Hi,
ich habe auch das Problem mit der click compare Werbung.
Weiss nicht ob es damit zusammenhängt aber ich werde manchmal auf hxxp://de.clickcompare.info/ weiter geleitet und manchmal auch auf irgend ne anderer Werbeseite. Ausserdem habe ich auch das Problem mit den unterstrichenen Wörtern auf verschiedenen Internetseiten.

Ich habe bereits einen Scan mit Malwarebytes gemacht welcher keine Fehler mehr anzeigt

Zitat:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.06.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Rico :: RICO-PC [Administrator]

06.06.2013 15:45:49
mbam-log-2013-06-06 (15-45-49).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 220374
Laufzeit: 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Außerdem habe ich noch einen Scan mit OTL gemacht. Diese Log datei hänge ich auch an.

Zitat:

OTL logfile created on: 06.06.2013 15:50:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rico\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,98 Gb Total Physical Memory | 5,52 Gb Available Physical Memory | 69,22% Memory free
15,96 Gb Paging File | 12,59 Gb Available in Paging File | 78,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 31,15 Gb Total Space | 3,15 Gb Free Space | 10,11% Space Free | Partition Type: NTFS
Drive D: | 87,99 Gb Total Space | 68,76 Gb Free Space | 78,15% Space Free | Partition Type: NTFS
Drive E: | 368,10 Gb Total Space | 118,34 Gb Free Space | 32,15% Space Free | Partition Type: NTFS
Drive F: | 97,66 Gb Total Space | 8,59 Gb Free Space | 8,80% Space Free | Partition Type: NTFS
Drive G: | 1397,26 Gb Total Space | 434,70 Gb Free Space | 31,11% Space Free | Partition Type: NTFS

Computer Name: RICO-PC | User Name: Rico | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Rico\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Rico\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC)
PRC - C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe (WebCake LLC)
PRC - C:\Users\Rico\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - E:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe (Samsung Electronics.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\Rico\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
PRC - C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR)
PRC - C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR)
PRC - D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
PRC - E:\Program Files (x86)\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc.)
PRC - E:\Program Files (x86)\AI Suite II\EPU\EPUHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe ()
PRC - E:\Program Files (x86)\AI Suite II\AsRoutineController.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe ()
PRC - E:\Program Files (x86)\AI Suite II\Sensor\AlertHelper\AlertHelper.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - E:\Program Files (x86)\Streamripper\wstreamripper.exe ()
PRC - E:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - E:\Program Files (x86)\Winamp\winamp.exe (Nullsoft)


========== Modules (No Company Name) ==========

MOD - C:\Users\Rico\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Rico\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Rico\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
MOD - C:\Users\Rico\AppData\Local\Google\Chrome\Application\27.0.1453.94\libglesv2.dll ()
MOD - C:\Users\Rico\AppData\Local\Google\Chrome\Application\27.0.1453.94\libegl.dll ()
MOD - C:\Users\Rico\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll ()
MOD - E:\Program Files (x86)\Samsung SSD Magician\SAMSUNG_SSD.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Users\Rico\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Users\Rico\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll ()
MOD - C:\Users\Rico\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll ()
MOD - C:\Users\Rico\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6fd278018f0cf369362fc810f8aefcb5\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4cae4b1b6c8423f80d1f86eae7fd8203\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Users\Rico\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - E:\Program Files (x86)\AI Suite II\Sensor\Sensor.dll ()
MOD - E:\Program Files (x86)\AI Suite II\BarGadget\BarGadget.dll ()
MOD - E:\Program Files (x86)\AI Suite II\Sensor Graph\SensorGraph.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - E:\Program Files (x86)\AI Suite II\MyLogo\MyLogo.dll ()
MOD - E:\Program Files (x86)\AI Suite II\ASUS Update\Update.dll ()
MOD - E:\Program Files (x86)\AI Suite II\AssistFunc.dll ()
MOD - E:\Program Files (x86)\AI Suite II\Settings\Settings.dll ()
MOD - E:\Program Files (x86)\AI Suite II\Probe_II\ProbeII.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMLib.dll ()
MOD - E:\Program Files (x86)\AI Suite II\TabGadget\TabGadget.dll ()
MOD - E:\Program Files (x86)\AI Suite II\Splitter\Splitter.dll ()
MOD - E:\Program Files (x86)\AI Suite II\Sensor\AlertHelper\ImageHelper.dll ()
MOD - E:\Program Files (x86)\AI Suite II\ImageHelper.dll ()
MOD - E:\Program Files (x86)\AI Suite II\pngio.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()
MOD - E:\Program Files (x86)\Streamripper\wstreamripper.exe ()
MOD - E:\Program Files (x86)\Streamripper\streamripper.dll ()
MOD - E:\Program Files (x86)\Winamp\Plugins\gen_sripper.dll ()
MOD - C:\Windows\SysWOW64\CmdRtr.DLL ()
MOD - E:\Program Files (x86)\Streamripper\zlib1.dll ()
MOD - E:\Program Files (x86)\Streamripper\libintl-8.dll ()
MOD - E:\Program Files (x86)\Streamripper\libiconv-2.dll ()
MOD - E:\Program Files (x86)\Streamripper\ogg.dll ()
MOD - E:\Program Files (x86)\Streamripper\vorbis.dll ()
MOD - C:\Windows\SysWOW64\P17.dll ()
MOD - E:\Program Files (x86)\Winamp\Plugins\gen_ff.dll ()
MOD - E:\Program Files (x86)\Winamp\Plugins\in_cdda.dll ()
MOD - E:\Program Files (x86)\Winamp\Plugins\in_mp4.dll ()
MOD - E:\Program Files (x86)\Winamp\Plugins\in_mp3.dll ()
MOD - E:\Program Files (x86)\Winamp\Plugins\in_vorbis.dll ()
MOD - E:\Program Files (x86)\Winamp\Plugins\in_mod.dll ()
MOD - E:\Program Files (x86)\Winamp\Plugins\in_wm.dll ()
MOD - E:\Program Files (x86)\Winamp\Plugins\in_midi.dll ()
MOD - E:\Program Files (x86)\Winamp\Plugins\read_file.dll ()
MOD - E:\Program Files (x86)\Winamp\Plugins\gen_jumpex.dll ()
MOD - E:\Program Files (x86)\Winamp\Plugins\out_ds.dll ()
MOD - E:\Program Files (x86)\Winamp\Plugins\in_wave.dll ()
MOD - E:\Program Files (x86)\Winamp\Plugins\gen_hotkeys.dll ()
MOD - E:\Program Files (x86)\Winamp\Plugins\out_disk.dll ()
MOD - E:\Program Files (x86)\Winamp\Plugins\out_wave.dll ()
MOD - E:\Program Files (x86)\Winamp\Plugins\gen_tray.dll ()
MOD - E:\Program Files (x86)\Winamp\Deutsch.lng ()


========== Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (EpsonScanSvc) -- C:\Windows\SysNative\escsvc64.exe (Seiko Epson Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (!SASCORE) -- E:\SASCore64.exe (SUPERAntiSpyware.com)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PDF Architect Helper Service) -- C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR)
SRV - (PDF Architect Service) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (AntiVirSchedulerService) -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (asComSvc) -- C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe ()
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- D:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (asHmComSvc) -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe ()
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.)
DRV:64bit: - (ICCWDT) -- C:\Windows\SysNative\drivers\ICCWDT.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tmnsusbser) -- C:\Windows\SysNative\drivers\tmnsusbser.sys (Wireless Device)
DRV:64bit: - (tmusbnet) -- C:\Windows\SysNative\drivers\tmusbnet.sys (QUALCOMM Incorporated)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (P17) -- C:\Windows\SysNative\drivers\P17.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (t3) -- C:\Windows\SysNative\drivers\t3.sys (Creative Technology Ltd.)
DRV:64bit: - (athrusb) -- C:\Windows\SysNative\drivers\athrxusb.sys (Atheros Communications, Inc.)
DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV:64bit: - (cdrbsdrv) -- C:\Windows\SysNative\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV:64bit: - (P1764) -- C:\Windows\SysNative\drivers\P1764.sys (Creative Technology Ltd.)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (cpuz135) -- d:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys (CPUID)
DRV - (SASDIFSV) -- E:\\SASDIFSV64.SYS ()
DRV - (SASKUTIL) -- E:\\SASKUTIL64.SYS ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (ElbyCDIO) -- C:\Windows\SysWOW64\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (ElbyDelay) -- C:\Windows\SysWOW64\drivers\ElbyDelay.sys (Elaborate Bytes AG)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-965118736-2546946651-4236771150-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=14597
IE - HKU\S-1-5-21-965118736-2546946651-4236771150-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-965118736-2546946651-4236771150-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-965118736-2546946651-4236771150-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C 08 07 73 03 70 CD 01 [binary data]
IE - HKU\S-1-5-21-965118736-2546946651-4236771150-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-965118736-2546946651-4236771150-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-965118736-2546946651-4236771150-1000\..\SearchScopes\{DE11E672-139C-41C5-ACBD-01E80B80A591}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=FV&apn_dtid=YYYYYYYYDE&apn_uid=b80f67cb-29af-402f-b3f6-44dd799c393f&apn_sauid=B3E57F21-278B-4888-8E4F-17B31DA18EAF
IE - HKU\S-1-5-21-965118736-2546946651-4236771150-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-965118736-2546946651-4236771150-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost; 127.0.0.1; <local>; www.google.de, www.facebook.com

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15
FF - prefs.js..extensions.enabledAddons: plugin%40getwebcake.com:1.00.01
FF - prefs.js..extensions.enabledAddons: autolyrics%40man-soft.net:1.114
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.http: "199.241.184.143"
FF - prefs.js..network.proxy.http_port: 3128


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: E:\Program Files (x86)\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rico\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rico\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Rico\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012.12.16 14:47:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.01.07 13:17:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\autolyrics@man-soft.net: C:\Program Files (x86)\AutoLyrics\FF\ [2013.03.03 15:17:54 | 000,000,000 | ---D | M]

[2012.08.01 19:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rico\AppData\Roaming\mozilla\Extensions
[2013.06.05 13:45:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rico\AppData\Roaming\mozilla\Firefox\Profiles\ion25bl6.default\extensions
[2013.05.29 22:37:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Rico\AppData\Roaming\mozilla\Firefox\Profiles\ion25bl6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.12.15 14:33:13 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\Users\Rico\AppData\Roaming\mozilla\Firefox\Profiles\ion25bl6.default\extensions\fdm_ffext@freedownloadmanager.org
[2013.06.05 13:45:21 | 000,000,000 | ---D | M] (WebCake) -- C:\Users\Rico\AppData\Roaming\mozilla\Firefox\Profiles\ion25bl6.default\extensions\plugin@getwebcake.com
[2013.06.02 20:10:20 | 000,004,503 | ---- | M] () (No name found) -- C:\Users\Rico\AppData\Roaming\mozilla\firefox\profiles\ion25bl6.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2013.05.09 13:26:19 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Rico\AppData\Roaming\mozilla\firefox\profiles\ion25bl6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.06.06 21:31:06 | 000,002,333 | ---- | M] () -- C:\Users\Rico\AppData\Roaming\mozilla\firefox\profiles\ion25bl6.default\searchplugins\askcom.xml
[2013.03.03 15:17:54 | 000,000,000 | ---D | M] ("Auto Lyrics") -- C:\PROGRAM FILES (X86)\AUTOLYRICS\FF

