Mindspark Toolbar Platform Plugin Stub for 32-bit Windows bei Add-ons-Manager gefunden

tombea · 14.09.2014, 16:43

Hallo liebe Helfer,

seit geraumer Zeit ist mir aufgefallen, das der Firefox bei jedem Aufruf einer Seite ewig braucht. Im Internet habe ich dann gelesen, das manche Plugins daran vielleicht schuld sein können. Darauf habe ich mir die Add-ons angeschaut und eine gewisse "MindSpark Toolbar Platform Plugin Stub" gefunden.

Dann versucht mich wiederum im Internet schlau zu machen und dann bei Euch einen ähnlichen Fall gefunden. Traue mich nicht das ohne Anleitung zu entfernen, da ich nicht weis was schon im Hintergrund nach installation dieser Software alles gelaufen ist.

Ist diese Datei verdächtig? ich konnte hierzu keine klare Antwort finden.

Bitte könnt Ihr mir helfen da reinezumachen? Was kann ich machen um die loszuwerden?

Ich hab nach Anweisung die Logs erstellt. Ich hoffe ich habe alles richtig gemacht...

mfg

tombea

cosinus · 14.09.2014, 16:58

Hi und

Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

tombea · 14.09.2014, 18:25

Guten Tag Cosinus,

entschuldige bitte für die Anhänge! Hatte zuerst die Logfiles so wie Du beschrieben hast eingefügt, kam aber beim versenden der Hinweis "zu viele Zeichen". Soll ich die Logfiles einzeln versenden, oder kannst Du mir bitte sagen, welche ich zuerst einfügen soll?

Vielen Dank für Deine schnelle Antwort, bin erstaunt wie schnell hier einer antwortet. Bin leider kein so erfahrener Forumbesucher, deshalb bin ich für jede Hilfe dankbar.

mfg

tombea

Hallo Cosinus,

hier die Logfiles:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:52 on 14/09/2014 (thomas)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by thomas (administrator) on THOMAS-PC on 14-09-2014 15:56:00
Running from C:\Users\thomas\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
() K:\AAVUpdateManager\aavus.exe
() K:\Allwaysync\Allway Sync\Bin\SyncService.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
( ) C:\Program Files (x86)\RadioRage_4j\bar\1.bin\AppIntegrator64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(COMPANYVERS_NAME) C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbarsvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Mozilla Corporation) K:\Firefox\firefox.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\obkagent.exe
(Nenad Hrg (SoftwareOK.com)) K:\Q-Dir\Q-Dir\Q-Dir.exe
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1743088 2014-05-27] (Bitdefender)
HKLM\...\Run: [RadioRage Home Page Guard 64 bit] => C:\Program Files (x86)\RadioRage_4j\bar\1.bin\AppIntegrator64.exe [485960 2014-05-19] ( )
HKLM-x32\...\Run: [RadioRage Search Scope Monitor] => C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jSrchMn.exe [55368 2014-05-19] (Mindspark)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-05-27] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-05-27] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614744 2014-05-27] (Bitdefender)
HKU\S-1-5-21-492986851-1937855972-3072915796-1000\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-05-27] (Bitdefender)
HKU\S-1-5-21-492986851-1937855972-3072915796-1000\...\Run: [Bitdefender-Geldbörse] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-05-27] (Bitdefender)
HKU\S-1-5-21-492986851-1937855972-3072915796-1000\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614744 2014-05-27] (Bitdefender)
HKU\S-1-5-21-492986851-1937855972-3072915796-1000\...\Run: [Plextool] => K:\\Plextool.exe [13843456 2013-11-07] ()
HKU\S-1-5-21-492986851-1937855972-3072915796-1000\...\Policies\Explorer: [DisallowRun] 1
ShellIconOverlayIdentifiers: __SafeBox1 -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox2 -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox3 -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox4 -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default
FF SearchEngineOrder.1: Ask Search
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> K:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @canon.com/EPPEX -> K:\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @RadioRage_4j.com/Plugin -> C:\Program Files (x86)\RadioRage_4j\bar\1.bin\NP4jStub.dll (Mindspark)
FF user.js: detected! => C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\user.js
FF SearchPlugin: C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\searchplugins\3-maps.xml
FF SearchPlugin: C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\searchplugins\album-cover-artorg.xml
FF SearchPlugin: C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\searchplugins\last-fm-search-music.xml
FF SearchPlugin: C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\searchplugins\privatelee-https.xml
FF SearchPlugin: C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\searchplugins\youtube.xml
FF Extension: RadioRage - C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\Extensions\4jffxtbr@RadioRage_4j.com [2014-09-13]
FF Extension: Amazon-Icon - C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\Extensions\amazon-icon@giga.de [2014-08-18]
FF Extension: SparPilot - Gutscheine &amp; mehr... - C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\Extensions\sparpilot@sparpilot.com [2014-08-18]
FF Extension: No Name - C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\Extensions\staged [2014-08-18]
FF Extension: WOT - C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-04-18]
FF Extension: Google Docs Viewer - C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\Extensions\adonis.cuhk@gmail.com.xpi [2014-04-18]
FF Extension: Grooveshark Unlocker - C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\Extensions\groovesharkUnlocker@overlord1337.xpi [2014-05-19]
FF Extension: S3.Google Translator - C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\Extensions\s3google@translator.xpi [2014-04-18]
FF Extension: Tiny JavaScript Debugger - C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\Extensions\tinyjsdebugger@enigmail.net.xpi [2014-05-21]
FF Extension: ProxTube - C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2014-07-30]
FF Extension: UnityUpdaterFree - C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\Extensions\{31576769-3e47-487b-bb26-348d48e156a7}.xpi [2014-08-23]
FF Extension: NoScript - C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-18]
FF Extension: Gutscheinaffe - C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\Extensions\{9220f99f-5b7d-4a4d-97ca-209991796400}.xpi [2014-04-18]
FF Extension: {beac0afb-3d7d-416d-8fab-564da0f7cf9b} - C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\Extensions\{beac0afb-3d7d-416d-8fab-564da0f7cf9b}.xpi [2014-08-19]
FF Extension: Fasterfox - C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2014-05-19]
FF Extension: Adblock Plus - C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-19]
FF Extension: QuickJava - C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2014-05-19]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-04-18]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-04-18]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-04-21]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF StartMenuInternet: FIREFOX.EXE - K:\Firefox\firefox.exe

