snapdo und searchnu nerven extrem

itsroh · 31.05.2013, 21:49

Hallo Forum,

ich habe mir beim Runterladen eines Dateikonvertierungsprogramms was eingefangen. Öffne ich meinen Chrome- Browser, öffnen sich ungefragt in einem jeweils neuen Reiter die Seiten "search.snapdo.com" und "www.searchnu.com".
Habe mein System mit Avira gescannt und nichts gefunden. Habe auch versucht, das System auf einen früheren Zustandspunkt zurück zu setzen. Das hat wohl geklappt, aber searchnu und snapdo sind geblieben.
Was kann ich tun? Vielen Dank schonmal im Voraus für die Hilfe.

aharonov · 31.05.2013, 23:47

Hi,

starte bitte mit einem OTL-Scan wie folgt:

Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.

Doppelklick auf die OTL.exe.
Unter Extra Registry, wähle bitte Use SafeList.
Setze den Haken bei Scan all Users.
Klicke nun auf Run Scan.
Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
Poste den Inhalt dieser Logfiles hier in den Thread.

itsroh · 01.06.2013, 11:01

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 01.06.2013 11:47:39 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Familie B\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 47,28% Memory free
7,82 Gb Paging File | 5,49 Gb Available in Paging File | 70,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 657,54 Gb Total Space | 567,96 Gb Free Space | 86,38% Space Free | Partition Type: NTFS
Drive D: | 37,99 Gb Total Space | 0,33 Gb Free Space | 0,86% Space Free | Partition Type: NTFS
 