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{go ogle:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rico\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Rico\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Rico\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Happy Cloud Plugin (Disabled) = C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Rico\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Rico\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = E:\Program Files (x86)\Java\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: VLC Web Plugin (Enabled) = d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - Extension: Google Docs = C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0\
CHR - Extension: Google-Suche = C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Logitech SetPoint = C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.51.8_0\
CHR - Extension: WebCake = C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0\
CHR - Extension: Google Mail = C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Auto Lyrics = C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcdkfohdadbjmlfejhncigcbfkiaamf\1.114_0\

O1 HOSTS File: ([2012.09.20 17:42:51 | 000,000,915 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 178.63.74.210 status.wow-europe.com
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (WebCake) - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\WebCake\WebCakeIEClient.dll (WebCake LLC)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (AddLyrics) - {4145006D-47F8-42F2-8186-2225AAFECDD3} - C:\Program Files (x86)\AddLyrics\AddLyrics.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files (x86)\Java\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Auto Lyrics) - {DAEB9E85-4694-4F9B-85CB-2F28987872D7} - C:\Program Files (x86)\AutoLyrics\autolrcs.dll (Mansoft Union)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files (x86)\Java\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O3 - HKU\S-1-5-21-965118736-2546946651-4236771150-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CloneCDTray] e:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [P17Helper] C:\Windows\SysWow64\P17.dll ()
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-965118736-2546946651-4236771150-1000..\Run: [DAEMON Tools Lite] E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-965118736-2546946651-4236771150-1000..\Run: [Facebook Update] C:\Users\Rico\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-965118736-2546946651-4236771150-1000..\Run: [SpybotSD TeaTimer] e:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-965118736-2546946651-4236771150-1000..\Run: [SUPERAntiSpyware] E:\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-965118736-2546946651-4236771150-1000..\Run: [WebCake Desktop] C:\Users\Rico\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-F50GB.exe" /REG /REGSVRMODE File not found
O4 - HKU\.DEFAULT..\RunOnce: [DefaultP17] C:\Windows\P17DEF.EXE (Creative Technology Ltd)
O4 - HKU\.DEFAULT..\RunOnce: [DefaultP17MIDI] C:\Windows\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\RunOnce: [DefaultP17] C:\Windows\P17DEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\RunOnce: [DefaultP17MIDI] C:\Windows\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rico\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Rico\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
O4 - Startup: C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk = E:\Program Files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe (Logitech, Inc.)
O4 - Startup: C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk = E:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe (Samsung Electronics.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-965118736-2546946651-4236771150-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-965118736-2546946651-4236771150-1000\..Trusted Domains: jdnas ([]file in Lokales Intranet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A8AD02A-DC95-4FE1-861E-1B5B18ADA50E}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B41A589-C6D5-4B1E-8A1C-592526FE98F3}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{912A429A-42EF-4CE7-82BF-E62BA49F8FC2}: DhcpNameServer = 192.168.123.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0B96586-C0A4-41F7-A45C-B537D9E667FA}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk F:\
O33 - MountPoints2\{857d421a-dbed-11e1-a4db-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{857d421a-dbed-11e1-a4db-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Bin\assetup.exe
O33 - MountPoints2\{d2f9f0cf-7d05-11e2-a58c-14dae9f49b36}\Shell - "" = AutoRun
O33 - MountPoints2\{d2f9f0cf-7d05-11e2-a58c-14dae9f49b36}\Shell\AutoRun\command - "" = K:\.\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.06.06 15:41:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rico\Desktop\OTL.exe
[2013.06.06 14:22:35 | 000,000,000 | ---D | C] -- C:\Users\Rico\AppData\Roaming\Malwarebytes
[2013.06.06 14:22:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.06 14:22:21 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.06.06 14:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.06 14:22:04 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Rico\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.05 13:46:44 | 000,719,872 | -HS- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll
[2013.06.05 13:46:43 | 000,369,152 | -HS- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll
[2013.06.05 13:46:42 | 000,070,656 | -HS- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2013.06.05 13:46:42 | 000,070,656 | -HS- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll
[2013.06.05 13:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2013.06.05 13:45:54 | 000,000,000 | ---D | C] -- C:\Users\Rico\Documents\eRightSoft
[2013.06.05 13:45:45 | 000,327,749 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drvc.dll
[2013.06.05 13:45:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft
[2013.06.05 13:45:20 | 000,000,000 | ---D | C] -- C:\Users\Rico\AppData\Roaming\WebCake
[2013.06.05 13:45:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebCake
[2013.06.05 13:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.06.05 13:45:15 | 000,000,000 | ---D | C] -- C:\Users\Rico\AppData\Local\SwvUpdater
[2013.06.05 13:41:49 | 051,636,894 | ---- | C] (eRightSoft ) -- C:\Users\Rico\Desktop\SUPERsetup.exe
[2013.06.05 13:32:30 | 000,000,000 | ---D | C] -- C:\Users\Rico\Desktop\hochwasser
[2013.06.05 13:20:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung SSD Magician
[2013.06.04 01:35:53 | 000,000,000 | ---D | C] -- C:\Users\Rico\Desktop\emo
[2013.06.02 19:56:21 | 000,000,000 | ---D | C] -- C:\Users\Rico\Desktop\Neuer Ordner
[2013.05.30 14:42:57 | 000,000,000 | ---D | C] -- C:\Users\Rico\Desktop\ip4
[2013.05.27 19:22:27 | 000,000,000 | ---D | C] -- C:\Users\Rico\AppData\Roaming\SUPERAntiSpyware.com
[2013.05.27 19:22:09 | 000,000,000 | ---D | C] -- C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013.05.27 19:22:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013.05.27 19:21:12 | 000,618,912 | ---- | C] (www.download-sponsor.de) -- C:\Users\Rico\Desktop\SuperAntiSpyware - CHIP-Downloader.exe
[2013.05.15 14:25:15 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.15 14:25:15 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.15 14:25:14 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.15 14:25:14 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.05.15 14:25:14 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.05.15 14:25:14 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.05.15 14:25:14 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.15 14:25:14 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.05.15 14:25:14 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.05.15 14:25:14 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.05.15 14:25:14 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.05.15 14:25:14 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.05.15 14:25:13 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.15 14:25:13 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.15 14:25:12 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.14 19:28:40 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.14 19:28:40 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.14 19:28:39 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.14 19:28:39 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.14 19:28:39 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.14 19:28:39 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.06.06 15:41:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rico\Desktop\OTL.exe