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-04-18]
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\thomas\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-08-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; K:\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2013-11-21] (Bitdefender)
R2 BotkindSyncService; K:\Allwaysync\Allway Sync\Bin\SyncService.exe [262144 2012-11-19] () [File not signed]
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [511920 2011-07-22] (REINER SCT)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 RadioRage_4jService; C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbarsvc.exe [88648 2014-05-19] (COMPANYVERS_NAME)
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2013-10-07] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1526800 2014-05-27] (Bitdefender)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-02-15] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-02-15] (SlySoft, Inc.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2013-12-02] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2013-12-02] (BitDefender)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2014-05-27] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2012-12-21] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14920 2012-12-21] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2012-12-21] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2012-12-21] () [File not signed]
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-06-27] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-06-27] (RapidSolution Software AG)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-13] (Anchorfree Inc.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-08-07] (BitDefender S.R.L.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 15:56 - 2014-09-14 15:56 - 00018376 _____ () C:\Users\thomas\Downloads\FRST.txt
2014-09-14 15:55 - 2014-09-14 15:56 - 00000000 ____D () C:\FRST
2014-09-14 15:53 - 2014-09-14 15:53 - 02105856 _____ (Farbar) C:\Users\thomas\Downloads\FRST64.exe
2014-09-14 15:50 - 2014-09-14 15:52 - 00000474 _____ () C:\Users\thomas\Downloads\defogger_disable.log
2014-09-14 15:50 - 2014-09-14 15:50 - 00000000 _____ () C:\Users\thomas\defogger_reenable
2014-09-14 15:44 - 2014-09-14 15:44 - 00050477 _____ () C:\Users\thomas\Downloads\Defogger.exe
2014-09-10 06:23 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 06:23 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 06:23 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 06:23 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 06:23 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 06:23 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 06:23 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 06:23 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 06:23 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 06:23 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 06:23 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 06:23 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 06:23 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 06:23 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 06:23 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 06:23 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 06:23 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 06:23 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 06:23 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 06:23 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 06:23 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 06:23 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 06:23 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 06:23 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 06:23 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 06:23 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 06:23 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 06:23 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 06:23 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 06:23 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 06:23 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 06:23 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 06:23 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 06:23 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 06:23 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 06:23 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 06:23 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 06:23 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 06:23 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 06:23 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 06:23 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 06:23 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 06:23 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 06:23 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 06:23 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 06:23 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 06:23 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 06:23 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 06:23 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 06:23 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 06:23 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 06:23 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 06:23 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 06:23 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 06:23 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 06:23 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 06:17 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 06:17 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 05:53 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 05:53 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 05:53 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 05:53 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 05:53 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 05:53 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 05:53 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 05:53 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 05:53 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-02 12:55 - 2014-09-02 12:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy
2014-09-02 12:55 - 2014-09-02 12:55 - 00000000 ____D () C:\Program Files (x86)\simfy
2014-09-01 14:24 - 2014-09-10 20:16 - 152014848 _____ () C:\Users\thomas\Documents\Klärfälle.accdb
2014-09-01 14:20 - 2014-09-01 14:23 - 01835008 _____ () C:\Users\thomas\Documents\Probleme-Webdatenbank.accdb
2014-08-30 10:50 - 2014-08-30 10:50 - 00000000 ____D () C:\Users\thomas\AppData\Local\Adobe
2014-08-29 13:08 - 2014-08-29 13:08 - 00000000 ____D () C:\Users\thomas\AppData\Local\ALF_AG
2014-08-29 09:35 - 2014-08-29 09:35 - 00000617 _____ () C:\Users\thomas\Desktop\Free PDF to Word Doc Converter.lnk
2014-08-29 09:35 - 2014-08-29 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free PDF to Word Doc Converter
2014-08-28 12:02 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 12:02 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 12:02 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 16:08 - 2014-08-26 16:08 - 00000000 ____D () C:\Users\thomas\AppData\Local\Collectorz.com
2014-08-26 16:07 - 2014-09-13 16:11 - 00000000 ____D () C:\Users\thomas\Documents\Music Collector
2014-08-26 16:07 - 2014-08-26 16:07 - 00000618 _____ () C:\Users\Public\Desktop\Music Collector.lnk
2014-08-26 16:07 - 2014-08-26 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Collectorz.com
2014-08-25 17:15 - 2014-08-25 17:15 - 00000084 _____ () C:\Windows\winamp.ini
2014-08-25 15:44 - 2014-08-25 15:44 - 00000587 _____ () C:\Users\thomas\Desktop\Plattenkiste.lnk
2014-08-25 15:38 - 2014-08-25 15:38 - 00992864 _____ (Microsoft Corporation) C:\Users\thomas\Downloads\Msvbvm50.exe
2014-08-25 15:17 - 2014-08-25 15:24 - 01335296 _____ () C:\Users\thomas\Documents\Rock,Blues und Jazz.accdb
2014-08-23 11:42 - 2014-08-23 13:54 - 00000000 ____D () C:\Users\thomas\Documents\KOMPASS Digital Map
2014-08-22 17:24 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-22 17:24 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-22 17:24 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-22 17:24 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-22 17:24 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-22 17:24 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-22 17:24 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-22 17:24 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-22 17:24 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-22 17:24 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-22 17:24 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-22 17:24 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-22 17:24 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-22 17:24 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-20 19:37 - 2010-11-21 05:23 - 00383786 __RSH () C:\bootmgr
2014-08-18 20:28 - 2014-08-18 20:28 - 00000000 ____D () C:\Users\thomas\ChromeExtensions
2014-08-18 20:28 - 2014-08-18 20:28 - 00000000 ____D () C:\Users\thomas\AppData\Local\Temp919d2d412e8511750599e7d3e457f0ba
2014-08-18 20:28 - 2014-08-18 20:28 - 00000000 ____D () C:\Users\thomas\AppData\Local\Temp7274b194ef104b14b019f2c6dcc20011
2014-08-18 20:26 - 2014-08-18 20:26 - 00000000 ____D () C:\Users\thomas\AppData\Local\Tempa72f33d3f232f4b75a2c957085674754
2014-08-18 20:09 - 2014-08-18 20:15 - 00000000 ____D () C:\ProgramData\BBox
2014-08-16 14:50 - 2014-08-16 14:50 - 00000941 _____ () C:\Users\thomas\Desktop\CDLabelPrint.exe - Verknüpfung.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 15:56 - 2014-09-14 15:56 - 00018376 _____ () C:\Users\thomas\Downloads\FRST.txt
2014-09-14 15:56 - 2014-09-14 15:55 - 00000000 ____D () C:\FRST
2014-09-14 15:53 - 2014-09-14 15:53 - 02105856 _____ (Farbar) C:\Users\thomas\Downloads\FRST64.exe
2014-09-14 15:53 - 2014-04-15 20:07 - 01247440 _____ () C:\Windows\WindowsUpdate.log
2014-09-14 15:52 - 2014-09-14 15:50 - 00000474 _____ () C:\Users\thomas\Downloads\defogger_disable.log
2014-09-14 15:50 - 2014-09-14 15:50 - 00000000 _____ () C:\Users\thomas\defogger_reenable
2014-09-14 15:50 - 2014-04-15 20:07 - 00000000 ____D () C:\Users\thomas
2014-09-14 15:49 - 2014-04-18 14:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-14 15:44 - 2014-09-14 15:44 - 00050477 _____ () C:\Users\thomas\Downloads\Defogger.exe
2014-09-14 15:04 - 2009-07-14 06:51 - 00044241 _____ () C:\Windows\setupact.log
2014-09-14 14:19 - 2014-05-25 09:35 - 00000000 ____D () C:\Users\thomas\AppData\Roaming\Nitro PDF
2014-09-14 09:11 - 2014-08-08 22:03 - 00000407 _____ () C:\Windows\system32\checkdnsid.xml
2014-09-14 08:59 - 2009-07-14 06:45 - 00032368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-14 08:59 - 2009-07-14 06:45 - 00032368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-14 08:56 - 2011-04-12 09:43 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-09-14 08:56 - 2011-04-12 09:43 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-09-14 08:56 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-14 08:51 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-13 16:11 - 2014-08-26 16:07 - 00000000 ____D () C:\Users\thomas\Documents\Music Collector
2014-09-13 15:31 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-09-13 12:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-11 06:17 - 2014-04-18 14:42 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-11 06:17 - 2014-04-18 14:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-11 06:17 - 2014-04-18 14:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 20:16 - 2014-09-01 14:24 - 152014848 _____ () C:\Users\thomas\Documents\Klärfälle.accdb
2014-09-10 19:50 - 2014-04-16 19:33 - 00000000 ____D () C:\Users\thomas\AppData\Local\Microsoft Help
2014-09-10 06:23 - 2014-04-16 19:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 06:22 - 2014-04-18 17:20 - 01591896 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 06:22 - 2014-04-18 15:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 06:17 - 2014-04-18 15:15 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-05 15:07 - 2014-04-16 19:40 - 00000000 ____D () C:\Users\thomas\AppData\Roaming\Mp3tag
2014-09-03 18:32 - 2014-04-21 11:10 - 00000000 ____D () C:\Users\thomas\AppData\Roaming\vlc
2014-09-02 12:55 - 2014-09-02 12:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy
2014-09-02 12:55 - 2014-09-02 12:55 - 00000000 ____D () C:\Program Files (x86)\simfy
2014-09-01 14:23 - 2014-09-01 14:20 - 01835008 _____ () C:\Users\thomas\Documents\Probleme-Webdatenbank.accdb
2014-08-30 10:50 - 2014-08-30 10:50 - 00000000 ____D () C:\Users\thomas\AppData\Local\Adobe
2014-08-29 13:08 - 2014-08-29 13:08 - 00000000 ____D () C:\Users\thomas\AppData\Local\ALF_AG
2014-08-29 09:35 - 2014-08-29 09:35 - 00000617 _____ () C:\Users\thomas\Desktop\Free PDF to Word Doc Converter.lnk
2014-08-29 09:35 - 2014-08-29 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free PDF to Word Doc Converter
2014-08-29 08:48 - 2009-07-14 06:45 - 00409376 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 16:43 - 2014-04-16 17:43 - 00000000 ____D () C:\Users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2014-08-27 16:43 - 2014-04-16 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2014-08-27 16:43 - 2014-04-16 17:43 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU
2014-08-27 16:23 - 2014-04-18 19:17 - 00000000 ____D () C:\Users\thomas\AppData\Roaming\AVS4YOU
2014-08-26 16:08 - 2014-08-26 16:08 - 00000000 ____D () C:\Users\thomas\AppData\Local\Collectorz.com
2014-08-26 16:07 - 2014-08-26 16:07 - 00000618 _____ () C:\Users\Public\Desktop\Music Collector.lnk
2014-08-26 16:07 - 2014-08-26 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Collectorz.com
2014-08-25 17:15 - 2014-08-25 17:15 - 00000084 _____ () C:\Windows\winamp.ini
2014-08-25 15:44 - 2014-08-25 15:44 - 00000587 _____ () C:\Users\thomas\Desktop\Plattenkiste.lnk
2014-08-25 15:38 - 2014-08-25 15:38 - 00992864 _____ (Microsoft Corporation) C:\Users\thomas\Downloads\Msvbvm50.exe
2014-08-25 15:24 - 2014-08-25 15:17 - 01335296 _____ () C:\Users\thomas\Documents\Rock,Blues und Jazz.accdb
2014-08-23 13:54 - 2014-08-23 11:42 - 00000000 ____D () C:\Users\thomas\Documents\KOMPASS Digital Map
2014-08-23 04:07 - 2014-08-28 12:02 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 12:02 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 12:02 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 20:05 - 2014-09-10 06:23 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 19:39 - 2014-09-10 06:23 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 01:01 - 2014-09-10 06:23 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-10 06:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-10 06:23 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-10 06:23 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-10 06:23 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-10 06:23 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-10 06:23 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-10 06:23 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-10 06:23 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-10 06:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-10 06:23 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 00:08 - 2014-09-10 06:23 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-10 06:23 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 00:05 - 2014-09-10 06:23 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-10 06:23 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-10 06:23 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-10 06:23 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:57 - 2014-09-10 06:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 23:56 - 2014-09-10 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:51 - 2014-09-10 06:23 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:46 - 2014-09-10 06:23 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 23:45 - 2014-09-10 06:23 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:45 - 2014-09-10 06:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 23:44 - 2014-09-10 06:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-10 06:23 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-10 06:23 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 23:40 - 2014-09-10 06:23 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:39 - 2014-09-10 06:23 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:39 - 2014-09-10 06:23 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 23:39 - 2014-09-10 06:23 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 23:38 - 2014-09-10 06:23 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:37 - 2014-09-10 06:23 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 23:36 - 2014-09-10 06:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 23:35 - 2014-09-10 06:23 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 23:27 - 2014-09-10 06:23 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 23:25 - 2014-09-10 06:23 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:25 - 2014-09-10 06:23 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:23 - 2014-09-10 06:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:23 - 2014-09-10 06:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 23:22 - 2014-09-10 06:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-10 06:23 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 23:17 - 2014-09-10 06:23 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 23:17 - 2014-09-10 06:23 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 23:16 - 2014-09-10 06:23 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:15 - 2014-09-10 06:23 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 23:15 - 2014-09-10 06:23 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 23:09 - 2014-09-10 06:23 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 23:08 - 2014-09-10 06:23 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 23:07 - 2014-09-10 06:23 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 22:55 - 2014-09-10 06:23 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:46 - 2014-09-10 06:23 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 22:38 - 2014-09-10 06:23 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 22:38 - 2014-09-10 06:23 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 22:36 - 2014-09-10 06:23 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-18 20:28 - 2014-08-18 20:28 - 00000000 ____D () C:\Users\thomas\ChromeExtensions
2014-08-18 20:28 - 2014-08-18 20:28 - 00000000 ____D () C:\Users\thomas\AppData\Local\Temp919d2d412e8511750599e7d3e457f0ba
2014-08-18 20:28 - 2014-08-18 20:28 - 00000000 ____D () C:\Users\thomas\AppData\Local\Temp7274b194ef104b14b019f2c6dcc20011
2014-08-18 20:26 - 2014-08-18 20:26 - 00000000 ____D () C:\Users\thomas\AppData\Local\Tempa72f33d3f232f4b75a2c957085674754
2014-08-18 20:15 - 2014-08-18 20:09 - 00000000 ____D () C:\ProgramData\BBox
2014-08-18 20:15 - 2014-04-15 20:07 - 00000000 ____D () C:\Users\thomas\AppData\Local\VirtualStore
2014-08-16 14:50 - 2014-08-16 14:50 - 00000941 _____ () C:\Users\thomas\Desktop\CDLabelPrint.exe - Verknüpfung.lnk
2014-08-16 14:40 - 2014-05-25 09:16 - 00000667 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk
2014-08-16 14:40 - 2014-05-25 09:16 - 00000605 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2014-08-15 09:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

Some content of TEMP:
====================
C:\Users\thomas\AppData\Local\Temp\abelssoft.setup.exe
C:\Users\thomas\AppData\Local\Temp\amazonicon_v8.exe
C:\Users\thomas\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\thomas\AppData\Local\Temp\FoxySecurity_6.2_GIGA_FF_IE_Setup.exe
C:\Users\thomas\AppData\Local\Temp\LMkRstPt.exe
C:\Users\thomas\AppData\Local\Temp\nitro_reader3_x64.exe
C:\Users\thomas\AppData\Local\Temp\nseBDF6.exe
C:\Users\thomas\AppData\Local\Temp\nslB5AB.exe
C:\Users\thomas\AppData\Local\Temp\nsu1AC.exe
C:\Users\thomas\AppData\Local\Temp\pdf2wordsetup.exe
C:\Users\thomas\AppData\Local\Temp\sdanircmdc.exe
C:\Users\thomas\AppData\Local\Temp\sdapskill.exe
C:\Users\thomas\AppData\Local\Temp\sdaspwn.exe
C:\Users\thomas\AppData\Local\Temp\SPSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-09 19:26