Computer Name: FAMILIEB-PC | User Name: Familie B | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.30 16:19:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Familie B\Downloads\OTL.exe
PRC - [2013.05.24 20:57:47 | 000,047,896 | ---- | M] (WebCake LLC) -- C:\Users\Familie B\AppData\Roaming\WebCake\WebCakeDesktop.exe
PRC - [2013.05.24 20:57:47 | 000,023,552 | ---- | M] (WebCake LLC) -- C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe
PRC - [2013.05.23 20:10:52 | 028,712,088 | ---- | M] (Dropbox, Inc.) -- C:\Users\Familie B\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.05.23 07:44:09 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.05.15 18:58:47 | 000,389,016 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2013.05.10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.02 11:20:20 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.04.01 19:57:53 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.04.01 19:57:39 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.15 16:32:11 | 000,542,800 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\taxaktuell.exe
PRC - [2012.10.09 00:36:45 | 001,433,600 | ---- | M] () -- C:\Users\Familie B\Downloads\KeePassX-0.4.3-win32\KeePassX\KeePassX.exe
PRC - [2011.04.30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.04.14 18:17:18 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011.03.02 17:20:58 | 000,224,256 | ---- | M] () -- C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
PRC - [2011.02.24 03:04:54 | 003,402,760 | ---- | M] (Pegatron Corporation) -- C:\Program Files (x86)\PHotkey\POSD.exe
PRC - [2011.02.24 03:04:50 | 000,819,720 | ---- | M] (Pegatron Corporation) -- C:\Program Files (x86)\PHotkey\PHotkey.exe
PRC - [2011.02.22 22:20:21 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.22 22:20:17 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.02.15 18:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) -- C:\Prey\platform\windows\cronsvc.exe
PRC - [2011.02.11 21:40:00 | 000,997,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011.02.11 21:39:58 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011.02.11 21:39:54 | 000,985,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
PRC - [2011.02.11 21:39:54 | 000,907,600 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2010.08.04 00:39:38 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2010.01.13 02:36:00 | 000,117,256 | R--- | M] () -- C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
PRC - [2009.12.19 00:40:48 | 000,104,968 | R--- | M] () -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
PRC - [2009.12.19 00:38:18 | 000,345,608 | R--- | M] (TODO: <Company name>) -- C:\Program Files (x86)\PHotkey\HCSynApi.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.23 07:44:07 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
MOD - [2013.05.23 07:44:06 | 013,136,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
MOD - [2013.05.23 07:43:59 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
MOD - [2013.05.23 07:43:06 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libglesv2.dll
MOD - [2013.05.23 07:43:05 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libegl.dll
MOD - [2013.05.23 07:43:03 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll
MOD - [2013.05.16 00:43:32 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.16 00:43:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.05.15 18:58:47 | 002,244,504 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2013.05.15 18:58:47 | 000,158,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
MOD - [2013.05.15 18:58:47 | 000,022,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
MOD - [2013.03.19 16:31:28 | 002,170,960 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wfvie13.dll
MOD - [2013.03.19 15:48:09 | 008,921,680 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wgui13.dll
MOD - [2013.03.18 17:13:09 | 001,492,048 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wmain13.dll
MOD - [2013.03.15 16:33:03 | 002,997,840 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wcore13.dll
MOD - [2013.03.15 16:33:01 | 006,761,552 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wkont13.dll
MOD - [2013.03.15 16:32:55 | 004,158,544 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wauff13.dll
MOD - [2013.03.15 16:32:55 | 001,313,872 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wfabu13.dll
MOD - [2013.03.15 16:32:48 | 001,245,184 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wimp13.dll
MOD - [2013.03.15 16:32:46 | 001,310,800 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wwerb13.dll
MOD - [2013.03.15 16:32:46 | 001,215,568 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\whau213.dll
MOD - [2013.03.15 16:32:41 | 001,559,120 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wbae413.dll
MOD - [2013.03.15 16:32:41 | 001,146,448 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\whau113.dll
MOD - [2013.03.15 16:32:40 | 004,940,368 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wbae113.dll
MOD - [2013.03.15 16:32:35 | 001,747,536 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wbae313.dll
MOD - [2013.03.15 16:32:32 | 001,367,632 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wbae213.dll
MOD - [2013.03.15 16:32:27 | 001,724,496 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wreli13.dll
MOD - [2013.03.15 16:32:26 | 001,607,248 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wsteu13.dll
MOD - [2013.03.15 16:32:25 | 000,321,104 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\rsguiwinapi48.dll
MOD - [2013.03.15 16:32:22 | 000,308,816 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\rscorewinapi48.dll
MOD - [2013.03.15 16:32:11 | 000,542,800 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\taxaktuell.exe
MOD - [2013.03.15 16:31:57 | 000,136,272 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\rsodbc48.dll
MOD - [2013.03.15 16:31:54 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\rsdcom48.dll
MOD - [2013.03.15 16:09:38 | 001,041,408 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\clucene-core.dll
MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Familie B\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013.02.12 12:03:49 | 000,251,392 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\clucene-contribs-lib.dll
MOD - [2013.02.12 12:03:49 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\clucene-shared.dll
MOD - [2013.01.10 11:13:29 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 11:13:07 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 11:13:01 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 11:12:52 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Familie B\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012.10.09 00:36:45 | 009,515,520 | ---- | M] () -- C:\Users\Familie B\Downloads\KeePassX-0.4.3-win32\KeePassX\QtGui4.dll
MOD - [2012.10.09 00:36:45 | 002,415,104 | ---- | M] () -- C:\Users\Familie B\Downloads\KeePassX-0.4.3-win32\KeePassX\QtCore4.dll
MOD - [2012.10.09 00:36:45 | 001,433,600 | ---- | M] () -- C:\Users\Familie B\Downloads\KeePassX-0.4.3-win32\KeePassX\KeePassX.exe
MOD - [2012.10.09 00:36:45 | 000,398,336 | ---- | M] () -- C:\Users\Familie B\Downloads\KeePassX-0.4.3-win32\KeePassX\QtXml4.dll
MOD - [2012.10.09 00:36:45 | 000,350,720 | ---- | M] () -- C:\Users\Familie B\Downloads\KeePassX-0.4.3-win32\KeePassX\imageformats\qmng4.dll
MOD - [2012.10.09 00:36:45 | 000,192,000 | ---- | M] () -- C:\Users\Familie B\Downloads\KeePassX-0.4.3-win32\KeePassX\imageformats\qjpeg4.dll
MOD - [2012.10.09 00:36:45 | 000,082,944 | ---- | M] () -- C:\Users\Familie B\Downloads\KeePassX-0.4.3-win32\KeePassX\imageformats\qgif4.dll
MOD - [2012.10.09 00:36:45 | 000,081,920 | ---- | M] () -- C:\Users\Familie B\Downloads\KeePassX-0.4.3-win32\KeePassX\imageformats\qico4.dll
MOD - [2012.10.09 00:36:45 | 000,043,008 | ---- | M] () -- C:\Users\Familie B\Downloads\KeePassX-0.4.3-win32\KeePassX\libgcc_s_dw2-1.dll
MOD - [2012.10.09 00:36:45 | 000,011,362 | ---- | M] () -- C:\Users\Familie B\Downloads\KeePassX-0.4.3-win32\KeePassX\mingwm10.dll
MOD - [2012.10.05 12:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2010.11.21 05:24:32 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010.11.21 05:23:48 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.08.04 00:39:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2010.08.04 00:39:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.05.02 23:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011.05.02 23:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011.05.02 23:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011.04.21 18:34:16 | 001,136,640 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011.04.21 17:42:50 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2010.12.17 16:46:34 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013.05.15 18:58:47 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.15 14:15:32 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.01 19:57:53 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.04.01 19:57:39 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011.04.30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.03.02 17:20:58 | 000,224,256 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe -- (DirMngr)
SRV - [2011.02.22 22:20:21 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.22 22:20:17 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.02.15 18:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) [Auto | Running] -- C:\Prey\platform\windows\cronsvc.exe -- (CronService)
SRV - [2011.02.11 21:40:00 | 000,997,712 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011.02.11 21:39:58 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011.02.11 21:39:54 | 000,907,600 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010.10.07 02:46:42 | 000,159,752 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\PHotkey\GFNEXSrv.exe -- (GFNEXSrv)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.19 00:40:48 | 000,104,968 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.01 19:57:57 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.04.01 19:57:57 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.04.01 19:57:57 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.12.14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.31 18:57:41 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011.05.17 18:27:52 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011.05.17 18:27:50 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011.05.01 23:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.04.26 20:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.04.21 18:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011.04.21 18:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.04.15 01:16:08 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011.04.13 18:30:54 | 000,207,872 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.04.13 18:30:50 | 000,087,552 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 17:01:40 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011.01.24 11:24:52 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011.01.24 11:22:48 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011.01.24 10:56:06 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.23 22:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2010.08.24 18:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.01.22 11:26:50 | 000,305,200 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.10.23 17:26:14 | 000,046,592 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.09.11 23:11:46 | 000,014,344 | R--- | M] (PEGATRON) [Kernel | Auto | Running] -- C:\Program Files (x86)\PHotkey\PEGAGFN.sys -- (PEGAGFN)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=eadb1184-3305-4914-9490-1d074f61546d&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=eadb1184-3305-4914-9490-1d074f61546d&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=eadb1184-3305-4914-9490-1d074f61546d&searchtype=hp&installDate={installDate}
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=eadb1184-3305-4914-9490-1d074f61546d&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=eadb1184-3305-4914-9490-1d074f61546d&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\..\SearchScopes\{1697AD61-0E75-4EDA-AAF4-77D13F362209}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=bdf2d80e-7f17-4267-9f9e-d84ef484a69e&pid=fotofreeware&mode=bounce&k=0
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\..\SearchScopes\{5745C29C-E057-4BB2-BB00-000407154C49}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=bdf2d80e-7f17-4267-9f9e-d84ef484a69e&pid=fotofreeware&mode=bounce&k=0
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\..\SearchScopes\{5AF26995-A704-4810-87F3-5EF2F5D96C84}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=bdf2d80e-7f17-4267-9f9e-d84ef484a69e&pid=fotofreeware&mode=bounce&k=0
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\..\SearchScopes\{5FDDD75A-D2D7-4FA0-88FD-3F9828DF5BCB}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D69653726726C7A3D3149374D444E435F656E4445333933&st={searchTerms}&clid=bdf2d80e-7f17-4267-9f9e-d84ef484a69e&pid=fotofreeware&k=0
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\..\SearchScopes\{8CF37F23-4809-47A0-843F-95C598520ADC}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=bdf2d80e-7f17-4267-9f9e-d84ef484a69e&pid=fotofreeware&mode=bounce&k=0
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\..\SearchScopes\{B57F6711-428C-4725-877E-D7BF71AEEF9E}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=bdf2d80e-7f17-4267-9f9e-d84ef484a69e&pid=fotofreeware&mode=bounce&k=0
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\..\SearchScopes\{E5F75748-D279-4E30-B0E4-20ED0BE28E65}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=bdf2d80e-7f17-4267-9f9e-d84ef484a69e&pid=fotofreeware&mode=bounce&k=0
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {eadb1184-3305-4914-9490-1d074f61546d}:1.0
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8312
FF - prefs.js..browser.startup.homepage: "hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=eadb1184-3305-4914-9490-1d074f61546d&searchtype=hp&installDate=25/05/2013"
FF - prefs.js..keyword.URL: "hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=eadb1184-3305-4914-9490-1d074f61546d&searchtype=ds&installDate=25/05/2013&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.08 18:37:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.16 14:46:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.15 18:58:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.15 18:58:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2013.05.27 01:09:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Familie B\AppData\Roaming\mozilla\Extensions
[2013.05.30 15:50:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Familie B\AppData\Roaming\mozilla\Firefox\Profiles\82e4ucv2.default\extensions
[2013.05.30 15:38:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Familie B\AppData\Roaming\mozilla\Firefox\Profiles\82e4ucv2.default\extensions\{eadb1184-3305-4914-9490-1d074f61546d}
[2013.05.30 15:38:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Familie B\AppData\Roaming\mozilla\Firefox\Profiles\82e4ucv2.default\extensions\plugin@getwebcake.com
[2012.10.19 13:42:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.21 01:58:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.28 10:28:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.07 08:57:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.19 13:42:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2011.10.21 15:21:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.11 01:40:27 | 000,001,937 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Ixquick HTTPS - Deutsch (Enabled)
CHR - default_search_provider: search_url = https://ixquick.com/do/search?query={searchTerms}&cat=web&pl=chrome&language=deutsch
CHR - default_search_provider: suggest_url = ,
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Familie B\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Familie B\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Ghostery = C:\Users\Familie B\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.1_0\
CHR - Extension: Picasa = C:\Users\Familie B\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb\6.2.2_0\
CHR - Extension: Google Mail = C:\Users\Familie B\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (WebCake) - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\WebCake\WebCakeIEClient.dll (WebCake LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Preispilot) - {C4415769-1588-4AD6-9624-B2E69DB78D1A} - C:\Program Files (x86)\preispilot\Internet Explorer\preispilot.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Familie B\AppData\Roaming\OCS\SM\SearchAnonymizer.exe File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000..\Run: [WebCake Desktop] C:\Users\Familie B\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Familie B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AeroFS.lnk = C:\Users\Familie B\AppData\Roaming\AeroFSExec\aerofs.exe ()
O4 - Startup: C:\Users\Familie B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Familie B\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8068FE7C-7296-400B-9019-82B7F3A7BDB2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1AEB345-498B-4D3D-A2B8-DB5469020C02}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9372c1ea-864e-11e1-940e-bc77371ff891}\Shell - "" = AutoRun
O33 - MountPoints2\{9372c1ea-864e-11e1-940e-bc77371ff891}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.30 16:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.05.30 16:07:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.30 16:07:33 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.27 00:29:48 | 000,000,000 | ---D | C] -- C:\Users\Familie B\AppData\Roaming\FreeFLVConverter
[2013.05.27 00:29:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free FLV Converter
[2013.05.25 09:10:58 | 000,719,872 | -HS- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll
[2013.05.25 09:10:57 | 000,369,152 | -HS- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll
[2013.05.25 09:10:56 | 000,070,656 | -HS- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2013.05.25 09:10:55 | 000,070,656 | -HS- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll
[2013.05.25 09:10:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2013.05.25 09:06:01 | 000,000,000 | ---D | C] -- C:\Users\Familie B\Documents\eRightSoft
[2013.05.25 09:05:44 | 000,327,749 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drvc.dll
[2013.05.25 09:05:44 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2013.05.25 09:05:44 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll
[2013.05.25 09:05:44 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax
[2013.05.25 09:05:44 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax
[2013.05.25 09:05:44 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll
[2013.05.25 09:05:44 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax
[2013.05.25 09:05:44 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax
[2013.05.25 09:05:44 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax
[2013.05.25 09:05:44 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax
[2013.05.25 09:05:44 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax
[2013.05.25 09:05:44 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax
[2013.05.25 09:05:44 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll
[2013.05.25 09:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft
[2013.05.25 09:05:43 | 000,000,000 | ---D | C] -- C:\Users\Familie B\AppData\Roaming\WebCake
[2013.05.25 09:05:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebCake
[2013.05.25 09:04:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft
[2013.05.25 01:17:47 | 000,000,000 | ---D | C] -- C:\Users\Familie B\Documents\StreamTransport
[2013.05.25 00:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTransport
[2013.05.25 00:56:25 | 003,982,240 | ---- | C] (Adobe Systems, Inc.) -- C:\Windows\SysWow64\Flash10d.ocx
[2013.05.25 00:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StreamTransport
[2013.05.25 00:12:36 | 000,000,000 | ---D | C] -- C:\Users\Familie B\Desktop\Handy
[2013.05.22 21:58:29 | 000,000,000 | ---D | C] -- C:\Users\Familie B\AppData\Roaming\KeePass
[2013.05.22 21:56:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeePass Password Safe 2
[2013.05.22 21:56:00 | 000,000,000 | ---D | C] -- C:\Users\Familie B\AppData\Local\Programs
[2013.05.16 00:37:53 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.16 00:37:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.16 00:37:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.16 00:37:49 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.16 00:37:49 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.16 00:37:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.16 00:37:49 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.16 00:37:49 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.16 00:37:48 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.16 00:37:48 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.16 00:37:48 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.16 00:37:48 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.16 00:37:47 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.16 00:37:47 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.16 00:37:46 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.15 22:58:39 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.15 22:58:39 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.15 22:58:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.15 22:58:21 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.15 22:58:20 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.15 22:58:20 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.15 22:58:20 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.15 18:58:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.05.13 16:33:54 | 000,000,000 | R--D | C] -- C:\Users\Familie B\Documents\AeroFS
[2013.05.13 16:33:54 | 000,000,000 | -HSD | C] -- C:\Users\Familie B\Documents\.aerofs.aux.fd6a7d
[2013.05.13 16:33:19 | 000,000,000 | ---D | C] -- C:\Users\Familie B\AppData\Roaming\AeroFS
[2013.05.13 16:33:11 | 000,000,000 | ---D | C] -- C:\Users\Familie B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeroFS
[2013.05.13 16:33:08 | 000,000,000 | ---D | C] -- C:\Users\Familie B\AppData\Roaming\AeroFSExec
[2013.05.03 10:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.01 11:43:07 | 000,000,029 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat
[2013.06.01 11:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.01 11:01:50 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.01 11:01:50 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.01 10:58:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.01 10:53:22 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.01 10:53:09 | 000,000,022 | ---- | M] () -- C:\Windows\S.dirmngr
[2013.06.01 10:52:59 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat
[2013.06.01 10:52:57 | 3151,327,232 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.30 21:42:45 | 000,000,747 | ---- | M] () -- C:\Windows\wiso.ini
[2013.05.30 15:50:57 | 000,000,194 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.05.30 15:50:00 | 000,632,031 | ---- | M] () -- C:\Users\Familie B\Desktop\adwcleaner.exe
[2013.05.27 11:42:04 | 391,156,380 | ---- | M] () -- C:\Users\Familie B\Desktop\Deutschland von oben 1 &quot;Stadt&quot; - in HD! - Terra X - ZDFmediathek - ZDF Mediathek.mp4
[2013.05.27 01:02:53 | 120,545,306 | ---- | M] () -- C:\Users\Familie B\Documents\Startseite - ZDF Mediathek_1.flv
[2013.05.27 00:46:43 | 288,854,567 | ---- | M] () -- C:\Users\Familie B\Desktop\Deutschland von oben 1 &quot;Stadt&quot; - in HD - Terra X - ZDFmediathek - ZDF Mediathek.mp4
[2013.05.26 12:30:37 | 001,434,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.26 12:30:37 | 000,629,594 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.26 12:30:37 | 000,595,198 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.26 12:30:37 | 000,120,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.26 12:30:37 | 000,099,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.25 09:22:49 | 345,066,172 | ---- | M] () -- C:\Users\Familie B\Documents\Startseite - ZDF Mediathek.flv
[2013.05.25 09:03:42 | 002,463,093 | ---- | M] () -- C:\Users\Familie B\Documents\Startseite - ZDF Mediathek_0.flv
[2013.05.25 01:42:18 | 523,524,896 | ---- | M] () -- C:\Users\Familie B\Desktop\Deutschland von oben 1 &quot;Stadt&quot; - in HD! - Terra X - ZDFmediathek - ZDF Mediathek.flv
[2013.05.25 01:32:50 | 000,001,060 | ---- | M] () -- C:\Users\Familie B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.05.23 00:54:56 | 000,001,012 | ---- | M] () -- C:\Users\Familie B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AeroFS.lnk
[2013.05.16 14:38:46 | 000,380,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.15 14:15:32 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.15 14:15:32 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.01 10:53:09 | 000,000,022 | ---- | C] () -- C:\Windows\S.dirmngr
[2013.05.30 15:50:49 | 000,000,194 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.05.30 15:50:00 | 000,632,031 | ---- | C] () -- C:\Users\Familie B\Desktop\adwcleaner.exe
[2013.05.27 10:38:23 | 391,156,380 | ---- | C] () -- C:\Users\Familie B\Desktop\Deutschland von oben 1 &quot;Stadt&quot; - in HD! - Terra X - ZDFmediathek - ZDF Mediathek.mp4
[2013.05.27 00:52:52 | 120,545,306 | ---- | C] () -- C:\Users\Familie B\Documents\Startseite - ZDF Mediathek_1.flv
[2013.05.27 00:32:01 | 288,854,567 | ---- | C] () -- C:\Users\Familie B\Desktop\Deutschland von oben 1 &quot;Stadt&quot; - in HD - Terra X - ZDFmediathek - ZDF Mediathek.mp4
[2013.05.27 00:30:22 | 000,001,183 | ---- | C] () -- C:\Users\Familie B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Converter.lnk
[2013.05.25 09:10:57 | 000,032,256 | -HS- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2013.05.25 09:08:18 | 000,002,566 | ---- | C] () -- C:\Users\Familie B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2013.05.25 09:05:44 | 000,195,584 | RHS- | C] () -- C:\Windows\SysWow64\MatroskaDX.ax
[2013.05.25 09:05:44 | 000,188,416 | RHS- | C] () -- C:\Windows\SysWow64\winDCE32.dll
[2013.05.25 09:05:44 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax
[2013.05.25 09:05:44 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax
[2013.05.25 09:05:44 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax
[2013.05.25 09:05:44 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2013.05.25 09:05:44 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax
[2013.05.25 09:05:44 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax
[2013.05.25 09:05:44 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax
[2013.05.25 09:05:44 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax
[2013.05.25 09:05:43 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax
[2013.05.25 09:05:43 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax
[2013.05.25 09:03:30 | 002,463,093 | ---- | C] () -- C:\Users\Familie B\Documents\Startseite - ZDF Mediathek_0.flv
[2013.05.25 08:57:44 | 523,524,896 | ---- | C] () -- C:\Users\Familie B\Desktop\Deutschland von oben 1 &quot;Stadt&quot; - in HD! - Terra X - ZDFmediathek - ZDF Mediathek.flv
[2013.05.25 08:54:04 | 345,066,172 | ---- | C] () -- C:\Users\Familie B\Documents\Startseite - ZDF Mediathek.flv
[2013.05.22 21:56:32 | 000,001,125 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
[2013.05.13 16:33:11 | 000,001,012 | ---- | C] () -- C:\Users\Familie B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AeroFS.lnk
[2013.04.05 12:15:22 | 000,002,833 | ---- | C] () -- C:\Users\Familie B\.recently-used.xbel
[2013.02.08 00:29:45 | 000,001,374 | ---- | C] () -- C:\Windows\SysWow64\bash.exe.stackdump
[2012.12.28 01:24:01 | 000,007,635 | ---- | C] () -- C:\Users\Familie B\AppData\Local\Resmon.ResmonCfg
[2012.12.14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.10.10 03:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012.10.10 03:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012.07.24 15:12:18 | 000,001,477 | ---- | C] () -- C:\Users\Familie B\AppData\Local\recently-used.xbel
[2012.07.24 15:10:05 | 000,003,540 | ---- | C] () -- C:\Users\Familie B\AppData\Local\ING Diba Jens.gnucash.20120724151005.gnucash
[2012.07.24 15:00:48 | 000,003,669 | ---- | C] () -- C:\Users\Familie B\AppData\Local\ING Diba Jens.gnucash
[2012.07.12 17:17:58 | 000,003,531 | ---- | C] () -- C:\Users\Familie B\AppData\Local\GnuCash.gnucash
[2012.03.19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.11.23 23:07:32 | 000,000,747 | ---- | C] () -- C:\Windows\wiso.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 01.06.2013 11:47:39 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Familie B\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 47,28% Memory free
7,82 Gb Paging File | 5,49 Gb Available in Paging File | 70,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 657,54 Gb Total Space | 567,96 Gb Free Space | 86,38% Space Free | Partition Type: NTFS
Drive D: | 37,99 Gb Total Space | 0,33 Gb Free Space | 0,86% Space Free | Partition Type: NTFS
 