[2013.06.06 15:28:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-965118736-2546946651-4236771150-1000UA.job
[2013.06.06 14:34:44 | 000,024,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.06 14:34:44 | 000,024,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.06 14:33:30 | 001,622,100 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.06 14:33:30 | 000,700,380 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.06 14:33:30 | 000,655,092 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.06 14:33:30 | 000,149,176 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.06 14:33:30 | 000,121,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.06 14:27:40 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\Auto Lyrics Update.job
[2013.06.06 14:27:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.06 14:27:32 | 2132,721,663 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.06 14:26:47 | 000,000,140 | ---- | M] () -- C:\Windows\winamp.ini
[2013.06.06 14:22:22 | 000,000,795 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.06 14:22:09 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Rico\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.06 14:08:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-965118736-2546946651-4236771150-1000UA.job
[2013.06.06 02:08:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-965118736-2546946651-4236771150-1000Core.job
[2013.06.06 00:57:46 | 000,001,047 | ---- | M] () -- C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.06.05 16:13:16 | 000,366,614 | ---- | M] () -- C:\Users\Rico\Desktop\kaufiphone5 001.jpg
[2013.06.05 13:44:08 | 051,636,894 | ---- | M] (eRightSoft ) -- C:\Users\Rico\Desktop\SUPERsetup.exe
[2013.06.05 13:20:42 | 000,000,827 | ---- | M] () -- C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
[2013.06.05 00:34:17 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-965118736-2546946651-4236771150-1000Core.job
[2013.06.04 19:22:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 6915ca9d-9cfe-4463-932a-16ed847f4e70.job
[2013.05.30 18:27:49 | 000,062,094 | ---- | M] () -- C:\Users\Rico\Desktop\Verkaufsschild-iPhone-4-16-GB-Weiss-ohne-Simlock-neuwertig.pdf
[2013.05.29 17:41:37 | 000,002,350 | ---- | M] () -- C:\Users\Rico\Desktop\Google Chrome.lnk
[2013.05.27 21:30:12 | 000,045,846 | ---- | M] () -- C:\Users\Rico\Desktop\download.pdf
[2013.05.27 19:22:09 | 000,000,351 | ---- | M] () -- C:\Users\Rico\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.05.27 19:21:12 | 000,618,912 | ---- | M] (www.download-sponsor.de) -- C:\Users\Rico\Desktop\SuperAntiSpyware - CHIP-Downloader.exe
[2013.05.15 18:46:01 | 000,419,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.12 14:38:37 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\iFunbox.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.06.06 14:22:22 | 000,000,795 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.05 16:13:16 | 000,366,614 | ---- | C] () -- C:\Users\Rico\Desktop\kaufiphone5 001.jpg
[2013.06.05 13:46:42 | 000,032,256 | -HS- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2013.05.30 18:27:49 | 000,062,094 | ---- | C] () -- C:\Users\Rico\Desktop\Verkaufsschild-iPhone-4-16-GB-Weiss-ohne-Simlock-neuwertig.pdf
[2013.05.29 17:41:37 | 000,002,350 | ---- | C] () -- C:\Users\Rico\Desktop\Google Chrome.lnk
[2013.05.27 21:34:42 | 004,168,821 | ---- | C] () -- C:\Users\Rico\Desktop\08 Rock & Roll Queen.mp3
[2013.05.27 21:30:12 | 000,045,846 | ---- | C] () -- C:\Users\Rico\Desktop\download.pdf
[2013.05.27 19:22:30 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 6915ca9d-9cfe-4463-932a-16ed847f4e70.job
[2013.05.27 19:22:09 | 000,000,351 | ---- | C] () -- C:\Users\Rico\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.03.21 19:50:01 | 000,007,605 | ---- | C] () -- C:\Users\Rico\AppData\Local\Resmon.ResmonCfg
[2013.03.06 19:02:08 | 000,000,171 | ---- | C] () -- C:\Windows\Clony2.ini
[2012.11.02 20:48:58 | 000,000,126 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.11.01 04:31:09 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012.10.26 20:03:37 | 001,641,574 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.15 17:58:58 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\GkSui18.EXE
[2012.08.12 17:10:11 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.08.12 17:10:10 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.08.08 18:01:24 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2012.08.01 21:16:49 | 000,003,348 | ---- | C] () -- C:\Windows\SysWow64\ludap17.ini
[2012.08.01 21:16:49 | 000,000,078 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2012.08.01 20:57:40 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.08.01 20:57:40 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.08.01 19:26:25 | 000,000,140 | ---- | C] () -- C:\Windows\winamp.ini
[2012.08.01 18:41:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.08.01 17:41:32 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.08.01 17:41:30 | 000,028,976 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.07.30 14:16:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.07.30 14:16:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.07.30 14:16:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.07.30 14:16:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.06.11 18:50:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.06.11 18:50:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.02 15:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.01.07 13:17:34 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\APP_NAME_NON_STRING
[2012.09.04 21:57:08 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Canneverbe Limited
[2012.08.01 19:43:39 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\DAEMON Tools Lite
[2012.10.31 16:05:34 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\DeepBurner
[2013.06.06 14:27:43 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Dropbox
[2012.10.31 21:17:43 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Epson
[2012.10.14 16:28:00 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\FRITZ!
[2012.10.14 16:26:51 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2013.05.12 14:38:41 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\iFunbox_UserCache
[2012.08.01 18:45:45 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Leadertech
[2012.08.01 19:16:03 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Miranda
[2013.03.30 12:13:05 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Origin
[2013.01.07 13:18:24 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\PDF Architect
[2013.05.06 15:24:12 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\pdfforge
[2012.08.30 17:01:08 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Samsung
[2012.10.15 22:14:47 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\streamripper
[2013.06.03 23:19:48 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\TS3Client
[2013.04.01 22:15:44 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\ts3overlay
[2013.02.28 22:03:22 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\uTorrent
[2013.04.03 20:18:30 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Vodafone Messenger PC
[2013.06.06 11:29:15 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\WebCake
[2012.08.21 11:59:15 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\WindSolutions