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by thomas at 2014-09-14 15:56:27
Running from C:\Users\thomas\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.25 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0925-000001000000}) (Version: 9.25.00.0 - Igor Pavlov)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.178 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
AllDup 3.4.13 (HKLM-x32\...\AllDup_is1) (Version: 3.4.13 - Michael Thummerer Software Design)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.4.5.0 - SlySoft)
Audials (HKLM-x32\...\{2F27EAE9-0245-444A-8698-9832AFC3F1F8}) (Version: 10.2.27600.0 - Audials AG)
Audiograbber MP3-Plugin (64 bit) (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)
AVS Audio Converter 7.2 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 7.2.2.529 - Online Media Technologies Ltd.)
AVS Audio Editor 7.2 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 7.2.2.488 - Online Media Technologies Ltd.)
AVS Disc Creator 5.2 (HKLM-x32\...\AVS Disc Creator_is1) (Version: 5.2.1.529 - Online Media Technologies Ltd.)
AVS Media Player 4.2.2.104 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.2.2.104 - Online Media Technologies Ltd.)
AVS Screen Capture version 2.0.2 (HKLM-x32\...\AVS Screen Capture_is1) (Version:  - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 8.5 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.5.1.551 - Online Media Technologies Ltd.)
AVS Video Recorder 2.6 (HKLM-x32\...\AVS Video Recorder_is1) (Version: 2.6.1.94 - Online Media Technologies Ltd.)
AVS Video ReMaker 4.3.1.161 (HKLM-x32\...\AVS Video ReMaker_is1) (Version: 4.3.1.161 - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 17.27.0.1146 - Bitdefender)
Canon CanoScan Toolbox 5.0 (HKLM-x32\...\CanoScan Toolbox 5.0) (Version:  - )
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version:  - Canon Inc.)
CanoScan LiDE 600F (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802) (Version:  - )
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5000 - CDBurnerXP)
CheckDrive (HKLM-x32\...\{B83513EC-2E4D-4621-816D-4CCF397BE702}_is1) (Version: 4.4 - Abelssoft)
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.9.13 - REINER SCT)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Excel VBA Code Cleaner 4.4 (HKLM-x32\...\Excel VBA Code Cleaner 4.4) (Version:  - )
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Magic MP3 Tagger 2.2.6 (HKLM-x32\...\uniquemagicmp3taggerappid_is1) (Version:  - Mathias Kunter)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKCU\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
Mp3tag v2.55 (HKLM-x32\...\Mp3tag) (Version: v2.55 - Florian Heidenreich)
Music Collector (HKLM-x32\...\{8CDFF5D2-89BF-4391-9D20-7D95C88DC98C}_is1) (Version:  - Collectorz.com)
Nitro Reader 3 (HKLM\...\{47220B83-D895-4262-9227-E5D8FA7F7384}) (Version: 3.5.2.10 - Nitro)
Plextool (HKLM-x32\...\Plextool1.1.1) (Version: 1.1.1 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
simfy (HKLM-x32\...\Simfy) (Version: 1.7.7 - simfy AG)
simfy (x32 Version: 1.7.7 - simfy AG) Hidden
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.11.90 - Akademische Arbeitsgemeinschaft)
Synchredible (HKLM-x32\...\Synchredible_is1) (Version: 4.1.0.1 - ASCOMP Software GmbH)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

02-09-2014 07:09:09 Windows Update
06-09-2014 07:27:19 Windows Update
10-09-2014 03:49:40 Windows Update
10-09-2014 04:16:46 Windows Update
13-09-2014 08:32:28 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {552D6691-2C89-4529-8129-F06658D0C4A8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-04-18 18:09 - 2013-06-19 11:45 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2014-04-18 18:09 - 2014-03-27 19:18 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui
2014-04-18 18:09 - 2011-11-14 19:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll
2014-04-18 18:09 - 2014-03-27 19:18 - 00005120 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui
2014-07-25 19:25 - 2014-07-25 19:25 - 00780592 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_007\ashttpbr.mdl
2014-07-25 19:25 - 2014-07-25 19:25 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_007\ashttpdsp.mdl
2014-07-25 19:25 - 2014-07-25 19:25 - 02602680 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_007\ashttpph.mdl
2014-07-25 19:25 - 2014-07-25 19:25 - 01323408 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_007\ashttprbl.mdl
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () K:\AAVUpdateManager\aavus.exe
2013-01-01 19:06 - 2012-11-19 12:51 - 00262144 _____ () K:\Allwaysync\Allway Sync\Bin\SyncService.exe
2014-04-18 18:09 - 2013-03-25 15:16 - 01117920 _____ () C:\Program Files\Bitdefender\Bitdefender SafeBox\System.Data.SQLite.dll
2014-04-16 19:43 - 2007-05-31 08:38 - 00167936 ____N () C:\Windows\SysWOW64\SerialXP.dll
2014-04-18 18:09 - 2014-03-15 00:05 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\antispam32\txmlutil.dll
2014-07-23 19:52 - 2014-07-23 19:52 - 03800688 _____ () K:\Firefox\mozjs.dll
2014-04-18 18:09 - 2014-03-15 00:10 - 00035896 _____ () C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\components\ffpwdman.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\thomas\Downloads\avm_fritz!wlan_usb_stick_x64_build_100906.exe:BDU
AlternateDataStreams: C:\Users\thomas\Downloads\Defogger.exe:BDU
AlternateDataStreams: C:\Users\thomas\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\thomas\Downloads\Msvbvm50.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk => C:\Windows\pss\Logitech . Produktregistrierung.lnk.Startup
MSCONFIG\startupreg: AnyDVD => K:\AnyDVD\AnyDVDtray.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: EaseUS EPM tray => K:\Easus Partitionsmanager\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: pdiface => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe -noshow

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/14/2014 11:39:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WlanNetService.exe, Version: 1.1.0.26, Zeitstempel: 0x4cbea834
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003332f
ID des fehlerhaften Prozesses: 0x4dc
Startzeit der fehlerhaften Anwendung: 0xWlanNetService.exe0
Pfad der fehlerhaften Anwendung: WlanNetService.exe1
Pfad des fehlerhaften Moduls: WlanNetService.exe2
Berichtskennung: WlanNetService.exe3

Error: (09/14/2014 10:45:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm OBK.exe, Version 17.28.0.1182 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 67c

Startzeit: 01cfcff83f8b5e7e

Endzeit: 10

Anwendungspfad: C:\Program Files\Bitdefender\Bitdefender\Antispam32\OBK.exe

Berichts-ID: 83daada8-3beb-11e4-92bd-90e6ba3ebf32

Error: (09/14/2014 08:53:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2014 03:02:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2014 10:28:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/11/2014 06:18:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2014 07:24:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2014 05:46:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2014 07:10:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/07/2014 04:28:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/14/2014 01:35:03 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.

Error: (09/14/2014 11:39:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AVM WLAN Connection Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/13/2014 03:40:43 PM) (Source: cdrom) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error: (09/07/2014 04:27:29 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004

Error: (09/07/2014 04:27:29 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004

Error: (09/07/2014 04:27:29 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004

Error: (09/07/2014 04:27:29 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004

Error: (09/07/2014 04:27:29 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004

Error: (09/07/2014 04:27:29 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004

Error: (09/05/2014 02:52:33 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.


Microsoft Office Sessions:
=========================
Error: (09/14/2014 11:39:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: WlanNetService.exe1.1.0.264cbea834ntdll.dll6.1.7601.18247521ea8e7c00000050003332f4dc01cfcfe85b96d857C:\Program Files (x86)\avmwlanstick\WlanNetService.exeC:\Windows\SysWOW64\ntdll.dllffe4c039-3bf2-11e4-92bd-90e6ba3ebf32

Error: (09/14/2014 10:45:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OBK.exe17.28.0.118267c01cfcff83f8b5e7e10C:\Program Files\Bitdefender\Bitdefender\Antispam32\OBK.exe83daada8-3beb-11e4-92bd-90e6ba3ebf32

Error: (09/14/2014 08:53:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2014 03:02:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2014 10:28:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/11/2014 06:18:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2014 07:24:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2014 05:46:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2014 07:10:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/07/2014 04:28:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 74%
Total physical RAM: 2047.04 MB
Available physical RAM: 530.21 MB
Total Pagefile: 5247.04 MB
Available Pagefile: 3584.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.24 GB) (Free:86.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Sicherung Daten) (Fixed) (Total:186.31 GB) (Free:27.66 GB) NTFS
Drive e: (Daten) (Fixed) (Total:298.08 GB) (Free:10.05 GB) NTFS
Drive f: () (Removable) (Total:14.98 GB) (Free:6.42 GB) FAT32
Drive i: (Musik und Filme) (Fixed) (Total:309.41 GB) (Free:140.62 GB) NTFS
Drive k: (Programme) (Fixed) (Total:97.66 GB) (Free:84.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive m: (NEUER DATEN) (Removable) (Total:1.88 GB) (Free:1.75 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0004050A)
Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=309.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 65F5B427)
Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 186.3 GB) (Disk ID: 00068C22)
Partition 1: (Not Active) - (Size=186.3 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 298.1 GB) (Disk ID: CC6FE80A)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=OF Extended)

========================================================
Disk: 4 (Size: 1.9 GB) (Disk ID: 00041889)
Partition 1: (Not Active) - (Size=1.9 GB) - (Type=0B)

========================================================
Disk: 6 (Size: 15 GB) (Disk ID: 6E652072)
No partition Table on disk 6.

==================== End Of Log ============================

cosinus · 14.09.2014, 22:28

Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

tombea · 15.09.2014, 19:26

Guten Abend Cosinus,

vielen Dank für Deine Hilfe!
Habe die 3 Schritte durchgeführt und die Log´s erstellt.

Code:

ATTFilter

# AdwCleaner v3.310 - Bericht erstellt am 15/09/2014 um 19:36:26
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : thomas - THOMAS-PC
# Gestartet von : C:\Users\thomas\Downloads\AdwCleaner_3.310.exe
# Option : Suchen

***** [ Dienste ] *****

Dienst Gefunden : RadioRage_4jService

***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\foxydeal.sqlite
Datei Gefunden : C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\invalidprefs.js
Datei Gefunden : C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\searchplugins\11-suche.xml
Datei Gefunden : C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\searchplugins\ask-search.xml
Datei Gefunden : C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\user.js
Ordner Gefunden : C:\Program Files (x86)\RadioRage_4j
Ordner Gefunden : C:\Users\thomas\AppData\Local\Temp\hotspot shield
Ordner Gefunden : C:\Users\thomas\AppData\Local\Temp\OCS
Ordner Gefunden : C:\Users\thomas\AppData\Local\Temp\Security Systems
Ordner Gefunden : C:\Users\thomas\AppData\Local\Temp\webget
Ordner Gefunden : C:\Users\thomas\AppData\LocalLow\RadioRage_4j
Ordner Gefunden : C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\Extensions\4jffxtbr@RadioRage_4j.com