Computer Name: FAMILIEB-PC | User Name: Familie B | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-3290196298-4204039042-1804756541-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BF67352-0793-4599-B2F9-C0FA482ED6DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{19ADFC58-B4FE-44DC-9842-174836146031}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1F7E053C-FEA3-4F9D-8AAD-C7757EC47700}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{24AB7507-F470-4C7C-B6F5-363C4ADED5CC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{30C52A89-D965-45E4-8152-6556625BFD05}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3D28D494-9B9B-48C9-A587-44D9604F6D38}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{3DB131F6-567E-43EE-855A-9A0EF663F8E6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4FA49A40-FBE5-4C1A-97DA-B7DE8F434D22}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{543872AB-BFCC-45D3-8330-57573C943E74}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5FAD05FA-A744-429D-9672-A8DE4B24CAAE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{713748AF-DFBA-49B3-B678-0AFAB204697C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{82309A14-193F-4B3B-B66F-C9CA743375A0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8A86888F-A526-4982-BE5F-0DC0975549E5}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{97753832-D199-40F0-9B6A-566F4F484E73}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9A767ED6-4D43-4292-9639-8BFF4B5674FB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A89393FD-F84E-41D8-AB99-B974267DCD1D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C2AB9F86-BEA4-4088-8A0F-056878743BEC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CA54CA52-8C72-4014-83C9-6B1D3884F448}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{CE9518B5-FF84-4A60-A78E-A66C1987E82C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D0199D43-C273-473A-8A41-C5BAB93522A7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D243D267-7D53-4038-B509-8719C7A2535C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E07C6BE5-DAA7-44C2-9B1D-38ADBD1EE720}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EB366487-EBA6-484D-8934-7B5498DE9968}" = lport=138 | protocol=17 | dir=in | app=system | 
"{FCDEE62D-C95D-4388-8302-0FDB11906CA9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FD666ECD-92A0-45C0-8461-1EF30AC64973}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{066F0524-3605-47A5-A336-CD23760CD3AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{07C057AF-E53C-4E6C-B7DA-DDA6C4CCA045}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{13E3B754-6D40-4F79-96DA-A084368F3565}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{1860AB33-EF7D-433A-8209-BB85BF221FF0}" = protocol=6 | dir=in | app=c:\users\familie b\appdata\roaming\aerofsexec\aerofsd.exe | 
"{24CA67DA-81DF-47D9-8C72-495CE81AAA85}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{315EC747-FA58-425B-BCB0-3D6C7761B94E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3CAE0C10-17E4-41A5-B6D3-3DE9AE7CDA5A}" = protocol=6 | dir=out | app=system | 
"{3EBCF750-B5EF-46E4-B981-496911A7A2A6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{41F29882-FD2D-4580-A626-C0C6A2D28262}" = protocol=6 | dir=in | app=c:\users\familie b\appdata\roaming\dropbox\bin\dropbox.exe | 
"{42791D9D-BBC5-42C4-B9D4-E26264153C3B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{56FF91BF-D9B4-4BFE-8893-22A52B2B35AD}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{5E381F86-0D71-407C-B24C-76B61841ABEC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{64F29847-216C-4052-ACBE-BC39673AC642}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{7638AEB7-48EB-47F4-80D7-26B881CFB583}" = protocol=6 | dir=in | app=c:\users\familie b\appdata\roaming\aerofsexec\aerofs.exe | 
"{7898CC1A-1F9D-4269-8ECC-ECE3EB56DC8A}" = protocol=17 | dir=in | app=c:\users\familie b\appdata\roaming\aerofsexec\aerofs.exe | 
"{8053B8F2-3344-43C8-8A83-CD8200737E3F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8D6A4DC5-6F2F-447A-B6FB-A4C3541A732E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{90EC51D4-DA70-474C-9D9B-2BB423003DB4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9239B2D9-AB99-4794-A65C-592EC15AAA23}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{960202AD-F92B-485C-865A-4F947E71807A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9B282B90-FE57-4013-84FE-9C02B3D78EA0}" = protocol=17 | dir=in | app=c:\users\familie b\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9FFD3314-5AA5-4B78-83A8-B09D31CEE58A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A71A9547-D380-4870-956A-172EB5E3ABA7}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | 
"{A7DAA2A7-9CED-4823-B253-BAA027BE72B7}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{ACE7C606-C4AF-4A44-8185-D436C1A9B502}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | 
"{AF536FFD-A1BE-48D0-8F70-DC3A95956462}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B8EBFCFA-517E-438D-9D03-9EA20A0D2B81}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{BDF21A95-294B-4792-BC9D-07EC4606F05A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C07BD9DA-EC94-463C-8C96-4A106D442248}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D5041549-2EF3-4134-A8B2-A4CACF9E75EF}" = protocol=17 | dir=in | app=c:\users\familie b\appdata\roaming\aerofsexec\aerofsd.exe | 
"{DCFC396E-8FBB-40E2-A7B3-B3A0A9CB48F5}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{E6ECF424-FD74-4C26-81F4-9ED831CFB264}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EEAA18A8-F6E9-4EA8-BB33-95043F242FA7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F253E967-C870-4612-91EC-1C3AB8972DCF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FC0097EB-BAC8-4EDF-97C0-ADA5EC7120A5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{274B89CB-11A3-40D8-BA47-ED6DD3B65188}C:\users\familie b\appdata\roaming\aerofsexec\aerofsd.exe" = protocol=6 | dir=in | app=c:\users\familie b\appdata\roaming\aerofsexec\aerofsd.exe | 
"TCP Query User{32C355A9-E3E6-46D8-9071-86DA5DD58552}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"TCP Query User{CD289D3B-A6E1-41D4-A168-F861F591B064}C:\users\familie b\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\familie b\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{23E163A9-FEEF-42E2-83DC-F8D1B47271F8}C:\users\familie b\appdata\roaming\aerofsexec\aerofsd.exe" = protocol=17 | dir=in | app=c:\users\familie b\appdata\roaming\aerofsexec\aerofsd.exe | 
"UDP Query User{B2F89AE6-11BD-47CD-BF77-9CE27D3E4DA7}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"UDP Query User{DDC30096-EB44-49BB-B5D6-4E80A8EA8D10}C:\users\familie b\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\familie b\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java(TM) 6 Update 25 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{46AE421C-BF1B-4B62-BE0E-62FE09C6D5B5}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0E106D2-4815-4B7A-BAA7-7E21B530CFB4}" = Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}" = WebCake 3.00
"{C7B40C35-85AE-4303-9EEA-1A1EA779664D}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D3836C5E-6824-4C9F-9B45-09C989B13EF6}" = VR-pulse Installer
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-Bit)
"{EC1369CF-15BD-4FAF-BA84-65E4788C682E}" = AMI VR-pulse OS Switcher
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0DD706AF-B542-438C-999E-B30C7F625C8D}" = Intel(R) WiDi
"{0E806605-5B82-4A4F-BC31-AA4FADA03C42}" = t@x 2012
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48106FE4-B1AF-4941-BF3D-83E6C4B7CAF3}" = Alcor Micro USB Card Reader
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6737F045-A91A-4177-9C8C-59460FC1C84D}" = t@x 2013
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7654C4E3-86E8-4CD4-B1CE-8DBEA82C36E2}" = LibreOffice 3.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3A1F92-C29F-4DF9-8459-B739A4831C69}_is1" = SUPER © +Recorder.2013.55 (Mar 7, 2013) Version +Recorder.2013.
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C4415769-1588-4AD6-9624-B2E69DB78D1A}" = Preispilot
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C5BE1248-4CE8-46D1-AC01-5F1B58C1FC47}" = Snap.Do
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}" = PHotkey
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA561FC0-A965-11E2-94D3-B8AC6F98CCE3}" = Google Earth Plug-in
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDI NORD Bestellsoftware" = ALDI NORD Bestellsoftware 4.12.2
"AmUStor" = Alcor Micro USB Card Reader
"Avira AntiVir Desktop" = Avira Free Antivirus
"DupDetector_is1" = DupDetector 3.302
"Finale NotePad 2012" = Finale NotePad 2012
"Google Chrome" = Google Chrome
"GPG4Win" = Gpg4win (2.1.0)
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.22
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MuseScore" = MuseScore 1.3
"ProInst" = Intel PROSet Wireless
"TrueCrypt" = TrueCrypt
"VVV-fu-ku-jitsu_is1" = VVV (Virtual Volumes View) version 1.1
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGimp-2.0_is1" = GIMP 2.6.12-2
"WinLiveSuite" = Windows Live Essentials
"XMedia Recode" = XMedia Recode 3.0.6.7
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3290196298-4204039042-1804756541-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{e8e9b71a-9684-4eb7-bbec-5952b9c359dd}" = Snap.Do Engine
"AeroFS" = AeroFS
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.05.2013 10:42:01 | Computer Name = FamilieB-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 30.05.2013 10:44:27 | Computer Name = FamilieB-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 30.05.2013 10:44:29 | Computer Name = FamilieB-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 30.05.2013 10:44:57 | Computer Name = FamilieB-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 30.05.2013 10:44:59 | Computer Name = FamilieB-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 30.05.2013 11:57:31 | Computer Name = FamilieB-PC | Source = VSS | ID = 12310
Description = 
 
Error - 30.05.2013 11:57:32 | Computer Name = FamilieB-PC | Source = VSS | ID = 12298
Description = 
 
Error - 30.05.2013 13:53:03 | Computer Name = FamilieB-PC | Source = Microsoft-Windows-Defrag | ID = 257
Description = 
 
Error - 30.05.2013 13:55:12 | Computer Name = FamilieB-PC | Source = Microsoft-Windows-Defrag | ID = 257
Description = 
 
[ System Events ]
Error - 30.05.2013 10:42:01 | Computer Name = FamilieB-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%306.
 
Error - 30.05.2013 10:44:27 | Computer Name = FamilieB-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%306.
 
Error - 30.05.2013 10:44:29 | Computer Name = FamilieB-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%306.
 
Error - 30.05.2013 10:44:57 | Computer Name = FamilieB-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%306.
 
Error - 30.05.2013 10:44:59 | Computer Name = FamilieB-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%306.
 
Error - 30.05.2013 11:57:41 | Computer Name = FamilieB-PC | Source = volsnap | ID = 393224
Description = Das Zeitlimit für den Lösch- und Speicherschreibvorgang für Volume
 "C:" wurde beim Warten auf eine Schreibvorgangfreigabe überschritten.
 
Error - 30.05.2013 15:55:10 | Computer Name = FamilieB-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 01.06.2013 04:54:29 | Computer Name = FamilieB-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 01.06.2013 04:56:01 | Computer Name = FamilieB-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
 
 
< End of report >

--- --- ---

aharonov · 01.06.2013, 23:32

Hallo,

mach bitte mal das:

Schritt 1

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
FF - prefs.js..browser.startup.homepage: "hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=eadb1184-3305-4914-9490-1d074f61546d&searchtype=hp&installDate=25/05/2013"
FF - prefs.js..keyword.URL: "hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=eadb1184-3305-4914-9490-1d074f61546d&searchtype=ds&installDate=25/05/2013&q="
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\..\SearchScopes\{1697AD61-0E75-4EDA-AAF4-77D13F362209}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=bdf2d80e-7f17-4267-9f9e-d84ef484a69e&pid=fotofreeware&mode=bounce&k=0
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\..\SearchScopes\{5745C29C-E057-4BB2-BB00-000407154C49}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=bdf2d80e-7f17-4267-9f9e-d84ef484a69e&pid=fotofreeware&mode=bounce&k=0
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\..\SearchScopes\{5AF26995-A704-4810-87F3-5EF2F5D96C84}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=bdf2d80e-7f17-4267-9f9e-d84ef484a69e&pid=fotofreeware&mode=bounce&k=0
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\..\SearchScopes\{5FDDD75A-D2D7-4FA0-88FD-3F9828DF5BCB}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D69653726726C7A3D3149374D444E435F656E4445333933&st={searchTerms}&clid=bdf2d80e-7f17-4267-9f9e-d84ef484a69e&pid=fotofreeware&k=0
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\..\SearchScopes\{8CF37F23-4809-47A0-843F-95C598520ADC}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=bdf2d80e-7f17-4267-9f9e-d84ef484a69e&pid=fotofreeware&mode=bounce&k=0
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\..\SearchScopes\{B57F6711-428C-4725-877E-D7BF71AEEF9E}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=bdf2d80e-7f17-4267-9f9e-d84ef484a69e&pid=fotofreeware&mode=bounce&k=0
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\..\SearchScopes\{E5F75748-D279-4E30-B0E4-20ED0BE28E65}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=bdf2d80e-7f17-4267-9f9e-d84ef484a69e&pid=fotofreeware&mode=bounce&k=0
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=eadb1184-3305-4914-9490-1d074f61546d&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=eadb1184-3305-4914-9490-1d074f61546d&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=eadb1184-3305-4914-9490-1d074f61546d&searchtype=hp&installDate={installDate}
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=eadb1184-3305-4914-9490-1d074f61546d&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=eadb1184-3305-4914-9490-1d074f61546d&searchtype=ds&q={searchTerms}&installDate={installDate}

:commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Öffne Google Chrome.
Klicke rechts oben auf Google Chrome anpassen.
Wähle Einstellungen.
Unter Beim Start > Wähle "Bestimmte Seite oder Seiten öffnen" aus und klicke auf Seiten festlegen.
Gib die gewünschte Startseite ein und bestätige mit Ok.
Schliesse den Google Chrome.

Schritt 3

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Fixlog von OTL
Log von OTL

itsroh · 02.06.2013, 18:38

All processes killed
========== OTL ==========
Prefs.js: "hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=eadb1184-3305-4914-9490-1d074f61546d&searchtype=hp&installDate=25/05/2013" removed from browser.startup.homepage
Prefs.js: "hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=eadb1184-3305-4914-9490-1d074f61546d&searchtype=ds&installDate=25/05/2013&q=" removed from keyword.URL
Registry key HKEY_USERS\S-1-5-21-3290196298-4204039042-1804756541-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1697AD61-0E75-4EDA-AAF4-77D13F362209}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1697AD61-0E75-4EDA-AAF4-77D13F362209}\ not found.
Registry key HKEY_USERS\S-1-5-21-3290196298-4204039042-1804756541-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5745C29C-E057-4BB2-BB00-000407154C49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5745C29C-E057-4BB2-BB00-000407154C49}\ not found.
Registry key HKEY_USERS\S-1-5-21-3290196298-4204039042-1804756541-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5AF26995-A704-4810-87F3-5EF2F5D96C84}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AF26995-A704-4810-87F3-5EF2F5D96C84}\ not found.
Registry key HKEY_USERS\S-1-5-21-3290196298-4204039042-1804756541-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5FDDD75A-D2D7-4FA0-88FD-3F9828DF5BCB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDDD75A-D2D7-4FA0-88FD-3F9828DF5BCB}\ not found.
Registry key HKEY_USERS\S-1-5-21-3290196298-4204039042-1804756541-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8CF37F23-4809-47A0-843F-95C598520ADC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CF37F23-4809-47A0-843F-95C598520ADC}\ not found.
Registry key HKEY_USERS\S-1-5-21-3290196298-4204039042-1804756541-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B57F6711-428C-4725-877E-D7BF71AEEF9E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B57F6711-428C-4725-877E-D7BF71AEEF9E}\ not found.
Registry key HKEY_USERS\S-1-5-21-3290196298-4204039042-1804756541-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E5F75748-D279-4E30-B0E4-20ED0BE28E65}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5F75748-D279-4E30-B0E4-20ED0BE28E65}\ not found.
HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Familie B
->Temp folder emptied: 85786238 bytes
->Temporary Internet Files folder emptied: 28292493 bytes
->Java cache emptied: 149910216 bytes
->FireFox cache emptied: 37062185 bytes
->Google Chrome cache emptied: 338278651 bytes
->Flash cache emptied: 57388 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3648 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 464905 bytes

Total Files Cleaned = 610,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 06022013_190630

Files\Folders moved on Reboot...
C:\Users\Familie B\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 02.06.2013 19:19:57 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Familie B\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 43,96% Memory free
7,82 Gb Paging File | 5,44 Gb Available in Paging File | 69,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 657,54 Gb Total Space | 568,22 Gb Free Space | 86,42% Space Free | Partition Type: NTFS
Drive D: | 37,99 Gb Total Space | 0,02 Gb Free Space | 0,04% Space Free | Partition Type: NTFS
 
