E2F1074} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [2015-01-30] (Avira Operations GmbH & Co. KG)
Task: {F8881643-754C-4307-995A-DD79095D7500} - System32\Tasks\WashAndGoNGBackground => C:\Program Files (x86)\WashAndGo\WashAndGo.exe [2015-03-06] (Microsoft)
Task: {FE8DD905-474F-4DA8-9776-35C8FD6053FB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: C:\Windows\Tasks\AbelssoftPreloader.job => C:\Program Files (x86)\WashAndGo\AbelssoftPreloader.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AdvancedDriverUpdater_UPDATES.job => C:\Program Files (x86)\Advanced Driver Updater\adu.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\Windows\Tasks\Schirmfoto.job => C:\Program Files (x86)\Schirmfoto\schirmfoto.exe
Task: C:\Windows\Tasks\WashAndGoNGBackground.job => C:\Program Files (x86)\WashAndGo\WashAndGo.exe

==================== Loaded Modules (whitelisted) ==============

2015-01-17 13:33 - 2011-09-13 09:16 - 00342984 ____N () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
2014-12-22 22:01 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-12-14 02:42 - 2012-12-14 02:42 - 00094208 _____ () C:\WINDOWS\system32\IccLibDll_x64.dll
2014-11-02 08:21 - 2015-03-06 15:03 - 00059656 _____ () C:\Program Files (x86)\WashAndGo\AbSettings.dll
2014-11-02 08:21 - 2015-03-06 15:03 - 00010504 _____ () C:\Program Files (x86)\WashAndGo\AbUpdateBugReporter.dll
2014-11-02 08:21 - 2015-03-06 15:03 - 01432328 _____ () C:\Program Files (x86)\WashAndGo\AbGui.dll
2014-11-02 08:21 - 2015-01-20 15:14 - 00024840 _____ () C:\Program Files (x86)\WashAndGo\OutlookCleaner.dll
2014-11-02 08:21 - 2015-01-20 15:14 - 00013576 _____ () C:\Program Files (x86)\WashAndGo\AbProcessManager.dll
2014-11-02 08:21 - 2014-10-13 09:43 - 00787968 _____ () C:\Program Files (x86)\WashAndGo\sqlite3.DLL
2013-08-14 22:06 - 2013-09-30 18:22 - 00022144 _____ () C:\Program Files (x86)\Schirmfoto\AbSettingsKeeper.dll
2013-08-14 22:06 - 2013-09-30 18:22 - 00204416 _____ () C:\Program Files (x86)\Schirmfoto\AbBugReporter.dll
2013-08-14 22:06 - 2013-09-30 18:22 - 00050816 _____ () C:\Program Files (x86)\Schirmfoto\AbCommons.dll
2013-08-14 22:06 - 2013-09-30 18:23 - 00250496 _____ () C:\Program Files (x86)\Schirmfoto\SchirmfotoCommon.dll
2013-08-14 22:06 - 2013-09-30 18:22 - 00108160 _____ () C:\Program Files (x86)\Schirmfoto\Cropper.dll
2013-08-14 22:06 - 2013-09-30 18:22 - 01055872 _____ () C:\Program Files (x86)\Schirmfoto\AbScheduler.dll
2013-11-06 15:52 - 2013-11-06 15:52 - 02258000 _____ () C:\Program Files\Avira Secure Backup\Avira Secure BackupCrawler.exe
2015-01-17 13:33 - 2011-09-13 09:16 - 00510920 ____N () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
2013-11-06 11:58 - 2013-11-06 11:58 - 02048000 _____ () C:\Program Files\Avira Secure Backup\ShellExtensionx64\ShellExtension1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-28 18:49 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll
2014-03-10 12:41 - 2014-10-15 12:11 - 00032768 _____ () C:\Program Files\CyberGhost 5\de\CyberGhost.resources.dll
2014-11-12 13:28 - 2014-11-03 08:32 - 01428584 _____ () C:\Program Files\CyberGhost 5\Geckofx-Core.dll
2014-02-26 12:16 - 2014-02-26 12:16 - 00032768 _____ () C:\Program Files (x86)\VitaDock\QHIDDLL.dll
2014-02-27 17:31 - 2014-02-27 17:31 - 00070656 _____ () C:\Program Files (x86)\VitaDock\QtSerialPort.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00026488 _____ () C:\Program Files (x86)\MyDrive Connect\DeviceDetection.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00087416 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterBase.dll
2014-10-03 13:04 - 2014-10-03 13:04 - 00398712 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterProxy.dll
2014-01-27 15:46 - 2014-01-27 15:46 - 00241664 _____ () C:\Program Files (x86)\MEDION\LifeCloud Desktop Applications\HipServAgent\libupnp.dll
2014-01-27 15:46 - 2014-01-27 15:46 - 00984064 _____ () C:\Program Files (x86)\MEDION\LifeCloud Desktop Applications\HipServAgent\libxml2.dll
2014-04-03 09:31 - 2011-01-31 08:45 - 00559244 _____ () C:\Program Files (x86)\TraXEx\sqlite3.dll
2014-03-10 12:41 - 2014-10-21 19:44 - 00165416 _____ () C:\Program Files\CyberGhost 5\Data\OpenVPN\liblzo2-2.dll
2014-03-10 12:41 - 2014-10-21 19:44 - 00112736 _____ () C:\Program Files\CyberGhost 5\Data\OpenVPN\libpkcs11-helper-1.dll
2013-11-06 11:59 - 2013-11-06 11:59 - 01633280 _____ () C:\Program Files\Avira Secure Backup\ShellExtension\ShellExtension.dll
2014-12-22 22:06 - 2014-12-22 22:30 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5B8EC693
AlternateDataStreams: C:\ProgramData\TEMP:7C784982
AlternateDataStreams: C:\ProgramData\TEMP:8D09CB9B
AlternateDataStreams: C:\ProgramData\TEMP:A303874F
AlternateDataStreams: C:\ProgramData\TEMP:B6AC352B
AlternateDataStreams: C:\Users\Brockhoff\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Brockhoff\SkyDrive (2).old:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Brockhoff\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img6.jpg
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Brockhoff\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img6.jpg
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 95.169.183.219 - 89.41.60.38