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\anchorfree
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\RadioRage_4j
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\RadioRage_4j
Schlüssel Gefunden : [x64] HKCU\Software\anchorfree
Schlüssel Gefunden : [x64] HKCU\Software\InstallCore
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\RadioRage_4j
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00A2B7C6-7487-4B99-9F6C-1FDF57FE130B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{11D4B723-18CA-48C6-BA13-965488F19A70}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{53855564-CF81-410C-9C1C-321C7E067816}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{581C7D7D-F809-4E03-A631-74C069D5F04A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{60B34F47-3FDD-46F8-AB6C-AAABEA55C3D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{68122F44-3A4A-4EDB-B28F-0C0E07F89BD0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{78BA36C9-6036-482B-B48D-ECCA6F964B84}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{9638B7D6-11F5-4406-B387-327642A11FFB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CD4D7B0F-45C6-4bb2-A1E7-54D1754E7FC5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D740AD89-BAF4-47D5-9B5E-343D30F07A7A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DFEB941C-8B58-4899-97C3-88FE394E1285}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E23760BE-23A3-4CEF-9304-66AF079F53DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E6AD866F-EA06-476A-8432-ED943683FAB1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{ECEF0D95-32FA-48D3-8A2D-D6453B5B7361}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F69FE1BE-09C3-460C-AC89-8CCD9D3DF1CC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F706E19B-6C14-4272-BA98-2F16636A898D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\RadioRage_4j.FeedManager
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\RadioRage_4j.FeedManager.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\RadioRage_4j.HTMLMenu
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\RadioRage_4j.HTMLMenu.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\RadioRage_4j.HTMLPanel
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\RadioRage_4j.HTMLPanel.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\RadioRage_4j.MultipleButton
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\RadioRage_4j.MultipleButton.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\RadioRage_4j.PseudoTransparentPlugin
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\RadioRage_4j.PseudoTransparentPlugin.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\RadioRage_4j.Radio
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\RadioRage_4j.Radio.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\RadioRage_4j.RadioSettings
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\RadioRage_4j.RadioSettings.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\RadioRage_4j.ScriptButton
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\RadioRage_4j.ScriptButton.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\RadioRage_4j.SettingsPlugin
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\RadioRage_4j.SettingsPlugin.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\RadioRage_4j.ThirdPartyInstaller
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\RadioRage_4j.ThirdPartyInstaller.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{0978C5FA-83C0-4118-A54F-99DACCEECB8C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{1ED65BE2-AE84-46CB-8EA6-1C2B86ADF768}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{1FDAD7F1-B87C-4E79-9150-DE235FF80B3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4A50E810-71EB-43A8-A665-19ED8CCD1630}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4DD9EB5D-8657-4856-A804-535841B09D73}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{569A9014-22E3-4F11-A243-CA4E3D95ADED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{597494DA-C59F-4EDF-B2D1-CE137E2DB9E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{5E5E0B49-1A81-4ACC-BD6B-FF5F4EFEF01A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{B872D222-3F52-4CD9-A4BE-9D69EE4F293D}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{53855564-CF81-410C-9C1C-321C7E067816}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{581C7D7D-F809-4E03-A631-74C069D5F04A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{60B34F47-3FDD-46F8-AB6C-AAABEA55C3D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{68122F44-3A4A-4EDB-B28F-0C0E07F89BD0}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9638B7D6-11F5-4406-B387-327642A11FFB}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F706E19B-6C14-4272-BA98-2F16636A898D}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RadioRage_4jbar Uninstall Firefox
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@RadioRage_4j.com/Plugin
Schlüssel Gefunden : HKLM\SOFTWARE\RadioRage_4j
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [radiorage search scope monitor]

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v

[ Datei : C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [8099 octets] - [15/09/2014 19:36:26]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8159 octets] ##########

Code:

ATTFilter

# AdwCleaner v3.310 - Bericht erstellt am 15/09/2014 um 19:40:17
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : thomas - THOMAS-PC
# Gestartet von : C:\Users\thomas\Downloads\AdwCleaner_3.310.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : RadioRage_4jService

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\RadioRage_4j
Ordner Gelöscht : C:\Users\thomas\AppData\Local\Temp\hotspot shield
Ordner Gelöscht : C:\Users\thomas\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\thomas\AppData\Local\Temp\Security Systems
Ordner Gelöscht : C:\Users\thomas\AppData\Local\Temp\webget
Ordner Gelöscht : C:\Users\thomas\AppData\LocalLow\RadioRage_4j
Ordner Gelöscht : C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\Extensions\4jffxtbr@RadioRage_4j.com
Datei Gelöscht : C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\invalidprefs.js
Datei Gelöscht : C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\searchplugins\ask-search.xml
Datei Gelöscht : C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\user.js

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.FeedManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.FeedManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.HTMLMenu
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.HTMLMenu.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.HTMLPanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.HTMLPanel.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.MultipleButton
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.MultipleButton.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.PseudoTransparentPlugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.PseudoTransparentPlugin.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.Radio
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.Radio.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.RadioSettings
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.RadioSettings.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.ScriptButton
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.ScriptButton.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.SettingsPlugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.SettingsPlugin.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.ThirdPartyInstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\RadioRage_4j.ThirdPartyInstaller.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [radiorage search scope monitor]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@RadioRage_4j.com/Plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00A2B7C6-7487-4B99-9F6C-1FDF57FE130B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11D4B723-18CA-48C6-BA13-965488F19A70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{53855564-CF81-410C-9C1C-321C7E067816}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{581C7D7D-F809-4E03-A631-74C069D5F04A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{60B34F47-3FDD-46F8-AB6C-AAABEA55C3D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{68122F44-3A4A-4EDB-B28F-0C0E07F89BD0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{78BA36C9-6036-482B-B48D-ECCA6F964B84}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9638B7D6-11F5-4406-B387-327642A11FFB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D740AD89-BAF4-47D5-9B5E-343D30F07A7A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DFEB941C-8B58-4899-97C3-88FE394E1285}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E23760BE-23A3-4CEF-9304-66AF079F53DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E6AD866F-EA06-476A-8432-ED943683FAB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ECEF0D95-32FA-48D3-8A2D-D6453B5B7361}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F69FE1BE-09C3-460C-AC89-8CCD9D3DF1CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F706E19B-6C14-4272-BA98-2F16636A898D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD4D7B0F-45C6-4bb2-A1E7-54D1754E7FC5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{0978C5FA-83C0-4118-A54F-99DACCEECB8C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1ED65BE2-AE84-46CB-8EA6-1C2B86ADF768}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1FDAD7F1-B87C-4E79-9150-DE235FF80B3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A50E810-71EB-43A8-A665-19ED8CCD1630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4DD9EB5D-8657-4856-A804-535841B09D73}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{569A9014-22E3-4F11-A243-CA4E3D95ADED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{597494DA-C59F-4EDF-B2D1-CE137E2DB9E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5E5E0B49-1A81-4ACC-BD6B-FF5F4EFEF01A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B872D222-3F52-4CD9-A4BE-9D69EE4F293D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{581C7D7D-F809-4E03-A631-74C069D5F04A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{60B34F47-3FDD-46F8-AB6C-AAABEA55C3D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{68122F44-3A4A-4EDB-B28F-0C0E07F89BD0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9638B7D6-11F5-4406-B387-327642A11FFB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F706E19B-6C14-4272-BA98-2F16636A898D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{53855564-CF81-410C-9C1C-321C7E067816}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
Schlüssel Gelöscht : HKCU\Software\anchorfree
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\RadioRage_4j
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\RadioRage_4j
Schlüssel Gelöscht : HKLM\SOFTWARE\RadioRage_4j
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RadioRage_4jbar Uninstall Firefox

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v

[ Datei : C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [8263 octets] - [15/09/2014 19:36:26]
AdwCleaner[S0].txt - [7968 octets] - [15/09/2014 19:40:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8028 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by thomas on 15.09.2014 at 19:57:30,68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-492986851-1937855972-3072915796-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.09.2014 at 20:05:40,33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by thomas (administrator) on THOMAS-PC on 15-09-2014 20:08:07
Running from C:\Users\thomas\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
() K:\AAVUpdateManager\aavus.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
() K:\Allwaysync\Allway Sync\Bin\SyncService.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1743088 2014-05-27] (Bitdefender)
HKLM\...\Run: [RadioRage Home Page Guard 64 bit] => "C:\PROGRA~2\RadioRage_4j\bar\1.bin\AppIntegrator64.exe"
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-05-27] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-05-27] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614744 2014-05-27] (Bitdefender)
HKU\S-1-5-21-492986851-1937855972-3072915796-1000\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-05-27] (Bitdefender)
HKU\S-1-5-21-492986851-1937855972-3072915796-1000\...\Run: [Bitdefender-Geldbörse] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-05-27] (Bitdefender)
HKU\S-1-5-21-492986851-1937855972-3072915796-1000\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614744 2014-05-27] (Bitdefender)
HKU\S-1-5-21-492986851-1937855972-3072915796-1000\...\Run: [Plextool] => K:\\Plextool.exe [13843456 2013-11-07] ()
HKU\S-1-5-21-492986851-1937855972-3072915796-1000\...\Policies\Explorer: [DisallowRun] 1
ShellIconOverlayIdentifiers: __SafeBox1 -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox2 -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox3 -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox4 -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default
FF SearchEngineOrder.1: Ask Search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> K:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @canon.com/EPPEX -> K:\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF SearchPlugin: C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\searchplugins\3-maps.xml
FF SearchPlugin: C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\searchplugins\album-cover-artorg.xml
FF SearchPlugin: C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\searchplugins\last-fm-search-music.xml
FF SearchPlugin: C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\searchplugins\privatelee-https.xml
FF SearchPlugin: C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\searchplugins\youtube.xml
FF Extension: Amazon-Icon - C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\Extensions\amazon-icon@giga.de [2014-08-18]
FF Extension: No Name - C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\Extensions\staged [2014-08-18]
FF Extension: WOT - C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-04-18]
FF Extension: Google Docs Viewer - C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\Extensions\adonis.cuhk@gmail.com.xpi [2014-04-18]
FF Extension: S3.Google Translator - C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\Extensions\s3google@translator.xpi [2014-04-18]
FF Extension: Tiny JavaScript Debugger - C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\Extensions\tinyjsdebugger@enigmail.net.xpi [2014-05-21]
FF Extension: UnityUpdaterFree - C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\Extensions\{31576769-3e47-487b-bb26-348d48e156a7}.xpi [2014-08-23]
FF Extension: NoScript - C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-18]
FF Extension: Gutscheinaffe - C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\Extensions\{9220f99f-5b7d-4a4d-97ca-209991796400}.xpi [2014-04-18]
FF Extension: {beac0afb-3d7d-416d-8fab-564da0f7cf9b} - C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\Extensions\{beac0afb-3d7d-416d-8fab-564da0f7cf9b}.xpi [2014-08-19]
FF Extension: Fasterfox - C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2014-05-19]
FF Extension: Adblock Plus - C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-19]
FF Extension: QuickJava - C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2014-05-19]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-04-18]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-04-18]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-04-21]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF StartMenuInternet: FIREFOX.EXE - K:\Firefox\firefox.exe