Computer Name: FAMILIEB-PC | User Name: Familie B | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.30 16:19:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Familie B\Downloads\OTL.exe
PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Familie B\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.05.24 20:57:47 | 000,047,896 | ---- | M] (WebCake LLC) -- C:\Users\Familie B\AppData\Roaming\WebCake\WebCakeDesktop.exe
PRC - [2013.05.24 20:57:47 | 000,023,552 | ---- | M] (WebCake LLC) -- C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe
PRC - [2013.05.23 07:44:09 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.05.15 18:58:47 | 000,389,016 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2013.05.10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.02 11:20:20 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.04.01 19:57:53 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.04.01 19:57:39 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.15 16:32:11 | 000,542,800 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\taxaktuell.exe
PRC - [2011.04.30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.04.14 18:17:18 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011.03.02 17:20:58 | 000,224,256 | ---- | M] () -- C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
PRC - [2011.02.24 03:04:54 | 003,402,760 | ---- | M] (Pegatron Corporation) -- C:\Program Files (x86)\PHotkey\POSD.exe
PRC - [2011.02.24 03:04:50 | 000,819,720 | ---- | M] (Pegatron Corporation) -- C:\Program Files (x86)\PHotkey\PHotkey.exe
PRC - [2011.02.22 22:20:21 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.22 22:20:17 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.02.15 18:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) -- C:\Prey\platform\windows\cronsvc.exe
PRC - [2011.02.11 21:40:00 | 000,997,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011.02.11 21:39:58 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011.02.11 21:39:54 | 000,985,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
PRC - [2011.02.11 21:39:54 | 000,907,600 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2010.08.04 00:39:38 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2010.01.13 02:36:00 | 000,117,256 | R--- | M] () -- C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
PRC - [2009.12.19 00:40:48 | 000,104,968 | R--- | M] () -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
PRC - [2009.12.19 00:38:18 | 000,345,608 | R--- | M] (TODO: <Company name>) -- C:\Program Files (x86)\PHotkey\HCSynApi.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.23 07:44:07 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
MOD - [2013.05.23 07:43:59 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
MOD - [2013.05.23 07:43:06 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libglesv2.dll
MOD - [2013.05.23 07:43:05 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libegl.dll
MOD - [2013.05.23 07:43:03 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll
MOD - [2013.05.16 00:43:32 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.16 00:43:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.05.15 18:58:47 | 002,244,504 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2013.05.15 18:58:47 | 000,158,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
MOD - [2013.05.15 18:58:47 | 000,022,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
MOD - [2013.03.19 16:31:28 | 002,170,960 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wfvie13.dll
MOD - [2013.03.19 15:48:09 | 008,921,680 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wgui13.dll
MOD - [2013.03.18 17:13:09 | 001,492,048 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wmain13.dll
MOD - [2013.03.15 16:33:03 | 002,997,840 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wcore13.dll
MOD - [2013.03.15 16:33:01 | 006,761,552 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wkont13.dll
MOD - [2013.03.15 16:32:55 | 004,158,544 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wauff13.dll
MOD - [2013.03.15 16:32:55 | 001,313,872 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wfabu13.dll
MOD - [2013.03.15 16:32:48 | 001,245,184 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wimp13.dll
MOD - [2013.03.15 16:32:46 | 001,310,800 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wwerb13.dll
MOD - [2013.03.15 16:32:46 | 001,215,568 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\whau213.dll
MOD - [2013.03.15 16:32:41 | 001,559,120 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wbae413.dll
MOD - [2013.03.15 16:32:41 | 001,146,448 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\whau113.dll
MOD - [2013.03.15 16:32:40 | 004,940,368 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wbae113.dll
MOD - [2013.03.15 16:32:35 | 001,747,536 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wbae313.dll
MOD - [2013.03.15 16:32:32 | 001,367,632 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wbae213.dll
MOD - [2013.03.15 16:32:27 | 001,724,496 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wreli13.dll
MOD - [2013.03.15 16:32:26 | 001,607,248 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wsteu13.dll
MOD - [2013.03.15 16:32:25 | 000,321,104 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\rsguiwinapi48.dll
MOD - [2013.03.15 16:32:22 | 000,308,816 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\rscorewinapi48.dll
MOD - [2013.03.15 16:32:11 | 000,542,800 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\taxaktuell.exe
MOD - [2013.03.15 16:31:57 | 000,136,272 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\rsodbc48.dll
MOD - [2013.03.15 16:31:54 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\rsdcom48.dll
MOD - [2013.03.15 16:09:38 | 001,041,408 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\clucene-core.dll
MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Familie B\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013.02.12 12:03:49 | 000,251,392 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\clucene-contribs-lib.dll
MOD - [2013.02.12 12:03:49 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\clucene-shared.dll
MOD - [2013.01.10 11:13:29 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 11:13:07 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 11:13:01 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 11:12:52 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Familie B\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012.10.05 12:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2010.11.21 05:24:32 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010.11.21 05:23:48 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.08.04 00:39:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2010.08.04 00:39:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.05.02 23:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011.05.02 23:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011.05.02 23:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011.04.21 18:34:16 | 001,136,640 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011.04.21 17:42:50 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2010.12.17 16:46:34 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013.05.15 18:58:47 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.15 14:15:32 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.01 19:57:53 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.04.01 19:57:39 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011.04.30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.03.02 17:20:58 | 000,224,256 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe -- (DirMngr)
SRV - [2011.02.22 22:20:21 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.22 22:20:17 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.02.15 18:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) [Auto | Running] -- C:\Prey\platform\windows\cronsvc.exe -- (CronService)
SRV - [2011.02.11 21:40:00 | 000,997,712 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011.02.11 21:39:58 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011.02.11 21:39:54 | 000,907,600 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010.10.07 02:46:42 | 000,159,752 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\PHotkey\GFNEXSrv.exe -- (GFNEXSrv)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.19 00:40:48 | 000,104,968 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.01 19:57:57 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.04.01 19:57:57 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.04.01 19:57:57 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.12.14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.31 18:57:41 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011.05.17 18:27:52 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011.05.17 18:27:50 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011.05.01 23:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.04.26 20:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.04.21 18:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011.04.21 18:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.04.15 01:16:08 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011.04.13 18:30:54 | 000,207,872 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.04.13 18:30:50 | 000,087,552 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 17:01:40 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011.01.24 11:24:52 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011.01.24 11:22:48 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011.01.24 10:56:06 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.23 22:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2010.08.24 18:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.01.22 11:26:50 | 000,305,200 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.10.23 17:26:14 | 000,046,592 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.09.11 23:11:46 | 000,014,344 | R--- | M] (PEGATRON) [Kernel | Auto | Running] -- C:\Program Files (x86)\PHotkey\PEGAGFN.sys -- (PEGAGFN)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = 
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {eadb1184-3305-4914-9490-1d074f61546d}:1.0
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8312
FF - prefs.js..browser.startup.homepage: "hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=eadb1184-3305-4914-9490-1d074f61546d&searchtype=hp&installDate=25/05/2013"
FF - prefs.js..keyword.URL: "hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=eadb1184-3305-4914-9490-1d074f61546d&searchtype=ds&installDate=25/05/2013&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.08 18:37:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.16 14:46:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.15 18:58:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.15 18:58:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2013.05.27 01:09:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Familie B\AppData\Roaming\mozilla\Extensions
[2013.05.30 15:50:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Familie B\AppData\Roaming\mozilla\Firefox\Profiles\82e4ucv2.default\extensions
[2013.05.30 15:38:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Familie B\AppData\Roaming\mozilla\Firefox\Profiles\82e4ucv2.default\extensions\{eadb1184-3305-4914-9490-1d074f61546d}
[2013.05.30 15:38:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Familie B\AppData\Roaming\mozilla\Firefox\Profiles\82e4ucv2.default\extensions\plugin@getwebcake.com
[2012.10.19 13:42:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.21 01:58:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.28 10:28:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.07 08:57:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.19 13:42:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2011.10.21 15:21:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.11 01:40:27 | 000,001,937 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Ixquick HTTPS - Deutsch (Enabled)
CHR - default_search_provider: search_url = https://ixquick.com/do/search?query={searchTerms}&cat=web&pl=chrome&language=deutsch
CHR - default_search_provider: suggest_url = ,
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Familie B\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Familie B\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Ghostery = C:\Users\Familie B\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.1_0\
CHR - Extension: Picasa = C:\Users\Familie B\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb\6.2.2_0\
CHR - Extension: Google Mail = C:\Users\Familie B\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (WebCake) - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\WebCake\WebCakeIEClient.dll (WebCake LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Preispilot) - {C4415769-1588-4AD6-9624-B2E69DB78D1A} - C:\Program Files (x86)\preispilot\Internet Explorer\preispilot.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Familie B\AppData\Roaming\OCS\SM\SearchAnonymizer.exe File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000..\Run: [WebCake Desktop] C:\Users\Familie B\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Familie B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AeroFS.lnk = C:\Users\Familie B\AppData\Roaming\AeroFSExec\aerofs.exe ()
O4 - Startup: C:\Users\Familie B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Familie B\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8068FE7C-7296-400B-9019-82B7F3A7BDB2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1AEB345-498B-4D3D-A2B8-DB5469020C02}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9372c1ea-864e-11e1-940e-bc77371ff891}\Shell - "" = AutoRun
O33 - MountPoints2\{9372c1ea-864e-11e1-940e-bc77371ff891}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.02 19:06:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.05.30 16:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.05.30 16:07:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.30 16:07:33 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.27 00:29:48 | 000,000,000 | ---D | C] -- C:\Users\Familie B\AppData\Roaming\FreeFLVConverter
[2013.05.27 00:29:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free FLV Converter
[2013.05.25 09:10:58 | 000,719,872 | -HS- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll
[2013.05.25 09:10:57 | 000,369,152 | -HS- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll
[2013.05.25 09:10:56 | 000,070,656 | -HS- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2013.05.25 09:10:55 | 000,070,656 | -HS- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll
[2013.05.25 09:10:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2013.05.25 09:06:01 | 000,000,000 | ---D | C] -- C:\Users\Familie B\Documents\eRightSoft
[2013.05.25 09:05:44 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2013.05.25 09:05:44 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll
[2013.05.25 09:05:44 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax
[2013.05.25 09:05:44 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax
[2013.05.25 09:05:44 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll
[2013.05.25 09:05:44 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax
[2013.05.25 09:05:44 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax
[2013.05.25 09:05:44 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax
[2013.05.25 09:05:44 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax
[2013.05.25 09:05:44 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax
[2013.05.25 09:05:44 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax
[2013.05.25 09:05:44 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll
[2013.05.25 09:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft
[2013.05.25 09:05:43 | 000,000,000 | ---D | C] -- C:\Users\Familie B\AppData\Roaming\WebCake
[2013.05.25 09:05:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebCake
[2013.05.25 09:04:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft
[2013.05.25 01:17:47 | 000,000,000 | ---D | C] -- C:\Users\Familie B\Documents\StreamTransport
[2013.05.25 00:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTransport
[2013.05.25 00:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StreamTransport
[2013.05.25 00:12:36 | 000,000,000 | ---D | C] -- C:\Users\Familie B\Desktop\Handy
[2013.05.22 21:58:29 | 000,000,000 | ---D | C] -- C:\Users\Familie B\AppData\Roaming\KeePass
[2013.05.22 21:56:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeePass Password Safe 2
[2013.05.22 21:56:00 | 000,000,000 | ---D | C] -- C:\Users\Familie B\AppData\Local\Programs
[2013.05.15 18:58:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.05.13 16:33:54 | 000,000,000 | R--D | C] -- C:\Users\Familie B\Documents\AeroFS
[2013.05.13 16:33:54 | 000,000,000 | -HSD | C] -- C:\Users\Familie B\Documents\.aerofs.aux.fd6a7d
[2013.05.13 16:33:19 | 000,000,000 | ---D | C] -- C:\Users\Familie B\AppData\Roaming\AeroFS
[2013.05.13 16:33:11 | 000,000,000 | ---D | C] -- C:\Users\Familie B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeroFS
[2013.05.13 16:33:08 | 000,000,000 | ---D | C] -- C:\Users\Familie B\AppData\Roaming\AeroFSExec
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.02 19:19:01 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.02 19:19:01 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.02 19:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.02 19:09:39 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.02 19:09:34 | 000,000,029 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat
[2013.06.02 19:09:29 | 000,000,022 | ---- | M] () -- C:\Windows\S.dirmngr
[2013.06.02 19:09:23 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat
[2013.06.02 19:09:20 | 3151,327,232 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.02 18:58:03 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.01 14:02:41 | 000,001,060 | ---- | M] () -- C:\Users\Familie B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.05.30 21:42:45 | 000,000,747 | ---- | M] () -- C:\Windows\wiso.ini
[2013.05.30 15:50:57 | 000,000,194 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.05.30 15:50:00 | 000,632,031 | ---- | M] () -- C:\Users\Familie B\Desktop\adwcleaner.exe
[2013.05.27 11:42:04 | 391,156,380 | ---- | M] () -- C:\Users\Familie B\Desktop\Deutschland von oben 1 &quot;Stadt&quot; - in HD! - Terra X - ZDFmediathek - ZDF Mediathek.mp4
[2013.05.27 01:02:53 | 120,545,306 | ---- | M] () -- C:\Users\Familie B\Documents\Startseite - ZDF Mediathek_1.flv
[2013.05.27 00:46:43 | 288,854,567 | ---- | M] () -- C:\Users\Familie B\Desktop\Deutschland von oben 1 &quot;Stadt&quot; - in HD - Terra X - ZDFmediathek - ZDF Mediathek.mp4
[2013.05.26 12:30:37 | 001,434,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.26 12:30:37 | 000,629,594 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.26 12:30:37 | 000,595,198 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.26 12:30:37 | 000,120,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.26 12:30:37 | 000,099,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.25 09:22:49 | 345,066,172 | ---- | M] () -- C:\Users\Familie B\Documents\Startseite - ZDF Mediathek.flv
[2013.05.25 09:03:42 | 002,463,093 | ---- | M] () -- C:\Users\Familie B\Documents\Startseite - ZDF Mediathek_0.flv
[2013.05.25 01:42:18 | 523,524,896 | ---- | M] () -- C:\Users\Familie B\Desktop\Deutschland von oben 1 &quot;Stadt&quot; - in HD! - Terra X - ZDFmediathek - ZDF Mediathek.flv
[2013.05.23 00:54:56 | 000,001,012 | ---- | M] () -- C:\Users\Familie B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AeroFS.lnk
[2013.05.16 14:38:46 | 000,380,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.06.02 19:09:29 | 000,000,022 | ---- | C] () -- C:\Windows\S.dirmngr
[2013.05.30 15:50:49 | 000,000,194 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.05.30 15:50:00 | 000,632,031 | ---- | C] () -- C:\Users\Familie B\Desktop\adwcleaner.exe
[2013.05.27 10:38:23 | 391,156,380 | ---- | C] () -- C:\Users\Familie B\Desktop\Deutschland von oben 1 &quot;Stadt&quot; - in HD! - Terra X - ZDFmediathek - ZDF Mediathek.mp4
[2013.05.27 00:52:52 | 120,545,306 | ---- | C] () -- C:\Users\Familie B\Documents\Startseite - ZDF Mediathek_1.flv
[2013.05.27 00:32:01 | 288,854,567 | ---- | C] () -- C:\Users\Familie B\Desktop\Deutschland von oben 1 &quot;Stadt&quot; - in HD - Terra X - ZDFmediathek - ZDF Mediathek.mp4
[2013.05.27 00:30:22 | 000,001,183 | ---- | C] () -- C:\Users\Familie B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Converter.lnk
[2013.05.25 09:10:57 | 000,032,256 | -HS- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2013.05.25 09:08:18 | 000,002,566 | ---- | C] () -- C:\Users\Familie B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2013.05.25 09:05:44 | 000,195,584 | RHS- | C] () -- C:\Windows\SysWow64\MatroskaDX.ax
[2013.05.25 09:05:44 | 000,188,416 | RHS- | C] () -- C:\Windows\SysWow64\winDCE32.dll
[2013.05.25 09:05:44 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax
[2013.05.25 09:05:44 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax
[2013.05.25 09:05:44 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax
[2013.05.25 09:05:44 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2013.05.25 09:05:44 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax
[2013.05.25 09:05:44 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax
[2013.05.25 09:05:44 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax
[2013.05.25 09:05:44 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax
[2013.05.25 09:05:43 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax
[2013.05.25 09:05:43 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax
[2013.05.25 09:03:30 | 002,463,093 | ---- | C] () -- C:\Users\Familie B\Documents\Startseite - ZDF Mediathek_0.flv
[2013.05.25 08:57:44 | 523,524,896 | ---- | C] () -- C:\Users\Familie B\Desktop\Deutschland von oben 1 &quot;Stadt&quot; - in HD! - Terra X - ZDFmediathek - ZDF Mediathek.flv
[2013.05.25 08:54:04 | 345,066,172 | ---- | C] () -- C:\Users\Familie B\Documents\Startseite - ZDF Mediathek.flv
[2013.05.22 21:56:32 | 000,001,125 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
[2013.05.13 16:33:11 | 000,001,012 | ---- | C] () -- C:\Users\Familie B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AeroFS.lnk
[2013.04.05 12:15:22 | 000,002,833 | ---- | C] () -- C:\Users\Familie B\.recently-used.xbel
[2013.02.08 00:29:45 | 000,001,374 | ---- | C] () -- C:\Windows\SysWow64\bash.exe.stackdump
[2012.12.28 01:24:01 | 000,007,635 | ---- | C] () -- C:\Users\Familie B\AppData\Local\Resmon.ResmonCfg
[2012.12.14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.10.10 03:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012.10.10 03:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012.07.24 15:12:18 | 000,001,477 | ---- | C] () -- C:\Users\Familie B\AppData\Local\recently-used.xbel
[2012.07.24 15:10:05 | 000,003,540 | ---- | C] () -- C:\Users\Familie B\AppData\Local\ING Diba Jens.gnucash.20120724151005.gnucash
[2012.07.24 15:00:48 | 000,003,669 | ---- | C] () -- C:\Users\Familie B\AppData\Local\ING Diba Jens.gnucash
[2012.07.12 17:17:58 | 000,003,531 | ---- | C] () -- C:\Users\Familie B\AppData\Local\GnuCash.gnucash
[2012.03.19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.11.23 23:07:32 | 000,000,747 | ---- | C] () -- C:\Windows\wiso.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.05.29 19:02:15 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\AeroFS
[2013.05.30 15:38:20 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\AeroFSExec
[2012.02.28 12:16:08 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\Buhl Data Service
[2013.01.08 23:53:03 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\Canneverbe Limited
[2013.06.02 19:12:22 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\Dropbox
[2013.05.30 15:37:32 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\FreeFLVConverter
[2013.05.30 22:48:45 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\gnupg
[2013.04.05 11:59:05 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\gtk-2.0
[2013.05.27 21:16:12 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\KeePass
[2013.05.30 15:38:21 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\KeePassX
[2011.09.01 14:20:14 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\LibreOffice
[2012.08.13 00:37:21 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\MakeMusic
[2011.09.01 13:54:02 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\MusE
[2011.11.11 01:40:27 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\Opera
[2011.09.15 23:39:59 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\Thunderbird
[2011.11.13 23:52:56 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\Titanium
[2012.01.31 19:08:26 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\TrueCrypt
[2013.06.02 19:12:44 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\WebCake
[2013.05.30 15:38:27 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

aharonov · 02.06.2013, 18:49

Hallo,

wie siehts jetzt im Chrome aus?

Schritt 1

Lade SystemLook (von jpshortstuff) herunter und speichere das Tool auf dem Desktop.

Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.
Vista und Win7 User: Rechtsklick und "als Administrator starten".
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
Code:
ATTFilter
```
:filefind
*webcake*

:folderfind
*webcake*

:regfind
webcake
         
```
Klicke nun auf den Button Look, um den Scan zu starten.
Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen. Poste diese in deinen Thread.
Das Log-File wird auch auf dem Desktop als SystemLook.txt gespeichert.