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ASO3DiskOptimizer => 3
MSCONFIG\Services: BTDevManager => 3
MSCONFIG\Services: CGVPNCliService => 2
MSCONFIG\Services: CGVPNCliSrvc => 3
MSCONFIG\Services: ioloSystemService => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: ocster_backup => 2
HKLM\...\StartupApproved\StartupFolder: => "penDirector.lnk"
HKLM\...\StartupApproved\Run: => "Ocster Backup"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run32: => "avgnt"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "COMPUTERBILD-Abzockschutz Premium"
HKLM\...\StartupApproved\Run32: => "InboxMonitor"
HKLM\...\StartupApproved\Run32: => "PDFProHook"
HKLM\...\StartupApproved\Run32: => "Avira Systray"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\StartupApproved\StartupFolder: => "Samsung Magician.lnk"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\StartupApproved\StartupFolder: => "Password Safe.lnk"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\StartupApproved\Run: => "TomTomHOME.exe"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\StartupApproved\Run: => "AviraSpeedup"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001\...\StartupApproved\Run: => "Note Manager"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Samsung Magician.lnk"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Password Safe.lnk"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "TomTomHOME.exe"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "AviraSpeedup"
HKU\S-1-5-21-3158294459-1416924627-3807266797-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Note Manager"
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Samsung Magician.lnk"
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Password Safe.lnk"
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "TomTomHOME.exe"
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Zoner Photo Studio Autoupdate"
HKU\S-1-5-21-3158294459-1416924627-3807266797-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Note Manager"

==================== Accounts: =============================

Administrator (S-1-5-21-3158294459-1416924627-3807266797-500 - Administrator - Disabled) => C:\Users\Administrator
Brockhoff (S-1-5-21-3158294459-1416924627-3807266797-1001 - Administrator - Enabled) => C:\Users\Brockhoff
Guest (S-1-5-21-3158294459-1416924627-3807266797-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/15/2015 00:15:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (03/15/2015 00:15:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.


CodeIntegrity Errors:
===================================
Date: 2014-11-24 18:34:39.559
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:39.420
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:39.286
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:39.153
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:39.018
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:38.885
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:38.747
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:38.614
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:38.478
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-24 18:34:38.345
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2310 CPU @ 2.90GHz
Percentage of memory in use: 81%
Total physical RAM: 3972.38 MB
Available physical RAM: 751.89 MB
Total Pagefile: 5252.38 MB
Available Pagefile: 859.51 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:230.76 GB) (Free:69.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (MEDION USB) (Removable) (Total:29.44 GB) (Free:29.44 GB) FAT32
Drive f: (INTENSO) (Removable) (Total:3.73 GB) (Free:2.35 GB) FAT32
Drive g: (SICHERUNG 2) (Fixed) (Total:93.14 GB) (Free:23.74 GB) FAT32
Drive h: (VERBATIM) (Fixed) (Total:931.28 GB) (Free:805.46 GB) FAT32
Drive k: (SCANDISK) (Removable) (Total:29.82 GB) (Free:29.79 GB) FAT32
Drive l: (Sicherung 1) (Fixed) (Total:931.51 GB) (Free:832.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 2893EBBE)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=0C)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 29.5 GB) (Disk ID: F5726138)
Partition 1: (Not Active) - (Size=29.4 GB) - (Type=0C)

========================================================
Disk: 4 (Size: 29.8 GB) (Disk ID: 6E652072)
No partition Table on disk 4.