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-04-18]
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\thomas\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-08-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; K:\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2013-11-21] (Bitdefender)
R2 BotkindSyncService; K:\Allwaysync\Allway Sync\Bin\SyncService.exe [262144 2012-11-19] () [File not signed]
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [511920 2011-07-22] (REINER SCT)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2013-10-07] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1526800 2014-05-27] (Bitdefender)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-02-15] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-02-15] (SlySoft, Inc.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2013-12-02] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2013-12-02] (BitDefender)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2014-05-27] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2012-12-21] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14920 2012-12-21] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2012-12-21] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2012-12-21] () [File not signed]
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-06-27] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-06-27] (RapidSolution Software AG)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-13] (Anchorfree Inc.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-08-07] (BitDefender S.R.L.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 20:06 - 2014-09-15 20:06 - 00001485 _____ () C:\Users\thomas\Downloads\JRT.txt
2014-09-15 20:05 - 2014-09-15 20:05 - 00001485 _____ () C:\Users\thomas\Desktop\JRT.txt
2014-09-15 19:57 - 2014-09-15 19:57 - 00000000 ____D () C:\Windows\ERUNT
2014-09-15 19:56 - 2014-09-15 19:56 - 01016261 _____ (Thisisu) C:\Users\thomas\Downloads\JRT.exe
2014-09-15 19:35 - 2014-09-15 19:52 - 00000000 ____D () C:\AdwCleaner
2014-09-14 20:19 - 2014-09-14 20:19 - 291343460 ____N () C:\Windows\MEMORY.DMP
2014-09-14 20:19 - 2014-09-14 20:19 - 00614936 _____ () C:\Windows\Minidump\091414-18922-01.dmp
2014-09-14 20:19 - 2014-09-14 20:19 - 00000000 ____D () C:\Windows\Minidump
2014-09-14 17:48 - 2014-09-14 17:48 - 00602112 _____ (OldTimer Tools) C:\Users\thomas\Downloads\OTL.exe
2014-09-14 17:47 - 2014-09-14 17:47 - 01373475 _____ () C:\Users\thomas\Downloads\AdwCleaner_3.310.exe
2014-09-14 17:38 - 2014-09-14 17:38 - 00017654 _____ () C:\Users\thomas\Downloads\Gmer.zip
2014-09-14 17:38 - 2014-09-14 17:38 - 00008581 _____ () C:\Users\thomas\Downloads\FRST.zip
2014-09-14 17:38 - 2014-09-14 17:38 - 00007518 _____ () C:\Users\thomas\Downloads\Addition.zip
2014-09-14 16:29 - 2014-09-14 16:29 - 00314651 _____ () C:\Users\thomas\Downloads\Gmer.txt
2014-09-14 15:59 - 2014-09-14 15:59 - 00380416 _____ () C:\Users\thomas\Downloads\Gmer-19357.exe
2014-09-14 15:56 - 2014-09-15 20:08 - 00016347 _____ () C:\Users\thomas\Downloads\FRST.txt
2014-09-14 15:56 - 2014-09-14 15:58 - 00031021 _____ () C:\Users\thomas\Downloads\Addition.txt
2014-09-14 15:55 - 2014-09-15 20:08 - 00000000 ____D () C:\FRST
2014-09-14 15:53 - 2014-09-14 15:53 - 02105856 _____ (Farbar) C:\Users\thomas\Downloads\FRST64.exe
2014-09-14 15:50 - 2014-09-14 15:52 - 00000474 _____ () C:\Users\thomas\Downloads\defogger_disable.log
2014-09-14 15:50 - 2014-09-14 15:50 - 00000000 _____ () C:\Users\thomas\defogger_reenable
2014-09-14 15:44 - 2014-09-14 15:44 - 00050477 _____ () C:\Users\thomas\Downloads\Defogger.exe
2014-09-10 06:23 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 06:23 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 06:23 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 06:23 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 06:23 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 06:23 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 06:23 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 06:23 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 06:23 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 06:23 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 06:23 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 06:23 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 06:23 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 06:23 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 06:23 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 06:23 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 06:23 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 06:23 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 06:23 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 06:23 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 06:23 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 06:23 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 06:23 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 06:23 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 06:23 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 06:23 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 06:23 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 06:23 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 06:23 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 06:23 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 06:23 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 06:23 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 06:23 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 06:23 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 06:23 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 06:23 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 06:23 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 06:23 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 06:23 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 06:23 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 06:23 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 06:23 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 06:23 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 06:23 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 06:23 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 06:23 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 06:23 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 06:23 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 06:23 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 06:23 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 06:23 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 06:23 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 06:23 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 06:23 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 06:23 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 06:23 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 06:17 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 06:17 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 05:53 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 05:53 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 05:53 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 05:53 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 05:53 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 05:53 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 05:53 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 05:53 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 05:53 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-02 12:55 - 2014-09-02 12:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy
2014-09-02 12:55 - 2014-09-02 12:55 - 00000000 ____D () C:\Program Files (x86)\simfy
2014-09-01 14:24 - 2014-09-10 20:16 - 152014848 _____ () C:\Users\thomas\Documents\Klärfälle.accdb
2014-09-01 14:20 - 2014-09-01 14:23 - 01835008 _____ () C:\Users\thomas\Documents\Probleme-Webdatenbank.accdb
2014-08-30 10:50 - 2014-08-30 10:50 - 00000000 ____D () C:\Users\thomas\AppData\Local\Adobe
2014-08-29 13:08 - 2014-08-29 13:08 - 00000000 ____D () C:\Users\thomas\AppData\Local\ALF_AG
2014-08-29 09:35 - 2014-08-29 09:35 - 00000617 _____ () C:\Users\thomas\Desktop\Free PDF to Word Doc Converter.lnk
2014-08-29 09:35 - 2014-08-29 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free PDF to Word Doc Converter
2014-08-28 12:02 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 12:02 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 12:02 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 16:08 - 2014-08-26 16:08 - 00000000 ____D () C:\Users\thomas\AppData\Local\Collectorz.com
2014-08-26 16:07 - 2014-09-13 16:11 - 00000000 ____D () C:\Users\thomas\Documents\Music Collector
2014-08-26 16:07 - 2014-08-26 16:07 - 00000618 _____ () C:\Users\Public\Desktop\Music Collector.lnk
2014-08-26 16:07 - 2014-08-26 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Collectorz.com
2014-08-25 17:15 - 2014-08-25 17:15 - 00000084 _____ () C:\Windows\winamp.ini
2014-08-25 15:44 - 2014-08-25 15:44 - 00000587 _____ () C:\Users\thomas\Desktop\Plattenkiste.lnk
2014-08-25 15:38 - 2014-08-25 15:38 - 00992864 _____ (Microsoft Corporation) C:\Users\thomas\Downloads\Msvbvm50.exe
2014-08-25 15:17 - 2014-08-25 15:24 - 01335296 _____ () C:\Users\thomas\Documents\Rock,Blues und Jazz.accdb
2014-08-23 11:42 - 2014-08-23 13:54 - 00000000 ____D () C:\Users\thomas\Documents\KOMPASS Digital Map
2014-08-22 17:24 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-22 17:24 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-22 17:24 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-22 17:24 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-22 17:24 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-22 17:24 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-22 17:24 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-22 17:24 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-22 17:24 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-22 17:24 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-22 17:24 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-22 17:24 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-22 17:24 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-22 17:24 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-20 19:37 - 2010-11-21 05:23 - 00383786 __RSH () C:\bootmgr
2014-08-18 20:28 - 2014-08-18 20:28 - 00000000 ____D () C:\Users\thomas\ChromeExtensions
2014-08-18 20:28 - 2014-08-18 20:28 - 00000000 ____D () C:\Users\thomas\AppData\Local\Temp919d2d412e8511750599e7d3e457f0ba
2014-08-18 20:28 - 2014-08-18 20:28 - 00000000 ____D () C:\Users\thomas\AppData\Local\Temp7274b194ef104b14b019f2c6dcc20011
2014-08-18 20:26 - 2014-08-18 20:26 - 00000000 ____D () C:\Users\thomas\AppData\Local\Tempa72f33d3f232f4b75a2c957085674754
2014-08-18 20:09 - 2014-08-18 20:15 - 00000000 ____D () C:\ProgramData\BBox
2014-08-16 14:50 - 2014-08-16 14:50 - 00000941 _____ () C:\Users\thomas\Desktop\CDLabelPrint.exe - Verknüpfung.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 20:08 - 2014-09-14 15:56 - 00016347 _____ () C:\Users\thomas\Downloads\FRST.txt
2014-09-15 20:08 - 2014-09-14 15:55 - 00000000 ____D () C:\FRST
2014-09-15 20:06 - 2014-09-15 20:06 - 00001485 _____ () C:\Users\thomas\Downloads\JRT.txt
2014-09-15 20:05 - 2014-09-15 20:05 - 00001485 _____ () C:\Users\thomas\Desktop\JRT.txt
2014-09-15 20:02 - 2009-07-14 06:45 - 00032368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 20:02 - 2009-07-14 06:45 - 00032368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 20:01 - 2011-04-12 09:43 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-09-15 20:01 - 2011-04-12 09:43 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-09-15 20:01 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-15 19:57 - 2014-09-15 19:57 - 00000000 ____D () C:\Windows\ERUNT
2014-09-15 19:56 - 2014-09-15 19:56 - 01016261 _____ (Thisisu) C:\Users\thomas\Downloads\JRT.exe
2014-09-15 19:54 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-15 19:54 - 2009-07-14 06:51 - 00044633 _____ () C:\Windows\setupact.log
2014-09-15 19:53 - 2014-04-15 20:07 - 01371003 _____ () C:\Windows\WindowsUpdate.log
2014-09-15 19:53 - 2010-11-21 05:47 - 00044990 _____ () C:\Windows\PFRO.log
2014-09-15 19:52 - 2014-09-15 19:35 - 00000000 ____D () C:\AdwCleaner
2014-09-15 19:49 - 2014-04-18 14:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-15 17:55 - 2014-08-08 22:03 - 00000407 _____ () C:\Windows\system32\checkdnsid.xml
2014-09-14 20:19 - 2014-09-14 20:19 - 291343460 ____N () C:\Windows\MEMORY.DMP
2014-09-14 20:19 - 2014-09-14 20:19 - 00614936 _____ () C:\Windows\Minidump\091414-18922-01.dmp
2014-09-14 20:19 - 2014-09-14 20:19 - 00000000 ____D () C:\Windows\Minidump
2014-09-14 17:48 - 2014-09-14 17:48 - 00602112 _____ (OldTimer Tools) C:\Users\thomas\Downloads\OTL.exe
2014-09-14 17:47 - 2014-09-14 17:47 - 01373475 _____ () C:\Users\thomas\Downloads\AdwCleaner_3.310.exe
2014-09-14 17:38 - 2014-09-14 17:38 - 00017654 _____ () C:\Users\thomas\Downloads\Gmer.zip
2014-09-14 17:38 - 2014-09-14 17:38 - 00008581 _____ () C:\Users\thomas\Downloads\FRST.zip
2014-09-14 17:38 - 2014-09-14 17:38 - 00007518 _____ () C:\Users\thomas\Downloads\Addition.zip
2014-09-14 16:29 - 2014-09-14 16:29 - 00314651 _____ () C:\Users\thomas\Downloads\Gmer.txt
2014-09-14 15:59 - 2014-09-14 15:59 - 00380416 _____ () C:\Users\thomas\Downloads\Gmer-19357.exe
2014-09-14 15:58 - 2014-09-14 15:56 - 00031021 _____ () C:\Users\thomas\Downloads\Addition.txt
2014-09-14 15:53 - 2014-09-14 15:53 - 02105856 _____ (Farbar) C:\Users\thomas\Downloads\FRST64.exe
2014-09-14 15:52 - 2014-09-14 15:50 - 00000474 _____ () C:\Users\thomas\Downloads\defogger_disable.log
2014-09-14 15:50 - 2014-09-14 15:50 - 00000000 _____ () C:\Users\thomas\defogger_reenable
2014-09-14 15:50 - 2014-04-15 20:07 - 00000000 ____D () C:\Users\thomas
2014-09-14 15:44 - 2014-09-14 15:44 - 00050477 _____ () C:\Users\thomas\Downloads\Defogger.exe
2014-09-14 14:19 - 2014-05-25 09:35 - 00000000 ____D () C:\Users\thomas\AppData\Roaming\Nitro PDF
2014-09-13 16:11 - 2014-08-26 16:07 - 00000000 ____D () C:\Users\thomas\Documents\Music Collector
2014-09-13 15:31 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-09-13 12:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-11 06:17 - 2014-04-18 14:42 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-11 06:17 - 2014-04-18 14:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-11 06:17 - 2014-04-18 14:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 20:16 - 2014-09-01 14:24 - 152014848 _____ () C:\Users\thomas\Documents\Klärfälle.accdb
2014-09-10 19:50 - 2014-04-16 19:33 - 00000000 ____D () C:\Users\thomas\AppData\Local\Microsoft Help
2014-09-10 06:23 - 2014-04-16 19:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 06:22 - 2014-04-18 17:20 - 01591896 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 06:22 - 2014-04-18 15:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 06:17 - 2014-04-18 15:15 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-05 15:07 - 2014-04-16 19:40 - 00000000 ____D () C:\Users\thomas\AppData\Roaming\Mp3tag
2014-09-03 18:32 - 2014-04-21 11:10 - 00000000 ____D () C:\Users\thomas\AppData\Roaming\vlc
2014-09-02 12:55 - 2014-09-02 12:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy
2014-09-02 12:55 - 2014-09-02 12:55 - 00000000 ____D () C:\Program Files (x86)\simfy
2014-09-01 14:23 - 2014-09-01 14:20 - 01835008 _____ () C:\Users\thomas\Documents\Probleme-Webdatenbank.accdb
2014-08-30 10:50 - 2014-08-30 10:50 - 00000000 ____D () C:\Users\thomas\AppData\Local\Adobe
2014-08-29 13:08 - 2014-08-29 13:08 - 00000000 ____D () C:\Users\thomas\AppData\Local\ALF_AG
2014-08-29 09:35 - 2014-08-29 09:35 - 00000617 _____ () C:\Users\thomas\Desktop\Free PDF to Word Doc Converter.lnk
2014-08-29 09:35 - 2014-08-29 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free PDF to Word Doc Converter
2014-08-29 08:48 - 2009-07-14 06:45 - 00409376 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 16:43 - 2014-04-16 17:43 - 00000000 ____D () C:\Users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2014-08-27 16:43 - 2014-04-16 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2014-08-27 16:43 - 2014-04-16 17:43 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU
2014-08-27 16:23 - 2014-04-18 19:17 - 00000000 ____D () C:\Users\thomas\AppData\Roaming\AVS4YOU
2014-08-26 16:08 - 2014-08-26 16:08 - 00000000 ____D () C:\Users\thomas\AppData\Local\Collectorz.com
2014-08-26 16:07 - 2014-08-26 16:07 - 00000618 _____ () C:\Users\Public\Desktop\Music Collector.lnk
2014-08-26 16:07 - 2014-08-26 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Collectorz.com
2014-08-25 17:15 - 2014-08-25 17:15 - 00000084 _____ () C:\Windows\winamp.ini
2014-08-25 15:44 - 2014-08-25 15:44 - 00000587 _____ () C:\Users\thomas\Desktop\Plattenkiste.lnk
2014-08-25 15:38 - 2014-08-25 15:38 - 00992864 _____ (Microsoft Corporation) C:\Users\thomas\Downloads\Msvbvm50.exe
2014-08-25 15:24 - 2014-08-25 15:17 - 01335296 _____ () C:\Users\thomas\Documents\Rock,Blues und Jazz.accdb
2014-08-23 13:54 - 2014-08-23 11:42 - 00000000 ____D () C:\Users\thomas\Documents\KOMPASS Digital Map
2014-08-23 04:07 - 2014-08-28 12:02 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 12:02 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 12:02 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 20:05 - 2014-09-10 06:23 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 19:39 - 2014-09-10 06:23 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 01:01 - 2014-09-10 06:23 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-10 06:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-10 06:23 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-10 06:23 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-10 06:23 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-10 06:23 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-10 06:23 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-10 06:23 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-10 06:23 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-10 06:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-10 06:23 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 00:08 - 2014-09-10 06:23 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-10 06:23 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 00:05 - 2014-09-10 06:23 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-10 06:23 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-10 06:23 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-10 06:23 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:57 - 2014-09-10 06:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 23:56 - 2014-09-10 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:51 - 2014-09-10 06:23 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:46 - 2014-09-10 06:23 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 23:45 - 2014-09-10 06:23 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:45 - 2014-09-10 06:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 23:44 - 2014-09-10 06:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-10 06:23 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-10 06:23 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 23:40 - 2014-09-10 06:23 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:39 - 2014-09-10 06:23 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:39 - 2014-09-10 06:23 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 23:39 - 2014-09-10 06:23 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 23:38 - 2014-09-10 06:23 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:37 - 2014-09-10 06:23 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 23:36 - 2014-09-10 06:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 23:35 - 2014-09-10 06:23 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 23:27 - 2014-09-10 06:23 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 23:25 - 2014-09-10 06:23 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:25 - 2014-09-10 06:23 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:23 - 2014-09-10 06:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:23 - 2014-09-10 06:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 23:22 - 2014-09-10 06:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-10 06:23 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 23:17 - 2014-09-10 06:23 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 23:17 - 2014-09-10 06:23 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 23:16 - 2014-09-10 06:23 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:15 - 2014-09-10 06:23 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 23:15 - 2014-09-10 06:23 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 23:09 - 2014-09-10 06:23 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 23:08 - 2014-09-10 06:23 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 23:07 - 2014-09-10 06:23 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 22:55 - 2014-09-10 06:23 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:46 - 2014-09-10 06:23 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 22:38 - 2014-09-10 06:23 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 22:38 - 2014-09-10 06:23 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 22:36 - 2014-09-10 06:23 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-18 20:28 - 2014-08-18 20:28 - 00000000 ____D () C:\Users\thomas\ChromeExtensions
2014-08-18 20:28 - 2014-08-18 20:28 - 00000000 ____D () C:\Users\thomas\AppData\Local\Temp919d2d412e8511750599e7d3e457f0ba
2014-08-18 20:28 - 2014-08-18 20:28 - 00000000 ____D () C:\Users\thomas\AppData\Local\Temp7274b194ef104b14b019f2c6dcc20011
2014-08-18 20:26 - 2014-08-18 20:26 - 00000000 ____D () C:\Users\thomas\AppData\Local\Tempa72f33d3f232f4b75a2c957085674754
2014-08-18 20:15 - 2014-08-18 20:09 - 00000000 ____D () C:\ProgramData\BBox
2014-08-18 20:15 - 2014-04-15 20:07 - 00000000 ____D () C:\Users\thomas\AppData\Local\VirtualStore
2014-08-16 14:50 - 2014-08-16 14:50 - 00000941 _____ () C:\Users\thomas\Desktop\CDLabelPrint.exe - Verknüpfung.lnk
2014-08-16 14:40 - 2014-05-25 09:16 - 00000667 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk
2014-08-16 14:40 - 2014-05-25 09:16 - 00000605 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk

Some content of TEMP:
====================
C:\Users\thomas\AppData\Local\Temp\abelssoft.setup.exe
C:\Users\thomas\AppData\Local\Temp\amazonicon_v8.exe
C:\Users\thomas\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\thomas\AppData\Local\Temp\FoxySecurity_6.2_GIGA_FF_IE_Setup.exe
C:\Users\thomas\AppData\Local\Temp\LMkRstPt.exe
C:\Users\thomas\AppData\Local\Temp\nitro_reader3_x64.exe
C:\Users\thomas\AppData\Local\Temp\nseBDF6.exe
C:\Users\thomas\AppData\Local\Temp\nslB5AB.exe
C:\Users\thomas\AppData\Local\Temp\nsu1AC.exe
C:\Users\thomas\AppData\Local\Temp\pdf2wordsetup.exe
C:\Users\thomas\AppData\Local\Temp\Quarantine.exe
C:\Users\thomas\AppData\Local\Temp\sdanircmdc.exe
C:\Users\thomas\AppData\Local\Temp\sdapskill.exe
C:\Users\thomas\AppData\Local\Temp\sdaspwn.exe
C:\Users\thomas\AppData\Local\Temp\SPSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-09 19:26

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by thomas at 2014-09-14 15:56:27
Running from C:\Users\thomas\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.25 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0925-000001000000}) (Version: 9.25.00.0 - Igor Pavlov)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.178 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
AllDup 3.4.13 (HKLM-x32\...\AllDup_is1) (Version: 3.4.13 - Michael Thummerer Software Design)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.4.5.0 - SlySoft)
Audials (HKLM-x32\...\{2F27EAE9-0245-444A-8698-9832AFC3F1F8}) (Version: 10.2.27600.0 - Audials AG)
Audiograbber MP3-Plugin (64 bit) (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)
AVS Audio Converter 7.2 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 7.2.2.529 - Online Media Technologies Ltd.)
AVS Audio Editor 7.2 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 7.2.2.488 - Online Media Technologies Ltd.)
AVS Disc Creator 5.2 (HKLM-x32\...\AVS Disc Creator_is1) (Version: 5.2.1.529 - Online Media Technologies Ltd.)
AVS Media Player 4.2.2.104 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.2.2.104 - Online Media Technologies Ltd.)
AVS Screen Capture version 2.0.2 (HKLM-x32\...\AVS Screen Capture_is1) (Version:  - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 8.5 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.5.1.551 - Online Media Technologies Ltd.)
AVS Video Recorder 2.6 (HKLM-x32\...\AVS Video Recorder_is1) (Version: 2.6.1.94 - Online Media Technologies Ltd.)
AVS Video ReMaker 4.3.1.161 (HKLM-x32\...\AVS Video ReMaker_is1) (Version: 4.3.1.161 - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 17.27.0.1146 - Bitdefender)
Canon CanoScan Toolbox 5.0 (HKLM-x32\...\CanoScan Toolbox 5.0) (Version:  - )
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version:  - Canon Inc.)
CanoScan LiDE 600F (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802) (Version:  - )
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5000 - CDBurnerXP)
CheckDrive (HKLM-x32\...\{B83513EC-2E4D-4621-816D-4CCF397BE702}_is1) (Version: 4.4 - Abelssoft)
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.9.13 - REINER SCT)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Excel VBA Code Cleaner 4.4 (HKLM-x32\...\Excel VBA Code Cleaner 4.4) (Version:  - )
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Magic MP3 Tagger 2.2.6 (HKLM-x32\...\uniquemagicmp3taggerappid_is1) (Version:  - Mathias Kunter)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKCU\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
Mp3tag v2.55 (HKLM-x32\...\Mp3tag) (Version: v2.55 - Florian Heidenreich)
Music Collector (HKLM-x32\...\{8CDFF5D2-89BF-4391-9D20-7D95C88DC98C}_is1) (Version:  - Collectorz.com)
Nitro Reader 3 (HKLM\...\{47220B83-D895-4262-9227-E5D8FA7F7384}) (Version: 3.5.2.10 - Nitro)
Plextool (HKLM-x32\...\Plextool1.1.1) (Version: 1.1.1 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
simfy (HKLM-x32\...\Simfy) (Version: 1.7.7 - simfy AG)
simfy (x32 Version: 1.7.7 - simfy AG) Hidden
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.10 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.11.90 - Akademische Arbeitsgemeinschaft)
Synchredible (HKLM-x32\...\Synchredible_is1) (Version: 4.1.0.1 - ASCOMP Software GmbH)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