Bitte poste in deiner nächsten Antwort:

Log von SystemLook

itsroh · 02.06.2013, 19:29

SystemLook 30.07.11 by jpshortstuff
Log created at 20:15 on 02/06/2013 by Familie B
Administrator - Elevation successful

========== filefind ==========

Searching for "*webcake*"
C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe --a---- 23552 bytes [07:05 25/05/2013] [18:57 24/05/2013] E89D463AB373CFACCCBB0645E9AE8154
C:\Program Files (x86)\WebCake\WebCakeIEClient.dll --a---- 197912 bytes [07:05 25/05/2013] [18:58 24/05/2013] 07A532C6044B985507A37EB80AF98B30
C:\Users\Familie B\AppData\Roaming\Mozilla\Firefox\Profiles\82e4ucv2.default\extensions\plugin@getwebcake.com\defaults\preferences\webcake.js --a---- 304 bytes [07:05 25/05/2013] [09:58 24/05/2013] 244B4874C7BD744EC6C1FB02360DE6A4
C:\Users\Familie B\AppData\Roaming\Mozilla\Firefox\Profiles\82e4ucv2.default\extensions\plugin@getwebcake.com\locale\en-US\webcake.properties --a---- 139 bytes [07:05 25/05/2013] [09:58 24/05/2013] 604FEEC3D7CC1A86DC469B2DBB86E944
C:\Users\Familie B\AppData\Roaming\WebCake\WebCakeDesktop.exe --a---- 47896 bytes [07:05 25/05/2013] [18:57 24/05/2013] 9EEE55B742B65439A0A45BF895E5CEA1

========== folderfind ==========

Searching for "*webcake*"
C:\Program Files (x86)\WebCake d------ [07:05 25/05/2013]
C:\Users\Familie B\AppData\Roaming\WebCake d------ [07:05 25/05/2013]
C:\Users\Familie B\AppData\Roaming\Mozilla\Firefox\Profiles\82e4ucv2.default\extensions\plugin@getwebcake.com d------ [07:05 25/05/2013]

========== regfind ==========

Searching for "webcake"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WebCake Desktop"=""C:\Users\Familie B\AppData\Roaming\WebCake\WebCakeDesktop.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\WebCakeIEClient.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}]
@="WebCakeIEClient"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}\1.0]
@="WebCakeIEClient 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}\1.0\0\win32]
@="C:\Program Files (x86)\WebCake\WebCakeIEClient.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}\1.0\HELPDIR]
@="C:\Program Files (x86)\WebCake"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebCakeIEClient.Api]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebCakeIEClient.Api]
@="WebCake Api"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebCakeIEClient.Api\CurVer]
@="WebCakeIEClient.Api.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebCakeIEClient.Api.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebCakeIEClient.Api.1]
@="WebCake Api"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebCakeIEClient.Layers]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebCakeIEClient.Layers]
@="WebCake"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebCakeIEClient.Layers\CurVer]
@="WebCakeIEClient.Layers.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebCakeIEClient.Layers.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebCakeIEClient.Layers.1]
@="WebCake"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}]
@="WebCake"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}\InprocServer32]
@="C:\Program Files (x86)\WebCake\WebCakeIEClient.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}\ProgID]
@="WebCakeIEClient.Layers.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}\VersionIndependentProgID]
@="WebCakeIEClient.Layers"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}]
@="WebCake Api"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}\InprocServer32]
@="C:\Program Files (x86)\WebCake\WebCakeIEClient.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}\ProgID]
@="WebCakeIEClient.Api.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}\VersionIndependentProgID]
@="WebCakeIEClient.Api"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}\InProcServer32]
@="C:\Program Files (x86)\WebCake\WebCakeIEClient.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\WebCakeIEClient.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}]
@="WebCakeIEClient"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}\1.0]
@="WebCakeIEClient 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}\1.0\0\win32]
@="C:\Program Files (x86)\WebCake\WebCakeIEClient.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}\1.0\HELPDIR]
@="C:\Program Files (x86)\WebCake"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}]
"InstallLocation"="C:\Program Files (x86)\WebCake"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}]
"DisplayName"="WebCake 3.00"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}]
"Publisher"="WebCake LLC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}]
"URLInfoAbout"="hxxp://www.getwebcake.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}]
"Contact"="support@getwebcake.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh]
"path"="C:\Program Files (x86)\WebCake\WebCakeLayers.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebCakeDesktop_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebCakeDesktop_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}]
@="WebCake Layers"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}]
@="WebCake"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}\InprocServer32]
@="C:\Program Files (x86)\WebCake\WebCakeIEClient.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}\ProgID]
@="WebCakeIEClient.Layers.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}\VersionIndependentProgID]
@="WebCakeIEClient.Layers"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}]
@="WebCake Api"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}\InprocServer32]
@="C:\Program Files (x86)\WebCake\WebCakeIEClient.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}\ProgID]
@="WebCakeIEClient.Api.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}\VersionIndependentProgID]
@="WebCakeIEClient.Api"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}\InProcServer32]
@="C:\Program Files (x86)\WebCake\WebCakeIEClient.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\WebCakeIEClient.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}]
@="WebCakeIEClient"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}\1.0]
@="WebCakeIEClient 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}\1.0\0\win32]
@="C:\Program Files (x86)\WebCake\WebCakeIEClient.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}\1.0\HELPDIR]
@="C:\Program Files (x86)\WebCake"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\WebCakeUpdaterService]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebCake Desktop Updater]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebCake Desktop Updater]
"ImagePath"=""C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe" "C:\Users\Familie B\AppData\Roaming\WebCake\WebCakeDesktop.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebCake Desktop Updater]
"DisplayName"="WebCake Desktop Updater"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebCake Desktop Updater]
"Description"="Provides limited updating assistance for WebCake Desktop"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\WebCakeUpdaterService]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WebCake Desktop Updater]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WebCake Desktop Updater]
"ImagePath"=""C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe" "C:\Users\Familie B\AppData\Roaming\WebCake\WebCakeDesktop.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WebCake Desktop Updater]
"DisplayName"="WebCake Desktop Updater"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WebCake Desktop Updater]
"Description"="Provides limited updating assistance for WebCake Desktop"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\WebCakeUpdaterService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebCake Desktop Updater]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebCake Desktop Updater]
"ImagePath"=""C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe" "C:\Users\Familie B\AppData\Roaming\WebCake\WebCakeDesktop.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebCake Desktop Updater]
"DisplayName"="WebCake Desktop Updater"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebCake Desktop Updater]
"Description"="Provides limited updating assistance for WebCake Desktop"
[HKEY_USERS\S-1-5-21-3290196298-4204039042-1804756541-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"WebCake Desktop"=""C:\Users\Familie B\AppData\Roaming\WebCake\WebCakeDesktop.exe""

Searching for " "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Resource> </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>

-= EOF =-

aharonov · 02.06.2013, 19:49

Hallo,

bitte auch die Fragen beantworten:

Zitat:

Öffne ich meinen Chrome- Browser, öffnen sich ungefragt in einem jeweils neuen Reiter die Seiten "search.snapdo.com" und "www.searchnu.com".

Ist das immer noch so?

Schritt 1

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
[2013.05.25 09:05:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebCake
[2013.06.02 19:12:44 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\WebCake
O4 - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000..\Run: [WebCake Desktop] C:\Users\Familie B\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Familie B\AppData\Roaming\OCS\SM\SearchAnonymizer.exe File not found
O2 - BHO: (WebCake) - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\WebCake\WebCakeIEClient.dll (WebCake LLC)
[2013.05.30 15:38:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Familie B\AppData\Roaming\mozilla\Firefox\Profiles\82e4ucv2.default\extensions\plugin@getwebcake.com
FF - prefs.js..browser.startup.homepage: "hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=eadb1184-3305-4914-9490-1d074f61546d&searchtype=hp&installDate=25/05/2013"
FF - prefs.js..keyword.URL: "hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=eadb1184-3305-4914-9490-1d074f61546d&searchtype=ds&installDate=25/05/2013&q="

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\WebCakeIEClient.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebCakeIEClient.Api]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebCakeIEClient.Api.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebCakeIEClient.Layers]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebCakeIEClient.Layers.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\WebCakeIEClient.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebCakeDesktop_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebCakeDesktop_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\WebCakeIEClient.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\WebCakeUpdaterService]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebCake Desktop Updater]

:commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 3

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Fixlog von OTL
Log von JRT
Log von OTL

itsroh · 02.06.2013, 21:32

Wenn ich jetzt den Chrome- Browser öffne, bin ich das Problem scheinbar los. Habe allerdings auch zusätzlich zu den vorgeschlagenen Anweisungen snapdo als Suchmaschine händisch aus den Suchmaschinenvorschlägen gelöscht. (Unter Einstellungen --> Beim Start Seiten festlegen)

Soll ich nun noch einmal Fixlog von OTL; Log von JRT und Log von OTL posten?

Falls ich den "ungebetenen Gast" nun endgültig losgeworden bin, bedanke ich mich recht herzlich für die kompetente Unterstützung.

aharonov · 02.06.2013, 22:21

Zitat:

Wenn ich jetzt den Chrome- Browser öffne, bin ich das Problem scheinbar los.

Prima.

Zitat:

Soll ich nun noch einmal Fixlog von OTL; Log von JRT und Log von OTL posten?

Ja, wir sind noch nicht fertig. Diese Schritte adressieren noch weitere ungebetene Gäste.

itsroh · 02.06.2013, 23:00

All processes killed
========== OTL ==========
C:\Program Files (x86)\WebCake folder moved successfully.
C:\Users\Familie B\AppData\Roaming\WebCake\dat\update folder moved successfully.
C:\Users\Familie B\AppData\Roaming\WebCake\dat folder moved successfully.
Folder move failed. C:\Users\Familie B\AppData\Roaming\WebCake scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-3290196298-4204039042-1804756541-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WebCake Desktop deleted successfully.
C:\Users\Familie B\AppData\Roaming\WebCake\WebCakeDesktop.exe moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ocs_SM deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}\ deleted successfully.
File C:\Program Files (x86)\WebCake\WebCakeIEClient.dll not found.
C:\Users\Familie B\AppData\Roaming\mozilla\Firefox\Profiles\82e4ucv2.default\extensions\plugin@getwebcake.com\locale\en-US folder moved successfully.
C:\Users\Familie B\AppData\Roaming\mozilla\Firefox\Profiles\82e4ucv2.default\extensions\plugin@getwebcake.com\locale folder moved successfully.
C:\Users\Familie B\AppData\Roaming\mozilla\Firefox\Profiles\82e4ucv2.default\extensions\plugin@getwebcake.com\defaults\preferences folder moved successfully.
C:\Users\Familie B\AppData\Roaming\mozilla\Firefox\Profiles\82e4ucv2.default\extensions\plugin@getwebcake.com\defaults folder moved successfully.
C:\Users\Familie B\AppData\Roaming\mozilla\Firefox\Profiles\82e4ucv2.default\extensions\plugin@getwebcake.com\content folder moved successfully.
C:\Users\Familie B\AppData\Roaming\mozilla\Firefox\Profiles\82e4ucv2.default\extensions\plugin@getwebcake.com folder moved successfully.
Prefs.js: "hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=eadb1184-3305-4914-9490-1d074f61546d&searchtype=hp&installDate=25/05/2013" removed from browser.startup.homepage
Prefs.js: "hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=eadb1184-3305-4914-9490-1d074f61546d&searchtype=ds&installDate=25/05/2013&q=" removed from keyword.URL
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\WebCakeIEClient.DLL\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebCakeIEClient.Api\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebCakeIEClient.Api.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebCakeIEClient.Layers\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WebCakeIEClient.Layers.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\WebCakeIEClient.DLL\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebCakeDesktop_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebCakeDesktop_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\WebCakeIEClient.DLL\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\WebCakeUpdaterService\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebCake Desktop Updater\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Familie B
->Temp folder emptied: 3344 bytes
->Temporary Internet Files folder emptied: 1390295 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 23311912 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 24,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 06022013_233053

Files\Folders moved on Reboot...
C:\Users\Familie B\AppData\Roaming\WebCake folder moved successfully.
C:\Users\Familie B\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Familie B on 02.06.2013 at 23:40:47,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Failed to delete: [Folder] C:\Users\Familie B\AppData\Roaming\mozilla\firefox\profiles\82e4ucv2.default\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.06.2013 at 23:44:46,79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 02.06.2013 23:46:59 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Familie B\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 55,11% Memory free
7,82 Gb Paging File | 5,87 Gb Available in Paging File | 74,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 657,54 Gb Total Space | 567,80 Gb Free Space | 86,35% Space Free | Partition Type: NTFS
Drive D: | 37,99 Gb Total Space | 0,02 Gb Free Space | 0,04% Space Free | Partition Type: NTFS
 