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:A035D7423CF14E98

< End of report >

Hoffe das ist jetzt nicht zu viel und mir kann jemand weiter helfen.
Vielen Dank schon mal

Grüße

hi,

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches OTL log bitte.

AdwCleaner Logfile:

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v2.301 - Datei am 06/06/2013 um 16:35:52 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Rico - RICO-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Rico\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Rico\AppData\Roaming\Mozilla\Firefox\Profiles\ion25bl6.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Windows\Tasks\Auto Lyrics Update.job
Ordner Gelöscht : C:\Program Files (x86)\AddLyrics
Ordner Gelöscht : C:\Program Files (x86)\AutoLyrics
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Rico\AppData\Local\APN
Ordner Gelöscht : C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcdkfohdadbjmlfejhncigcbfkiaamf
Ordner Gelöscht : C:\Users\Rico\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Rico\AppData\Local\SwvUpdater
Ordner Gelöscht : C:\Users\Rico\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Rico\AppData\Local\Wajam
Ordner Gelöscht : C:\Users\Rico\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AutoLyrics
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DAEB9E85-4694-4F9B-85CB-2F28987872D7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DAEB9E85-4694-4F9B-85CB-2F28987872D7}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DAEB9E85-4694-4F9B-85CB-2F28987872D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pkcdkfohdadbjmlfejhncigcbfkiaamf
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DAEB9E85-4694-4F9B-85CB-2F28987872D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\autolyrics@man-soft.net
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16576

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://de.ask.com/?l=dis&o=14597 --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Rico\AppData\Roaming\Mozilla\Firefox\Profiles\ion25bl6.default\prefs.js

C:\Users\Rico\AppData\Roaming\Mozilla\Firefox\Profiles\ion25bl6.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.order.1", "Ask.com");

-\\ Google Chrome v27.0.1453.94

Datei : C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [4184 octets] - [06/06/2013 16:35:35]
AdwCleaner[S1].txt - [4103 octets] - [06/06/2013 16:35:52]

########## EOF - C:\AdwCleaner[S1].txt - [4163 octets] ##########
         

--- --- ---


Junkware Removal Tool Logfile

Zitat:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Rico on 06.06.2013 at 16:39:58,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DE11E672-139C-41C5-ACBD-01E80B80A591}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.06.2013 at 16:42:14,03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

und neues OTL Logfile

OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 06.06.2013 16:46:55 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rico\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,61 Gb Available Physical Memory | 70,24% Memory free
15,96 Gb Paging File | 13,04 Gb Available in Paging File | 81,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 31,15 Gb Total Space | 3,14 Gb Free Space | 10,08% Space Free | Partition Type: NTFS
Drive D: | 87,99 Gb Total Space | 68,76 Gb Free Space | 78,15% Space Free | Partition Type: NTFS
Drive E: | 368,10 Gb Total Space | 118,34 Gb Free Space | 32,15% Space Free | Partition Type: NTFS
Drive F: | 97,66 Gb Total Space | 8,59 Gb Free Space | 8,80% Space Free | Partition Type: NTFS
Drive G: | 1397,26 Gb Total Space | 434,70 Gb Free Space | 31,11% Space Free | Partition Type: NTFS
 