02-09-2014 07:09:09 Windows Update
06-09-2014 07:27:19 Windows Update
10-09-2014 03:49:40 Windows Update
10-09-2014 04:16:46 Windows Update
13-09-2014 08:32:28 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {552D6691-2C89-4529-8129-F06658D0C4A8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-04-18 18:09 - 2013-06-19 11:45 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2014-04-18 18:09 - 2014-03-27 19:18 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui
2014-04-18 18:09 - 2011-11-14 19:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll
2014-04-18 18:09 - 2014-03-27 19:18 - 00005120 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui
2014-07-25 19:25 - 2014-07-25 19:25 - 00780592 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_007\ashttpbr.mdl
2014-07-25 19:25 - 2014-07-25 19:25 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_007\ashttpdsp.mdl
2014-07-25 19:25 - 2014-07-25 19:25 - 02602680 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_007\ashttpph.mdl
2014-07-25 19:25 - 2014-07-25 19:25 - 01323408 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_007\ashttprbl.mdl
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () K:\AAVUpdateManager\aavus.exe
2013-01-01 19:06 - 2012-11-19 12:51 - 00262144 _____ () K:\Allwaysync\Allway Sync\Bin\SyncService.exe
2014-04-18 18:09 - 2013-03-25 15:16 - 01117920 _____ () C:\Program Files\Bitdefender\Bitdefender SafeBox\System.Data.SQLite.dll
2014-04-16 19:43 - 2007-05-31 08:38 - 00167936 ____N () C:\Windows\SysWOW64\SerialXP.dll
2014-04-18 18:09 - 2014-03-15 00:05 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\antispam32\txmlutil.dll
2014-07-23 19:52 - 2014-07-23 19:52 - 03800688 _____ () K:\Firefox\mozjs.dll
2014-04-18 18:09 - 2014-03-15 00:10 - 00035896 _____ () C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\components\ffpwdman.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\thomas\Downloads\avm_fritz!wlan_usb_stick_x64_build_100906.exe:BDU
AlternateDataStreams: C:\Users\thomas\Downloads\Defogger.exe:BDU
AlternateDataStreams: C:\Users\thomas\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\thomas\Downloads\Msvbvm50.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk => C:\Windows\pss\Logitech . Produktregistrierung.lnk.Startup
MSCONFIG\startupreg: AnyDVD => K:\AnyDVD\AnyDVDtray.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: EaseUS EPM tray => K:\Easus Partitionsmanager\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: pdiface => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe -noshow

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/14/2014 11:39:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WlanNetService.exe, Version: 1.1.0.26, Zeitstempel: 0x4cbea834
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003332f
ID des fehlerhaften Prozesses: 0x4dc
Startzeit der fehlerhaften Anwendung: 0xWlanNetService.exe0
Pfad der fehlerhaften Anwendung: WlanNetService.exe1
Pfad des fehlerhaften Moduls: WlanNetService.exe2
Berichtskennung: WlanNetService.exe3

Error: (09/14/2014 10:45:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm OBK.exe, Version 17.28.0.1182 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 67c

Startzeit: 01cfcff83f8b5e7e

Endzeit: 10

Anwendungspfad: C:\Program Files\Bitdefender\Bitdefender\Antispam32\OBK.exe

Berichts-ID: 83daada8-3beb-11e4-92bd-90e6ba3ebf32

Error: (09/14/2014 08:53:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2014 03:02:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2014 10:28:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/11/2014 06:18:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2014 07:24:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2014 05:46:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2014 07:10:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/07/2014 04:28:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/14/2014 01:35:03 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.

Error: (09/14/2014 11:39:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AVM WLAN Connection Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/13/2014 03:40:43 PM) (Source: cdrom) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error: (09/07/2014 04:27:29 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004

Error: (09/07/2014 04:27:29 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004

Error: (09/07/2014 04:27:29 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004

Error: (09/07/2014 04:27:29 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004

Error: (09/07/2014 04:27:29 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004

Error: (09/07/2014 04:27:29 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unerwarteter Fehler. Fehlercode: D@01010004

Error: (09/05/2014 02:52:33 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.


Microsoft Office Sessions:
=========================
Error: (09/14/2014 11:39:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: WlanNetService.exe1.1.0.264cbea834ntdll.dll6.1.7601.18247521ea8e7c00000050003332f4dc01cfcfe85b96d857C:\Program Files (x86)\avmwlanstick\WlanNetService.exeC:\Windows\SysWOW64\ntdll.dllffe4c039-3bf2-11e4-92bd-90e6ba3ebf32

Error: (09/14/2014 10:45:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OBK.exe17.28.0.118267c01cfcff83f8b5e7e10C:\Program Files\Bitdefender\Bitdefender\Antispam32\OBK.exe83daada8-3beb-11e4-92bd-90e6ba3ebf32

Error: (09/14/2014 08:53:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2014 03:02:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/13/2014 10:28:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/11/2014 06:18:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2014 07:24:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2014 05:46:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/09/2014 07:10:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/07/2014 04:28:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 74%
Total physical RAM: 2047.04 MB
Available physical RAM: 530.21 MB
Total Pagefile: 5247.04 MB
Available Pagefile: 3584.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.24 GB) (Free:86.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Sicherung Daten) (Fixed) (Total:186.31 GB) (Free:27.66 GB) NTFS
Drive e: (Daten) (Fixed) (Total:298.08 GB) (Free:10.05 GB) NTFS
Drive f: () (Removable) (Total:14.98 GB) (Free:6.42 GB) FAT32
Drive i: (Musik und Filme) (Fixed) (Total:309.41 GB) (Free:140.62 GB) NTFS
Drive k: (Programme) (Fixed) (Total:97.66 GB) (Free:84.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive m: (NEUER DATEN) (Removable) (Total:1.88 GB) (Free:1.75 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0004050A)
Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=309.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 65F5B427)
Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 186.3 GB) (Disk ID: 00068C22)
Partition 1: (Not Active) - (Size=186.3 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 298.1 GB) (Disk ID: CC6FE80A)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=OF Extended)

========================================================
Disk: 4 (Size: 1.9 GB) (Disk ID: 00041889)
Partition 1: (Not Active) - (Size=1.9 GB) - (Type=0B)

========================================================
Disk: 6 (Size: 15 GB) (Disk ID: 6E652072)
No partition Table on disk 6.

==================== End Of Log ============================

Mfg

tombea

cosinus · 15.09.2014, 20:48

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKLM\...\Run: [RadioRage Home Page Guard 64 bit] => "C:\PROGRA~2\RadioRage_4j\bar\1.bin\AppIntegrator64.exe"
HKU\S-1-5-21-492986851-1937855972-3072915796-1000\...\Policies\Explorer: [DisallowRun] 1
FF SearchEngineOrder.1: Ask Search
FF Extension: {beac0afb-3d7d-416d-8fab-564da0f7cf9b} - C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\Extensions\{beac0afb-3d7d-416d-8fab-564da0f7cf9b}.xpi [2014-08-19]
C:\Users\thomas\AppData\Local\Temp919d2d412e8511750599e7d3e457f0ba
C:\Users\thomas\AppData\Local\Temp7274b194ef104b14b019f2c6dcc20011
C:\Users\thomas\AppData\Local\Tempa72f33d3f232f4b75a2c957085674754
C:\PROGRA~2\RadioRage_4j

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

tombea · 15.09.2014, 20:57

Hallo Cosinus,

das geht ja ziemlich schnell mit den Antworten!
Hier der Fixlog.txt:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by thomas at 2014-09-15 21:53:02 Run:1
Running from C:\Users\thomas\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...\Run: [RadioRage Home Page Guard 64 bit] => "C:\PROGRA~2\RadioRage_4j\bar\1.bin\AppIntegrator64.exe"
HKU\S-1-5-21-492986851-1937855972-3072915796-1000\...\Policies\Explorer: [DisallowRun] 1
FF SearchEngineOrder.1: Ask Search
FF Extension: {beac0afb-3d7d-416d-8fab-564da0f7cf9b} - C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\Extensions\{beac0afb-3d7d-416d-8fab-564da0f7cf9b}.xpi [2014-08-19]
C:\Users\thomas\AppData\Local\Temp919d2d412e8511750599e7d3e457f0ba
C:\Users\thomas\AppData\Local\Temp7274b194ef104b14b019f2c6dcc20011
C:\Users\thomas\AppData\Local\Tempa72f33d3f232f4b75a2c957085674754
C:\PROGRA~2\RadioRage_4j
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\RadioRage Home Page Guard 64 bit => value deleted successfully.
HKU\S-1-5-21-492986851-1937855972-3072915796-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisallowRun => value deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\1bk142m8.default\Extensions\{beac0afb-3d7d-416d-8fab-564da0f7cf9b}.xpi => Moved successfully.
C:\Users\thomas\AppData\Local\Temp919d2d412e8511750599e7d3e457f0ba => Moved successfully.
C:\Users\thomas\AppData\Local\Temp7274b194ef104b14b019f2c6dcc20011 => Moved successfully.
C:\Users\thomas\AppData\Local\Tempa72f33d3f232f4b75a2c957085674754 => Moved successfully.
"C:\PROGRA~2\RadioRage_4j" => File/Directory not found.

==== End of Fixlog ====

Mfg

tombea

cosinus · 15.09.2014, 21:01

Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

tombea · 16.09.2014, 18:29

Hallo Cosimus,

hier noch der mbam.txt. Den Scan mit Eset Online Scanner mache ich morgen nach Feierabend, muss leider für heute Schluss machen. Die Arbeit ruft.