Computer Name: FAMILIEB-PC | User Name: Familie B | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.30 16:19:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Familie B\Downloads\OTL.exe
PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Familie B\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.05.23 07:44:09 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.05.10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.02 11:20:20 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.04.01 19:57:53 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.04.01 19:57:39 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.15 16:32:11 | 000,542,800 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\taxaktuell.exe
PRC - [2012.10.09 00:36:45 | 001,433,600 | ---- | M] () -- C:\Users\Familie B\Downloads\KeePassX-0.4.3-win32\KeePassX\KeePassX.exe
PRC - [2011.04.30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.04.14 18:17:18 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011.03.02 17:20:58 | 000,224,256 | ---- | M] () -- C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
PRC - [2011.02.24 03:04:54 | 003,402,760 | ---- | M] (Pegatron Corporation) -- C:\Program Files (x86)\PHotkey\POSD.exe
PRC - [2011.02.24 03:04:50 | 000,819,720 | ---- | M] (Pegatron Corporation) -- C:\Program Files (x86)\PHotkey\PHotkey.exe
PRC - [2011.02.22 22:20:21 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.22 22:20:17 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.02.15 18:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) -- C:\Prey\platform\windows\cronsvc.exe
PRC - [2011.02.11 21:40:00 | 000,997,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011.02.11 21:39:58 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011.02.11 21:39:54 | 000,985,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
PRC - [2011.02.11 21:39:54 | 000,907,600 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2010.08.04 00:39:38 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2010.01.13 02:36:00 | 000,117,256 | R--- | M] () -- C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
PRC - [2009.12.19 00:40:48 | 000,104,968 | R--- | M] () -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
PRC - [2009.12.19 00:38:18 | 000,345,608 | R--- | M] (TODO: <Company name>) -- C:\Program Files (x86)\PHotkey\HCSynApi.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.23 07:44:07 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
MOD - [2013.05.23 07:43:59 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
MOD - [2013.05.23 07:43:06 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libglesv2.dll
MOD - [2013.05.23 07:43:05 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libegl.dll
MOD - [2013.05.23 07:43:03 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll
MOD - [2013.03.19 16:31:28 | 002,170,960 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wfvie13.dll
MOD - [2013.03.19 15:48:09 | 008,921,680 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wgui13.dll
MOD - [2013.03.18 17:13:09 | 001,492,048 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wmain13.dll
MOD - [2013.03.15 16:33:03 | 002,997,840 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wcore13.dll
MOD - [2013.03.15 16:33:01 | 006,761,552 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wkont13.dll
MOD - [2013.03.15 16:32:55 | 004,158,544 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wauff13.dll
MOD - [2013.03.15 16:32:55 | 001,313,872 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wfabu13.dll
MOD - [2013.03.15 16:32:48 | 001,245,184 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wimp13.dll
MOD - [2013.03.15 16:32:46 | 001,310,800 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wwerb13.dll
MOD - [2013.03.15 16:32:46 | 001,215,568 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\whau213.dll
MOD - [2013.03.15 16:32:41 | 001,559,120 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wbae413.dll
MOD - [2013.03.15 16:32:41 | 001,146,448 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\whau113.dll
MOD - [2013.03.15 16:32:40 | 004,940,368 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wbae113.dll
MOD - [2013.03.15 16:32:35 | 001,747,536 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wbae313.dll
MOD - [2013.03.15 16:32:32 | 001,367,632 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wbae213.dll
MOD - [2013.03.15 16:32:27 | 001,724,496 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wreli13.dll
MOD - [2013.03.15 16:32:26 | 001,607,248 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\wsteu13.dll
MOD - [2013.03.15 16:32:25 | 000,321,104 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\rsguiwinapi48.dll
MOD - [2013.03.15 16:32:22 | 000,308,816 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\rscorewinapi48.dll
MOD - [2013.03.15 16:32:11 | 000,542,800 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\taxaktuell.exe
MOD - [2013.03.15 16:31:57 | 000,136,272 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\rsodbc48.dll
MOD - [2013.03.15 16:31:54 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\rsdcom48.dll
MOD - [2013.03.15 16:09:38 | 001,041,408 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\clucene-core.dll
MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Familie B\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013.02.12 12:03:49 | 000,251,392 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\clucene-contribs-lib.dll
MOD - [2013.02.12 12:03:49 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Buhl finance\tax Steuersoftware 2013\clucene-shared.dll
MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Familie B\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012.10.09 00:36:45 | 009,515,520 | ---- | M] () -- C:\Users\Familie B\Downloads\KeePassX-0.4.3-win32\KeePassX\QtGui4.dll
MOD - [2012.10.09 00:36:45 | 002,415,104 | ---- | M] () -- C:\Users\Familie B\Downloads\KeePassX-0.4.3-win32\KeePassX\QtCore4.dll
MOD - [2012.10.09 00:36:45 | 001,433,600 | ---- | M] () -- C:\Users\Familie B\Downloads\KeePassX-0.4.3-win32\KeePassX\KeePassX.exe
MOD - [2012.10.09 00:36:45 | 000,398,336 | ---- | M] () -- C:\Users\Familie B\Downloads\KeePassX-0.4.3-win32\KeePassX\QtXml4.dll
MOD - [2012.10.09 00:36:45 | 000,350,720 | ---- | M] () -- C:\Users\Familie B\Downloads\KeePassX-0.4.3-win32\KeePassX\imageformats\qmng4.dll
MOD - [2012.10.09 00:36:45 | 000,192,000 | ---- | M] () -- C:\Users\Familie B\Downloads\KeePassX-0.4.3-win32\KeePassX\imageformats\qjpeg4.dll
MOD - [2012.10.09 00:36:45 | 000,082,944 | ---- | M] () -- C:\Users\Familie B\Downloads\KeePassX-0.4.3-win32\KeePassX\imageformats\qgif4.dll
MOD - [2012.10.09 00:36:45 | 000,081,920 | ---- | M] () -- C:\Users\Familie B\Downloads\KeePassX-0.4.3-win32\KeePassX\imageformats\qico4.dll
MOD - [2012.10.09 00:36:45 | 000,043,008 | ---- | M] () -- C:\Users\Familie B\Downloads\KeePassX-0.4.3-win32\KeePassX\libgcc_s_dw2-1.dll
MOD - [2012.10.09 00:36:45 | 000,011,362 | ---- | M] () -- C:\Users\Familie B\Downloads\KeePassX-0.4.3-win32\KeePassX\mingwm10.dll
MOD - [2010.08.04 00:39:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2010.08.04 00:39:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.05.02 23:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011.05.02 23:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011.05.02 23:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011.04.21 18:34:16 | 001,136,640 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011.04.21 17:42:50 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2010.12.17 16:46:34 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013.05.15 18:58:47 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.15 14:15:32 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.01 19:57:53 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.04.01 19:57:39 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011.04.30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.03.02 17:20:58 | 000,224,256 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe -- (DirMngr)
SRV - [2011.02.22 22:20:21 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.22 22:20:17 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.02.15 18:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) [Auto | Running] -- C:\Prey\platform\windows\cronsvc.exe -- (CronService)
SRV - [2011.02.11 21:40:00 | 000,997,712 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011.02.11 21:39:58 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011.02.11 21:39:54 | 000,907,600 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010.10.07 02:46:42 | 000,159,752 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\PHotkey\GFNEXSrv.exe -- (GFNEXSrv)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.19 00:40:48 | 000,104,968 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.01 19:57:57 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.04.01 19:57:57 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.04.01 19:57:57 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.12.14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.31 18:57:41 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011.05.17 18:27:52 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011.05.17 18:27:50 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011.05.01 23:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.04.26 20:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.04.21 18:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011.04.21 18:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.04.15 01:16:08 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011.04.13 18:30:54 | 000,207,872 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.04.13 18:30:50 | 000,087,552 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 17:01:40 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011.01.24 11:24:52 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011.01.24 11:22:48 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011.01.24 10:56:06 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.23 22:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2010.08.24 18:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.01.22 11:26:50 | 000,305,200 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.10.23 17:26:14 | 000,046,592 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.09.11 23:11:46 | 000,014,344 | R--- | M] (PEGATRON) [Kernel | Auto | Running] -- C:\Program Files (x86)\PHotkey\PEGAGFN.sys -- (PEGAGFN)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = 
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3290196298-4204039042-1804756541-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {eadb1184-3305-4914-9490-1d074f61546d}:1.0
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8312
FF - prefs.js..browser.startup.homepage: "hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=eadb1184-3305-4914-9490-1d074f61546d&searchtype=hp&installDate=25/05/2013"
FF - prefs.js..keyword.URL: "hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=eadb1184-3305-4914-9490-1d074f61546d&searchtype=ds&installDate=25/05/2013&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.08 18:37:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.16 14:46:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.15 18:58:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.15 18:58:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2013.05.27 01:09:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Familie B\AppData\Roaming\mozilla\Extensions
[2013.05.30 15:50:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Familie B\AppData\Roaming\mozilla\Firefox\Profiles\82e4ucv2.default\extensions
[2013.05.30 15:38:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Familie B\AppData\Roaming\mozilla\Firefox\Profiles\82e4ucv2.default\extensions\{eadb1184-3305-4914-9490-1d074f61546d}
[2012.10.19 13:42:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.21 01:58:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.28 10:28:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.07 08:57:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.19 13:42:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2011.10.21 15:21:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.11 01:40:27 | 000,001,937 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Ixquick HTTPS - Deutsch (Enabled)
CHR - default_search_provider: search_url = https://ixquick.com/do/search?query={searchTerms}&cat=web&pl=chrome&language=deutsch
CHR - default_search_provider: suggest_url = ,
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Familie B\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Familie B\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Ghostery = C:\Users\Familie B\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.1_0\
CHR - Extension: Picasa = C:\Users\Familie B\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb\6.2.2_0\
CHR - Extension: Google Mail = C:\Users\Familie B\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Preispilot) - {C4415769-1588-4AD6-9624-B2E69DB78D1A} - C:\Program Files (x86)\preispilot\Internet Explorer\preispilot.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Familie B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AeroFS.lnk = C:\Users\Familie B\AppData\Roaming\AeroFSExec\aerofs.exe ()
O4 - Startup: C:\Users\Familie B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Familie B\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8068FE7C-7296-400B-9019-82B7F3A7BDB2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1AEB345-498B-4D3D-A2B8-DB5469020C02}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9372c1ea-864e-11e1-940e-bc77371ff891}\Shell - "" = AutoRun
O33 - MountPoints2\{9372c1ea-864e-11e1-940e-bc77371ff891}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.02 23:36:33 | 000,000,000 | ---D | C] -- C:\Users\Familie B\Desktop\Malware Entfernung
[2013.06.02 19:06:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.05.30 16:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.05.30 16:07:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.30 16:07:33 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.27 00:29:48 | 000,000,000 | ---D | C] -- C:\Users\Familie B\AppData\Roaming\FreeFLVConverter
[2013.05.27 00:29:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free FLV Converter
[2013.05.25 09:10:58 | 000,719,872 | -HS- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll
[2013.05.25 09:10:57 | 000,369,152 | -HS- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll
[2013.05.25 09:10:56 | 000,070,656 | -HS- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2013.05.25 09:10:55 | 000,070,656 | -HS- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll
[2013.05.25 09:10:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2013.05.25 09:06:01 | 000,000,000 | ---D | C] -- C:\Users\Familie B\Documents\eRightSoft
[2013.05.25 09:05:44 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2013.05.25 09:05:44 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll
[2013.05.25 09:05:44 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax
[2013.05.25 09:05:44 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax
[2013.05.25 09:05:44 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll
[2013.05.25 09:05:44 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax
[2013.05.25 09:05:44 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax
[2013.05.25 09:05:44 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax
[2013.05.25 09:05:44 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax
[2013.05.25 09:05:44 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax
[2013.05.25 09:05:44 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax
[2013.05.25 09:05:44 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll
[2013.05.25 09:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft
[2013.05.25 09:04:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft
[2013.05.25 01:17:47 | 000,000,000 | ---D | C] -- C:\Users\Familie B\Documents\StreamTransport
[2013.05.25 00:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTransport
[2013.05.25 00:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StreamTransport
[2013.05.25 00:12:36 | 000,000,000 | ---D | C] -- C:\Users\Familie B\Desktop\Handy
[2013.05.22 21:58:29 | 000,000,000 | ---D | C] -- C:\Users\Familie B\AppData\Roaming\KeePass
[2013.05.22 21:56:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeePass Password Safe 2
[2013.05.22 21:56:00 | 000,000,000 | ---D | C] -- C:\Users\Familie B\AppData\Local\Programs
[2013.05.15 18:58:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.05.13 16:33:54 | 000,000,000 | R--D | C] -- C:\Users\Familie B\Documents\AeroFS
[2013.05.13 16:33:54 | 000,000,000 | -HSD | C] -- C:\Users\Familie B\Documents\.aerofs.aux.fd6a7d
[2013.05.13 16:33:19 | 000,000,000 | ---D | C] -- C:\Users\Familie B\AppData\Roaming\AeroFS
[2013.05.13 16:33:11 | 000,000,000 | ---D | C] -- C:\Users\Familie B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeroFS
[2013.05.13 16:33:08 | 000,000,000 | ---D | C] -- C:\Users\Familie B\AppData\Roaming\AeroFSExec
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.02 23:41:35 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.02 23:41:35 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.02 23:32:52 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.02 23:32:43 | 000,000,022 | ---- | M] () -- C:\Windows\S.dirmngr
[2013.06.02 23:32:41 | 000,000,029 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat
[2013.06.02 23:32:35 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat
[2013.06.02 23:32:33 | 3151,327,232 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.02 23:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.02 22:58:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.02 20:14:31 | 000,165,376 | ---- | M] () -- C:\Users\Familie B\Desktop\SystemLook_x64.exe
[2013.06.01 14:02:41 | 000,001,060 | ---- | M] () -- C:\Users\Familie B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.05.30 21:42:45 | 000,000,747 | ---- | M] () -- C:\Windows\wiso.ini
[2013.05.30 15:50:57 | 000,000,194 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.05.30 15:50:00 | 000,632,031 | ---- | M] () -- C:\Users\Familie B\Desktop\adwcleaner.exe
[2013.05.27 11:42:04 | 391,156,380 | ---- | M] () -- C:\Users\Familie B\Desktop\Deutschland von oben 1 &quot;Stadt&quot; - in HD! - Terra X - ZDFmediathek - ZDF Mediathek.mp4
[2013.05.27 01:02:53 | 120,545,306 | ---- | M] () -- C:\Users\Familie B\Documents\Startseite - ZDF Mediathek_1.flv
[2013.05.27 00:46:43 | 288,854,567 | ---- | M] () -- C:\Users\Familie B\Desktop\Deutschland von oben 1 &quot;Stadt&quot; - in HD - Terra X - ZDFmediathek - ZDF Mediathek.mp4
[2013.05.26 12:30:37 | 001,434,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.26 12:30:37 | 000,629,594 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.26 12:30:37 | 000,595,198 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.26 12:30:37 | 000,120,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.26 12:30:37 | 000,099,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.25 09:22:49 | 345,066,172 | ---- | M] () -- C:\Users\Familie B\Documents\Startseite - ZDF Mediathek.flv
[2013.05.25 09:03:42 | 002,463,093 | ---- | M] () -- C:\Users\Familie B\Documents\Startseite - ZDF Mediathek_0.flv
[2013.05.25 01:42:18 | 523,524,896 | ---- | M] () -- C:\Users\Familie B\Desktop\Deutschland von oben 1 &quot;Stadt&quot; - in HD! - Terra X - ZDFmediathek - ZDF Mediathek.flv
[2013.05.23 00:54:56 | 000,001,012 | ---- | M] () -- C:\Users\Familie B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AeroFS.lnk
[2013.05.16 14:38:46 | 000,380,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.06.02 23:32:43 | 000,000,022 | ---- | C] () -- C:\Windows\S.dirmngr
[2013.06.02 20:14:31 | 000,165,376 | ---- | C] () -- C:\Users\Familie B\Desktop\SystemLook_x64.exe
[2013.05.30 15:50:49 | 000,000,194 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.05.30 15:50:00 | 000,632,031 | ---- | C] () -- C:\Users\Familie B\Desktop\adwcleaner.exe
[2013.05.27 10:38:23 | 391,156,380 | ---- | C] () -- C:\Users\Familie B\Desktop\Deutschland von oben 1 &quot;Stadt&quot; - in HD! - Terra X - ZDFmediathek - ZDF Mediathek.mp4
[2013.05.27 00:52:52 | 120,545,306 | ---- | C] () -- C:\Users\Familie B\Documents\Startseite - ZDF Mediathek_1.flv
[2013.05.27 00:32:01 | 288,854,567 | ---- | C] () -- C:\Users\Familie B\Desktop\Deutschland von oben 1 &quot;Stadt&quot; - in HD - Terra X - ZDFmediathek - ZDF Mediathek.mp4
[2013.05.27 00:30:22 | 000,001,183 | ---- | C] () -- C:\Users\Familie B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Converter.lnk
[2013.05.25 09:10:57 | 000,032,256 | -HS- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2013.05.25 09:08:18 | 000,002,566 | ---- | C] () -- C:\Users\Familie B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2013.05.25 09:05:44 | 000,195,584 | RHS- | C] () -- C:\Windows\SysWow64\MatroskaDX.ax
[2013.05.25 09:05:44 | 000,188,416 | RHS- | C] () -- C:\Windows\SysWow64\winDCE32.dll
[2013.05.25 09:05:44 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax
[2013.05.25 09:05:44 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax
[2013.05.25 09:05:44 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax
[2013.05.25 09:05:44 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2013.05.25 09:05:44 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax
[2013.05.25 09:05:44 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax
[2013.05.25 09:05:44 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax
[2013.05.25 09:05:44 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax
[2013.05.25 09:05:43 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax
[2013.05.25 09:05:43 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax
[2013.05.25 09:03:30 | 002,463,093 | ---- | C] () -- C:\Users\Familie B\Documents\Startseite - ZDF Mediathek_0.flv
[2013.05.25 08:57:44 | 523,524,896 | ---- | C] () -- C:\Users\Familie B\Desktop\Deutschland von oben 1 &quot;Stadt&quot; - in HD! - Terra X - ZDFmediathek - ZDF Mediathek.flv
[2013.05.25 08:54:04 | 345,066,172 | ---- | C] () -- C:\Users\Familie B\Documents\Startseite - ZDF Mediathek.flv
[2013.05.22 21:56:32 | 000,001,125 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
[2013.05.13 16:33:11 | 000,001,012 | ---- | C] () -- C:\Users\Familie B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AeroFS.lnk
[2013.04.05 12:15:22 | 000,002,833 | ---- | C] () -- C:\Users\Familie B\.recently-used.xbel
[2013.02.08 00:29:45 | 000,001,374 | ---- | C] () -- C:\Windows\SysWow64\bash.exe.stackdump
[2012.12.28 01:24:01 | 000,007,635 | ---- | C] () -- C:\Users\Familie B\AppData\Local\Resmon.ResmonCfg
[2012.12.14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.10.10 03:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012.10.10 03:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012.07.24 15:12:18 | 000,001,477 | ---- | C] () -- C:\Users\Familie B\AppData\Local\recently-used.xbel
[2012.07.24 15:10:05 | 000,003,540 | ---- | C] () -- C:\Users\Familie B\AppData\Local\ING Diba Jens.gnucash.20120724151005.gnucash
[2012.07.24 15:00:48 | 000,003,669 | ---- | C] () -- C:\Users\Familie B\AppData\Local\ING Diba Jens.gnucash
[2012.07.12 17:17:58 | 000,003,531 | ---- | C] () -- C:\Users\Familie B\AppData\Local\GnuCash.gnucash
[2012.03.19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.11.23 23:07:32 | 000,000,747 | ---- | C] () -- C:\Windows\wiso.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.05.29 19:02:15 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\AeroFS
[2013.05.30 15:38:20 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\AeroFSExec
[2012.02.28 12:16:08 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\Buhl Data Service
[2013.01.08 23:53:03 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\Canneverbe Limited
[2013.06.02 23:35:45 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\Dropbox
[2013.05.30 15:37:32 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\FreeFLVConverter
[2013.05.30 22:48:45 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\gnupg
[2013.04.05 11:59:05 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\gtk-2.0
[2013.05.27 21:16:12 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\KeePass
[2013.05.30 15:38:21 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\KeePassX
[2011.09.01 14:20:14 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\LibreOffice
[2012.08.13 00:37:21 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\MakeMusic
[2011.09.01 13:54:02 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\MusE
[2011.11.11 01:40:27 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\Opera
[2011.09.15 23:39:59 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\Thunderbird
[2011.11.13 23:52:56 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\Titanium
[2012.01.31 19:08:26 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\TrueCrypt
[2013.05.30 15:38:27 | 000,000,000 | ---D | M] -- C:\Users\Familie B\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