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: A76C72C3)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 93.2 GB) (Disk ID: 9056D507)
Partition 1: (Not Active) - (Size=93.2 GB) - (Type=06)

==================== End Of Log ============================AdwCleaner Logfile:
--- --- ---
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 8.1 Pro x64
Ran by Brockhoff on 15.03.2015 at 12:06:17,66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browserpluginhelper



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9"
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65DEE40A-3E93-4CAE-9F98-B8E06DCEE2BF}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] C:\Users\Brockhoff\AppData\Roaming\mozilla\firefox\profiles\8yymfhip.default-1408376383566\searchplugins\avira-safesearch.xml
Successfully deleted: [Folder] C:\Users\Brockhoff\AppData\Roaming\mozilla\firefox\profiles\8yymfhip.default-1408376383566\extensions\safesearch@avira.com
Successfully deleted: [Folder] C:\Users\Brockhoff\AppData\Roaming\mozilla\firefox\profiles\8yymfhip.default-1408376383566\extensions\toolbar@web.de
Successfully deleted the following from C:\Users\Brockhoff\AppData\Roaming\mozilla\firefox\profiles\8yymfhip.default-1408376383566\prefs.js

user_pref("avira.safe_search.installed", "[\"safesearch\"]");
user_pref("avira.safe_search.search_was_active", "false");
user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-
user_pref("extensions.bootstrappedAddons", "{\"safesearch@avira.com\":{\"version\":\"1.1.4\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Brockhoff\\\\AppData\\\\Roa
user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"14c1d1b15f432a-0419c77c52c20a-45574336-0-14c1d1b15f532a\"");
user_pref("extensions.safesearch.SAUTH_rndsnr", "\"9e0fa2623eb3b58b200fc4e68776848f2f5abfe1\"");
user_pref("extensions.safesearch.install", "1426417456637");
user_pref("extensions.xpiState", "{\"app-profile\":{\"nuance@pdf8\":{\"d\":\"C:\\\\Program Files (x86)\\\\Nuance\\\\PDF Professional 8\\\\FireFox\",\"e\":true,\"v\":\"8\",\"st



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\chgdeabpmphfhkoemjjglmilajldekbp



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.03.2015 at 12:10:48,54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 15.03.2015
Suchlauf-Zeit: 11:42:21
Logdatei: mbam-log.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.03.15.02
Rootkit Datenbank: v2015.02.25.01
Lizenz: Premium
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Aktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Brockhoff

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 438196
Verstrichene Zeit: 20 Min, 8 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)



[/CODE]

Servus,


hast du die folgenden Programme bewusst/absichtlich installiert?
Advanced Driver Updater
System Mechanic (Iolo)

Bitte beide über die Systemsteuerung deinstallieren und den Rechner neu starten!





Anschließend FRST neu ausführen und beide Logdateien davon posten:

• Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
• FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
• Poste mir beide Logdateien mit deiner nächsten Antwort.

Hallo Trojaner-Board,
hatte die beiden Programme (Advanced Driver Updater,System Mechani(Iolo))
installiert,aber vor längerem (dachte ich)deinstalliert. Kann sie nicht auf dem Desktop finden noch unter Systemsteuerung--- Programme.
paule11

Servus,


ok, FRST trotzdem bitte wie beschrieben ausführen.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

• Starte nun FRST erneut und klicke den Entfernen Button.
• Das Tool erstellt eine Fixlog.txt.
• Poste mir deren Inhalt.

Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)

• Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
• Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
  
  
  

  Code:

  ---

  :filefind
*System Mechanic*
*Advanced Driver Updater*

:folderfind
*System Mechanic*
*Advanced Driver Updater*

:regfind
System Mechanic
Advanced Driver Updater

  ---

• Klicke nun auf den Button Look, um den Scan zu starten.
• Der Suchlauf kann einige Zeit dauern.
• Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
• Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.

Schritt 3

• Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
• FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
• Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

• die Logdatei des FRST-Fix,
• die Logdatei von SystemLook,
• die beiden neuen Logdateien von FRST.

Hallo Trojaner-Board,
ich bin vom 20.03.2015 -28.03.2015 einschl. nicht am PC.
Also erst wieder am 29.03.
Ich hoffe , das Ihr mir dann weiter helfen werdet das Problem auszuschalten.
Danke
paule11

Danke für die Info.

Kein Problem, dann bis zum 29.03. :)

Bis dann.

Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!