Bis hoffentlich morgen!

tombea

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 15.09.2014
Suchlauf-Zeit: 22:26:05
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.15.10
Rootkit Datenbank: v2014.09.15.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: thomas

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 305427
Verstrichene Zeit: 4 Min, 45 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 9
PUP.Optional.SearchProtect.A, C:\Users\thomas\AppData\Local\Temp\nseBDF6.exe, In Quarantäne, [01f58e5f1566ba7c1c4252e77f8256aa], 
PUP.Optional.Conduit.A, C:\Users\thomas\AppData\Local\Temp\nslB5AB.exe, In Quarantäne, [a35342ab720978bed5803c5639c8946c], 
PUP.Optional.SearchProtect.A, C:\Users\thomas\AppData\Local\Temp\SPSetup.exe, In Quarantäne, [0cea935ae398f93db3c87527ae53a55b], 
PUP.Optional.SearchProtect.A, C:\Users\thomas\AppData\Local\Temp\nsu1AC.exe, In Quarantäne, [24d22fbe6e0d3105da84fa3fe41d37c9], 
PUP.Optional.Conduit.A, C:\Users\thomas\AppData\Local\Temp\nso4FE7\SpSetup.exe, In Quarantäne, [9e58f7f6aecd44f2222d2b03f11001ff], 
PUP.Optional.Conduit.A, C:\Windows\Temp\nsd35D4.exe, In Quarantäne, [b541777603784aecc98cfc9613eed927], 
PUP.Optional.Conduit.A, C:\Windows\Temp\nsd85A8.exe, In Quarantäne, [08ee33ba80fb2511262fdab8ab5639c7], 
PUP.Optional.Conduit.A, C:\Windows\Temp\nsx25DB.exe, In Quarantäne, [30c6836a3c3f102678dd8f0332cfd12f], 
PUP.Optional.Conduit.A, C:\Windows\Temp\nsx74C5.exe, In Quarantäne, [b541b33ab7c41a1c70e5f0a23bc6b34d], 

Physische Sektoren: 0
(No malicious items detected)


(end)

Guten Abend Cosinus,

anbei der log.txt von Eset:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c94c07df6de175419c329535a222878c
# engine=20181
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-16 05:22:58
# local_time=2014-09-16 07:22:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Bitdefender Antivirus'
# compatibility_mode=2064 16777213 100 100 2392 114737087 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 4160 162518028 0 0
# scanned=34404
# found=45
# cleaned=0
# scan_time=1699
sh=8872824DA370A893AF27EDA5914C81B016FDE10D ft=1 fh=7df6b6eaf73c436e vn="Variante von Win64/Toolbar.MyWebSearch.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jauxstb64.dll.vir"
sh=352E15324D870431C6A80AEFA1B3826AF5F8AD7B ft=1 fh=d498158229edd61d vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbar.dll.vir"
sh=2DB76E64C44398F284BB9607477FFAB286C822A5 ft=1 fh=a15fd42821542f57 vn="Variante von Win32/Toolbar.MyWebSearch.AE evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbarsvc.exe.vir"
sh=BD3BA77A76482B8432E852B6C12718DFD8A805E8 ft=1 fh=d0f2a63db6645c6c vn="Variante von Win64/Toolbar.MyWebSearch.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrmon64.exe.vir"
sh=E22F1101BCDB847DDA207076C20847EE7BA14783 ft=1 fh=6dacd07894aac7d3 vn="Variante von Win64/Toolbar.MyWebSearch.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrstub64.dll.vir"
sh=6F8E675C0259BDB7CEEADA861381E8655E3882FD ft=1 fh=0c2cde178f5cb3ea vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jdatact.dll.vir"
sh=BFF74D4CF269E36527CE43A484298A7797D85DDB ft=1 fh=e0568f6273d6b1f6 vn="Variante von Win64/Toolbar.MyWebSearch.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jdlghk64.dll.vir"
sh=4B8694F7BFF75DDF2A99D67136B9FCAA8BCBF818 ft=1 fh=54e43688a7d5acff vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jfeedmg.dll.vir"
sh=8000F7F069170BA3962B6D1DE97641CB8E8795E6 ft=1 fh=41956871b2c6a631 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jhtmlmu.dll.vir"
sh=56E4F2B4EC1A6E8836C2541D66E710DABCA48FB3 ft=1 fh=bc873fb5e0ff5b6a vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jhttpct.dll.vir"
sh=7318474377B8A97C09E8B4E76BC84CD967F41425 ft=1 fh=2cc6ec5e6a8fb481 vn="Variante von Win32/Toolbar.MyWebSearch.AE evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jidle.dll.vir"
sh=0BFBBF33F74B6E9187D80CDD84DD49997DE10DBC ft=1 fh=7e5ba4990ad2843d vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jmlbtn.dll.vir"
sh=AD9FAD90CC49091BBEA91AA9829BA7C7DE57A080 ft=1 fh=333fc276c8268012 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jPlugin.dll.vir"
sh=E591A3DBC8B508F86149B610BDD39DF799C101FA ft=1 fh=e63430e62a50e4d1 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jradio.dll.vir"
sh=08B86C2A2D83758DC2A2737519E99B6409BFCE4A ft=1 fh=aae2e643a8115a99 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jregfft.dll.vir"
sh=80650AAB853B1ACEBE666EC834BE9AE519116254 ft=1 fh=88f6e6dcc31aacd1 vn="Variante von Win32/Toolbar.MyWebSearch.AE evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jscript.dll.vir"
sh=1A401BBE5BA7C679A6B56A2F335D8AF67A063C4A ft=1 fh=22f921539bef2c08 vn="möglicherweise Variante von Win32/Toolbar.MyWebSearch.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jskin.dll.vir"
sh=DF8005C51D4EE75E9C3CEE21A96FDCA75EF2E71B ft=1 fh=24159591b5465636 vn="Variante von Win32/Toolbar.MyWebSearch.AE evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jsrchmr.dll.vir"
sh=72489280930F183E34FE5AF817F207A5EB65F8D4 ft=1 fh=033eb58713fd33d4 vn="Variante von Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\4jtpinst.dll.vir"
sh=F76EBFB49A14135188A858A9A19ADE33D841FAD9 ft=1 fh=fd6523e46258979f vn="Variante von Win64/Toolbar.MyWebSearch.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\AppIntegrator64.exe.vir"
sh=385877E899E02E0F9C551D5B3293270C5FEB9D6B ft=1 fh=fc49323ed3498cd9 vn="Variante von Win64/Toolbar.MyWebSearch.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\AppIntegratorStub64.dll.vir"
sh=3C2251BC6DBC556B960D82FC7211B6005A613A8A ft=1 fh=e2babb33b836a3b5 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\ASSISTMONITOR.DLL.vir"
sh=E9C0F7642BFDCA4F304679F44A2351765D25D7E3 ft=1 fh=df272951a00ae964 vn="Variante von Win64/Toolbar.MyWebSearch.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\ASSISTMONITOR64.DLL.vir"
sh=5B52C97808B05C61C42C660EF788C6E30E9956D1 ft=1 fh=3bd8668ff345b3ba vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\CREXT.DLL.vir"
sh=C0F1C1AD7E3E71F00D10961BF88368998314C8B5 ft=1 fh=1104306037fac477 vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\CrExtP4j.exe.vir"
sh=1B7027E34F895FA1E93C6CEDD86EB8415F086E5C ft=1 fh=0f1abfa76a5eafd1 vn="Variante von Win32/Toolbar.MyWebSearch.AI evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\DPNMNGR.DLL.vir"
sh=FA366450E70C686F15807DAD7D890CA19C739EE4 ft=1 fh=c3b0d1b55e33b10b vn="Variante von Win32/Toolbar.MyWebSearch.AI evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\EXEMANAGER.DLL.vir"
sh=ED7CCFFE86134DB07B0BEE73EC86B99C7243897A ft=1 fh=30bb44c368d084a2 vn="Variante von Win32/Toolbar.MyWebSearch.AI evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\FF-NativeMessagingDispatcher.dll.vir"
sh=2C88C56E84FB90C27DA50DF87011A98C77362B19 ft=1 fh=054dd36e0a8ce909 vn="Variante von Win64/Toolbar.MyWebSearch.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\Hpg64.dll.vir"
sh=06EED086BAE0127ADC62E9547F07396B0B32EBA7 ft=1 fh=245e9c2b06b4128f vn="Win32/Toolbar.MyWebSearch.AI evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\NP4jStub.dll.vir"
sh=AFDF3F69BEB1CDE4A5AA1D9EE5BEFD8A5DE808D7 ft=1 fh=6f20f9ce0b4866ad vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\T8EPMSUP.DLL.vir"
sh=ACBBE4D6CB48DD5CF142D79FDFEECBD7F9E9854E ft=1 fh=c0c375ff197f91b8 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\T8EXTEX.DLL.vir"
sh=BB1DF373EBE307C63271B72B7905E86FBF58D2CB ft=1 fh=16b6d8b2476550db vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\T8EXTPEX.DLL.vir"
sh=0C27996F6F6194AA4EE5DA4031A78B9E304B05E3 ft=1 fh=44a79e41ea9fa8ee vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\T8HTML.DLL.vir"
sh=88A01244271EF4EE3E78DDCEAF4287D4B053ED9A ft=1 fh=6b89c95ed44a94f1 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\T8TICKER.DLL.vir"
sh=2AEDCD54BB567C79B20C8A20A6C061F71E919629 ft=1 fh=7f81933bb4629a22 vn="Win32/Toolbar.MyWebSearch.AI evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\TPIMANAGERCONSOLE.EXE.vir"
sh=AB85089131865A0535CD21A15D60C00AA7C425A2 ft=1 fh=13b78041014ac185 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\VERIFY.DLL.vir"
sh=AC297627AB9AB7AD194EC4E3CDE50D2A42F9A4FA ft=1 fh=609aefa527ec4346 vn="Win32/Toolbar.MyWebSearch.AF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioRage_4j\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE.vir"
sh=31CE21FE36C11E107A6E315EFE1875743809B4CC ft=1 fh=48abcfa6ce4a4014 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\thomas\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=796083ABA8A4A85C0F1D07ECE9C1D0B91978DA76 ft=1 fh=ce4ca38e15799fe6 vn="Win32/InstallCore.FZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\thomas\AppData\Local\Temp\is473184327\2511260_stp.EXE"
sh=796083ABA8A4A85C0F1D07ECE9C1D0B91978DA76 ft=1 fh=ce4ca38e15799fe6 vn="Win32/InstallCore.FZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\thomas\AppData\Local\Temp\is473184327\2634509_stp.EXE"
sh=D0E30DB755CE7257E7A1ED897D6932FAEC5EE3A1 ft=1 fh=6d39bacc63f12fd4 vn="Variante von Win32/SpeedingUpMyPC Anwendung" ac=I fn="C:\Users\thomas\AppData\Local\Temp\is473184327\2634851_stp.EXE"
sh=796083ABA8A4A85C0F1D07ECE9C1D0B91978DA76 ft=1 fh=ce4ca38e15799fe6 vn="Win32/InstallCore.FZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\thomas\AppData\Local\Temp\is473184327\2853521_stp.EXE"
sh=1198E362C0504B2A3B13C48A3FB1FD392CD961F2 ft=1 fh=f811da979eb359e7 vn="Variante von Win32/ELEX.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\thomas\AppData\Local\Temp\is473184327\2634722_stp\May7www.sweet-page.com.exe"
sh=F9C696C25F4300A7C55E017A95B16735FDAE1F69 ft=1 fh=184e2d2ecb738619 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\thomas\AppData\Local\Temp\is473184327\2634845_stp\webget_setup.exe"

Gruß

tombea

cosinus · 16.09.2014, 23:21

TFC - Temp File Cleaner

Lade dir

TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.

Öffne die TFC.exe.
Vista und Win 7 User mit Rechtsklick "als Administrator starten".
Schließe alle anderen Programme.
Drücke auf den Button Start.
Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ist aber nur optional. Um Usertracking zu verhindern kann man gut die Firefox-Erweiterung Ghostery verwenden.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

tombea · 17.09.2014, 04:45

Guten Morgen Cosinus,

recht herzlichen Dank für Deine Hilfe. Ohne Dich hätte ich es wahrscheinlich nicht geschafft und lieber das System neu aufgesetzt. Hast mir dabei viel Arbeit erspart. Habe ansonsten keine Probleme mehr.

Ein glücklicher

tombea

cosinus · 17.09.2014, 08:29

Dann wären wir durch!

Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board

Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden. Es empfiehlt sich Malwarebytes Anti-Malware zu behalten und damit wöchentlich nach Malware zu scannen.

Helfen kann dir dabei delfix:

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Mindspark Toolbar Platform Plugin Stub for 32-bit Windows bei Add-ons-Manager gefunden

Log-Analyse und Auswertung: Mindspark Toolbar Platform Plugin Stub for 32-bit Windows bei Add-ons-Manager gefunden