Computer Name: RICO-PC | User Name: Rico | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Rico\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Rico\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC)
PRC - C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe (WebCake LLC)
PRC - C:\Users\Rico\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - E:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe (Samsung Electronics.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\Rico\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
PRC - C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR)
PRC - C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR)
PRC - D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
PRC - E:\Program Files (x86)\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc.)
PRC - E:\Program Files (x86)\AI Suite II\EPU\EPUHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe ()
PRC - E:\Program Files (x86)\AI Suite II\AsRoutineController.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe ()
PRC - E:\Program Files (x86)\AI Suite II\Sensor\AlertHelper\AlertHelper.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - E:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Rico\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Rico\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
MOD - C:\Users\Rico\AppData\Local\Google\Chrome\Application\27.0.1453.94\libglesv2.dll ()
MOD - C:\Users\Rico\AppData\Local\Google\Chrome\Application\27.0.1453.94\libegl.dll ()
MOD - C:\Users\Rico\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll ()
MOD - E:\Program Files (x86)\Samsung SSD Magician\SAMSUNG_SSD.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Users\Rico\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Users\Rico\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll ()
MOD - C:\Users\Rico\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll ()
MOD - C:\Users\Rico\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6fd278018f0cf369362fc810f8aefcb5\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4cae4b1b6c8423f80d1f86eae7fd8203\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Users\Rico\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - E:\Program Files (x86)\AI Suite II\Sensor\Sensor.dll ()
MOD - E:\Program Files (x86)\AI Suite II\BarGadget\BarGadget.dll ()
MOD - E:\Program Files (x86)\AI Suite II\Sensor Graph\SensorGraph.dll ()
MOD - E:\Program Files (x86)\AI Suite II\MyLogo\MyLogo.dll ()
MOD - E:\Program Files (x86)\AI Suite II\ASUS Update\Update.dll ()
MOD - E:\Program Files (x86)\AI Suite II\AssistFunc.dll ()
MOD - E:\Program Files (x86)\AI Suite II\Settings\Settings.dll ()
MOD - E:\Program Files (x86)\AI Suite II\Probe_II\ProbeII.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMLib.dll ()
MOD - E:\Program Files (x86)\AI Suite II\TabGadget\TabGadget.dll ()
MOD - E:\Program Files (x86)\AI Suite II\Splitter\Splitter.dll ()
MOD - E:\Program Files (x86)\AI Suite II\Sensor\AlertHelper\ImageHelper.dll ()
MOD - E:\Program Files (x86)\AI Suite II\ImageHelper.dll ()
MOD - E:\Program Files (x86)\AI Suite II\pngio.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()
MOD - C:\Windows\SysWOW64\CmdRtr.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (EpsonScanSvc) -- C:\Windows\SysNative\escsvc64.exe (Seiko Epson Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (!SASCORE) -- E:\SASCore64.exe (SUPERAntiSpyware.com)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PDF Architect Helper Service) -- C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR)
SRV - (PDF Architect Service) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (AntiVirSchedulerService) -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (asComSvc) -- C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe ()
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- D:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (asHmComSvc) -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe ()
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.)
DRV:64bit: - (ICCWDT) -- C:\Windows\SysNative\drivers\ICCWDT.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tmnsusbser) -- C:\Windows\SysNative\drivers\tmnsusbser.sys (Wireless Device)
DRV:64bit: - (tmusbnet) -- C:\Windows\SysNative\drivers\tmusbnet.sys (QUALCOMM Incorporated)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (P17) -- C:\Windows\SysNative\drivers\P17.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (t3) -- C:\Windows\SysNative\drivers\t3.sys (Creative Technology Ltd.)
DRV:64bit: - (athrusb) -- C:\Windows\SysNative\drivers\athrxusb.sys (Atheros Communications, Inc.)
DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV:64bit: - (cdrbsdrv) -- C:\Windows\SysNative\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV:64bit: - (P1764) -- C:\Windows\SysNative\drivers\P1764.sys (Creative Technology Ltd.)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (cpuz135) -- d:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys (CPUID)
DRV - (SASDIFSV) -- E:\\SASDIFSV64.SYS ()
DRV - (SASKUTIL) -- E:\\SASKUTIL64.SYS ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (ElbyCDIO) -- C:\Windows\SysWOW64\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (ElbyDelay) -- C:\Windows\SysWOW64\drivers\ElbyDelay.sys (Elaborate Bytes AG)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-965118736-2546946651-4236771150-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-965118736-2546946651-4236771150-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-965118736-2546946651-4236771150-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-965118736-2546946651-4236771150-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C 08 07 73 03 70 CD 01  [binary data]
IE - HKU\S-1-5-21-965118736-2546946651-4236771150-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-965118736-2546946651-4236771150-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-965118736-2546946651-4236771150-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-965118736-2546946651-4236771150-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost; 127.0.0.1; <local>; www.google.de, www.facebook.com
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15
FF - prefs.js..extensions.enabledAddons: plugin%40getwebcake.com:1.00.01
FF - prefs.js..extensions.enabledAddons: autolyrics%40man-soft.net:1.114
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.http: "199.241.184.143"
FF - prefs.js..network.proxy.http_port: 3128
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: E:\Program Files (x86)\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rico\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rico\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Rico\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012.12.16 14:47:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.01.07 13:17:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\autolyrics@man-soft.net: C:\Program Files (x86)\AutoLyrics\FF\
 