aharonov · 02.06.2013, 23:09

Hallo,

kontrollieren wir noch, ob die Scanner noch was finden. Und dann schliessen wir noch vorhandene Sicherheitslücken.
Wie läuft der Rechner so?

Schritt 1

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste in deiner nächsten Antwort:

Log von MBAM
Log von ESET
Log von SecurityCheck

itsroh · 03.06.2013, 14:29

"Snap Do. Engine" steht noch immer unter den installierten Programmen eingetragen und lässt sich in der Systemsteuerung nicht deinstallieren.
Ansonsten bin ich mit der Performance ganz zufrieden, also meiner Meinung nach läuft der Rechner ganz gut.

Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.03.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Familie B :: FAMILIEB-PC [Administrator]

Schutz: Aktiviert

03.06.2013 10:07:18
mbam-log-2013-06-03 (10-07-18).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 219108
Laufzeit: 4 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2d28d11efa05734591017801490ca42f
# engine=13979
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-03 01:03:19
# local_time=2013-06-03 03:03:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 18390 235684289 11175 0
# compatibility_mode=5893 16776574 100 94 55046399 121894449 0 0
# scanned=380294
# found=1
# cleaned=0
# scan_time=16805
sh=238F78360B456EE74CC8397E2DD38DABCD9A44FB ft=1 fh=61d65ddd3df05ceb vn="probably a variant of Win32/Adware.Yontoo.A application" ac=I fn="C:\_OTL\MovedFiles\06022013_233053\C_Program Files (x86)\WebCake\WebCakeIEClient.dll"

Results of screen317's Security Check version 0.99.64
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
Java(TM) 6 Update 37
Java 7 Update 21
Adobe Flash Player 11.7.700.202
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox (7.0.1)
Mozilla Thunderbird (17.0.6)
Google Chrome 27.0.1453.93
Google Chrome 27.0.1453.94
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

aharonov · 03.06.2013, 14:52

Ok, dann entfernen wir auch noch die letzten Resten von snap.do.
Auch müssen noch die veralteten Software-Versionen entfernt werden.

Schritt 1

Starte bitte erneut SystemLook_x64.exe.
Vista und Win7 User: Rechtsklick und "als Administrator starten".

Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

ATTFilter

:filefind
*snap.do*
*snapdo*
*searchnu*

:folderfind
*snap.do*
*snapdo*
*searchnu*

:regfind
snap.do
snapdo
searchnu

Klicke nun auf den Button Look, um den Scan zu starten.
Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen. Poste diese in deinen Thread.
Das Log-File wird auch auf dem Desktop als SystemLook.txt gespeichert.

Schritt 2

Du hast unter anderem eine veraltete Java-Version installiert. Ältere Versionen enthalten Sicherheitslücken, die von Malware zur Infizierung per Drive-by Download missbraucht werden können.

Die aktuelle Version ist Java 7 Update 21.

Gehe zu
Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Win 7)
Start --> Systemsteuerung --> Software (bei Win XP)
und deinstalliere alle älteren Java-Versionen.

Schritt 3

Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:

Deinstalliere bitte deine aktuelle Version von Adobe Reader über
Start --> Systemsteuerung --> Software (bei Windows XP)
Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Windows 7)
Besuche diese Seite von Adobe.
Entferne gegebenenfalls den Haken bei McAfee Security Scan bzw. Google Chrome.
Drücke auf Jetzt herunterladen und installiere die neuste Version.

Schritt 4

Downloade und installiere dir die neuste Version des Mozilla Firefox.

Überprüfe dann mit diesem Plugin-Check (mit dem Firefox hier), ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls.

Schritt 5

Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste in deiner nächsten Antwort:

Log von SystemLook
Log von SecurityCheck

itsroh · 03.06.2013, 20:02

SystemLook 30.07.11 by jpshortstuff
Log created at 20:19 on 03/06/2013 by Familie B
Administrator - Elevation successful

========== filefind ==========

Searching for "*snap.do*"
No files found.

Searching for "*snapdo*"
No files found.

Searching for "*searchnu*"
C:\Users\Familie B\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchnu.com_0.localstorage --a---- 286720 bytes [19:39 28/05/2013] [17:18 02/06/2013] D2FA16D0F1ADC343A083695015A26DCC
C:\Users\Familie B\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchnu.com_0.localstorage-journal --a---- 16384 bytes [19:39 28/05/2013] [17:18 02/06/2013] 53ABF1FD77F9A64AFC81CD1FD713BCE0

========== folderfind ==========

Searching for "*snap.do*"
No folders found.

Searching for "*snapdo*"
No folders found.

Searching for "*searchnu*"
No folders found.

========== regfind ==========

Searching for "snap.do"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{e8e9b71a-9684-4eb7-bbec-5952b9c359dd}]
"DisplayName"="Snap.Do Engine"
[HKEY_USERS\S-1-5-21-3290196298-4204039042-1804756541-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{e8e9b71a-9684-4eb7-bbec-5952b9c359dd}]
"DisplayName"="Snap.Do Engine"

Searching for "snapdo"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=eadb1184-3305-4914-9490-1d074f61546d&searchtype=ds&q={searchTerms}&installDate={installDate}"
[HKEY_CURRENT_USER\Software\Smartbar]
"publisher"="SnapDoForPartners"
[HKEY_CURRENT_USER\Software\Smartbar]
"downloadProvider"="SnapDoForPartners"
[HKEY_USERS\S-1-5-21-3290196298-4204039042-1804756541-1000\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=eadb1184-3305-4914-9490-1d074f61546d&searchtype=ds&q={searchTerms}&installDate={installDate}"
[HKEY_USERS\S-1-5-21-3290196298-4204039042-1804756541-1000\Software\Smartbar]
"publisher"="SnapDoForPartners"
[HKEY_USERS\S-1-5-21-3290196298-4204039042-1804756541-1000\Software\Smartbar]
"downloadProvider"="SnapDoForPartners"

Searching for "searchnu"
No data found.

-= EOF =-

Results of screen317's Security Check version 0.99.64
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
Java 7 Update 21
Adobe Flash Player 11.7.700.202
Adobe Reader XI
Mozilla Firefox (21.0)
Mozilla Thunderbird (17.0.6)
Google Chrome 27.0.1453.93
Google Chrome 27.0.1453.94
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````