[2012.08.01 19:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rico\AppData\Roaming\mozilla\Extensions
[2013.06.05 13:45:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rico\AppData\Roaming\mozilla\Firefox\Profiles\ion25bl6.default\extensions
[2013.05.29 22:37:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Rico\AppData\Roaming\mozilla\Firefox\Profiles\ion25bl6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.12.15 14:33:13 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\Users\Rico\AppData\Roaming\mozilla\Firefox\Profiles\ion25bl6.default\extensions\fdm_ffext@freedownloadmanager.org
[2013.06.05 13:45:21 | 000,000,000 | ---D | M] (WebCake) -- C:\Users\Rico\AppData\Roaming\mozilla\Firefox\Profiles\ion25bl6.default\extensions\plugin@getwebcake.com
[2013.06.02 20:10:20 | 000,004,503 | ---- | M] () (No name found) -- C:\Users\Rico\AppData\Roaming\mozilla\firefox\profiles\ion25bl6.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2013.05.09 13:26:19 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Rico\AppData\Roaming\mozilla\firefox\profiles\ion25bl6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
File not found (No name found) -- C:\PROGRAM FILES (X86)\AUTOLYRICS\FF
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rico\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Rico\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Rico\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Happy Cloud Plugin (Disabled) = C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Rico\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Rico\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = E:\Program Files (x86)\Java\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: VLC Web Plugin (Enabled) = d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - Extension: Google Docs = C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0\
CHR - Extension: Google-Suche = C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Logitech SetPoint = C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.51.8_0\
CHR - Extension: WebCake = C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0\
CHR - Extension: Google Mail = C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.09.20 17:42:51 | 000,000,915 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 178.63.74.210 status.wow-europe.com
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (WebCake) - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\WebCake\WebCakeIEClient.dll (WebCake LLC)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (AddLyrics) - {4145006D-47F8-42F2-8186-2225AAFECDD3} - C:\Program Files (x86)\AddLyrics\AddLyrics.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files (x86)\Java\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files (x86)\Java\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CloneCDTray] e:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [P17Helper] C:\Windows\SysWow64\P17.dll ()
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-965118736-2546946651-4236771150-1000..\Run: [DAEMON Tools Lite] E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-965118736-2546946651-4236771150-1000..\Run: [Facebook Update] C:\Users\Rico\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-965118736-2546946651-4236771150-1000..\Run: [SpybotSD TeaTimer] e:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-965118736-2546946651-4236771150-1000..\Run: [SUPERAntiSpyware] E:\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-965118736-2546946651-4236771150-1000..\Run: [WebCake Desktop] C:\Users\Rico\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-F50GB.exe" /REG /REGSVRMODE File not found
O4 - HKU\.DEFAULT..\RunOnce: [DefaultP17] C:\Windows\P17DEF.EXE (Creative Technology Ltd)
O4 - HKU\.DEFAULT..\RunOnce: [DefaultP17MIDI] C:\Windows\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\RunOnce: [DefaultP17] C:\Windows\P17DEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\RunOnce: [DefaultP17MIDI] C:\Windows\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rico\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Rico\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
O4 - Startup: C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk = E:\Program Files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe (Logitech, Inc.)
O4 - Startup: C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk = E:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe (Samsung Electronics.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-965118736-2546946651-4236771150-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-965118736-2546946651-4236771150-1000\..Trusted Domains: jdnas ([]file in Lokales Intranet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A8AD02A-DC95-4FE1-861E-1B5B18ADA50E}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B41A589-C6D5-4B1E-8A1C-592526FE98F3}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{912A429A-42EF-4CE7-82BF-E62BA49F8FC2}: DhcpNameServer = 192.168.123.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0B96586-C0A4-41F7-A45C-B537D9E667FA}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk F:\
O33 - MountPoints2\{857d421a-dbed-11e1-a4db-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{857d421a-dbed-11e1-a4db-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Bin\assetup.exe
O33 - MountPoints2\{d2f9f0cf-7d05-11e2-a58c-14dae9f49b36}\Shell - "" = AutoRun
O33 - MountPoints2\{d2f9f0cf-7d05-11e2-a58c-14dae9f49b36}\Shell\AutoRun\command - "" = K:\.\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.06 16:39:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.06 16:39:55 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.06 16:38:33 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.06.06 16:35:24 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Rico\Desktop\JRT.exe
[2013.06.06 15:41:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rico\Desktop\OTL.exe
[2013.06.06 14:22:35 | 000,000,000 | ---D | C] -- C:\Users\Rico\AppData\Roaming\Malwarebytes
[2013.06.06 14:22:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.06 14:22:21 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.06.06 14:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.06 14:22:04 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Rico\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.05 13:46:44 | 000,719,872 | -HS- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll
[2013.06.05 13:46:43 | 000,369,152 | -HS- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll
[2013.06.05 13:46:42 | 000,070,656 | -HS- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2013.06.05 13:46:42 | 000,070,656 | -HS- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll
[2013.06.05 13:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2013.06.05 13:45:54 | 000,000,000 | ---D | C] -- C:\Users\Rico\Documents\eRightSoft
[2013.06.05 13:45:45 | 000,327,749 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drvc.dll
[2013.06.05 13:45:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft
[2013.06.05 13:45:20 | 000,000,000 | ---D | C] -- C:\Users\Rico\AppData\Roaming\WebCake
[2013.06.05 13:45:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebCake
[2013.06.05 13:41:49 | 051,636,894 | ---- | C] (eRightSoft                                                  ) -- C:\Users\Rico\Desktop\SUPERsetup.exe
[2013.06.05 13:32:30 | 000,000,000 | ---D | C] -- C:\Users\Rico\Desktop\hochwasser
[2013.06.05 13:20:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung SSD Magician
[2013.06.04 01:35:53 | 000,000,000 | ---D | C] -- C:\Users\Rico\Desktop\emo
[2013.06.02 19:56:21 | 000,000,000 | ---D | C] -- C:\Users\Rico\Desktop\Neuer Ordner
[2013.05.30 14:42:57 | 000,000,000 | ---D | C] -- C:\Users\Rico\Desktop\ip4
[2013.05.27 19:22:27 | 000,000,000 | ---D | C] -- C:\Users\Rico\AppData\Roaming\SUPERAntiSpyware.com
[2013.05.27 19:22:09 | 000,000,000 | ---D | C] -- C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013.05.27 19:22:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013.05.27 19:21:12 | 000,618,912 | ---- | C] (www.download-sponsor.de) -- C:\Users\Rico\Desktop\SuperAntiSpyware - CHIP-Downloader.exe
[2013.05.15 14:25:15 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.15 14:25:15 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.15 14:25:14 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.15 14:25:14 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.05.15 14:25:14 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.05.15 14:25:14 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.05.15 14:25:14 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.15 14:25:14 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.05.15 14:25:14 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.05.15 14:25:14 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.05.15 14:25:14 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.05.15 14:25:14 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.05.15 14:25:13 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.15 14:25:13 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.15 14:25:12 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.14 19:28:40 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.14 19:28:40 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.14 19:28:39 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.14 19:28:39 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.14 19:28:39 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.14 19:28:39 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.06 16:45:42 | 000,024,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.06 16:45:42 | 000,024,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.06 16:43:49 | 001,622,100 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.06 16:43:49 | 000,700,380 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.06 16:43:49 | 000,655,092 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.06 16:43:49 | 000,149,176 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.06 16:43:49 | 000,121,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.06 16:38:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.06 16:38:28 | 2132,721,663 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.06 16:35:27 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Rico\Desktop\JRT.exe
[2013.06.06 16:35:20 | 000,000,140 | ---- | M] () -- C:\Windows\winamp.ini
[2013.06.06 16:34:32 | 000,632,031 | ---- | M] () -- C:\Users\Rico\Desktop\adwcleaner.exe
[2013.06.06 16:28:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-965118736-2546946651-4236771150-1000UA.job
[2013.06.06 15:41:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rico\Desktop\OTL.exe
[2013.06.06 14:22:22 | 000,000,795 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.06 14:22:09 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Rico\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.06 14:08:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-965118736-2546946651-4236771150-1000UA.job
[2013.06.06 02:08:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-965118736-2546946651-4236771150-1000Core.job
[2013.06.06 00:57:46 | 000,001,047 | ---- | M] () -- C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.06.05 16:13:16 | 000,366,614 | ---- | M] () -- C:\Users\Rico\Desktop\kaufiphone5 001.jpg
[2013.06.05 13:44:08 | 051,636,894 | ---- | M] (eRightSoft                                                  ) -- C:\Users\Rico\Desktop\SUPERsetup.exe
[2013.06.05 13:20:42 | 000,000,827 | ---- | M] () -- C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
[2013.06.05 00:34:17 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-965118736-2546946651-4236771150-1000Core.job
[2013.06.04 19:22:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 6915ca9d-9cfe-4463-932a-16ed847f4e70.job
[2013.05.30 18:27:49 | 000,062,094 | ---- | M] () -- C:\Users\Rico\Desktop\Verkaufsschild-iPhone-4-16-GB-Weiss-ohne-Simlock-neuwertig.pdf
[2013.05.29 17:41:37 | 000,002,350 | ---- | M] () -- C:\Users\Rico\Desktop\Google Chrome.lnk
[2013.05.27 21:30:12 | 000,045,846 | ---- | M] () -- C:\Users\Rico\Desktop\download.pdf
[2013.05.27 19:22:09 | 000,000,351 | ---- | M] () -- C:\Users\Rico\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.05.27 19:21:12 | 000,618,912 | ---- | M] (www.download-sponsor.de) -- C:\Users\Rico\Desktop\SuperAntiSpyware - CHIP-Downloader.exe
[2013.05.15 18:46:01 | 000,419,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.12 14:38:37 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\iFunbox.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.06 16:34:29 | 000,632,031 | ---- | C] () -- C:\Users\Rico\Desktop\adwcleaner.exe
[2013.06.06 14:22:22 | 000,000,795 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.05 16:13:16 | 000,366,614 | ---- | C] () -- C:\Users\Rico\Desktop\kaufiphone5 001.jpg
[2013.06.05 13:46:42 | 000,032,256 | -HS- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2013.05.30 18:27:49 | 000,062,094 | ---- | C] () -- C:\Users\Rico\Desktop\Verkaufsschild-iPhone-4-16-GB-Weiss-ohne-Simlock-neuwertig.pdf
[2013.05.29 17:41:37 | 000,002,350 | ---- | C] () -- C:\Users\Rico\Desktop\Google Chrome.lnk
[2013.05.27 21:34:42 | 004,168,821 | ---- | C] () -- C:\Users\Rico\Desktop\08 Rock & Roll Queen.mp3
[2013.05.27 21:30:12 | 000,045,846 | ---- | C] () -- C:\Users\Rico\Desktop\download.pdf
[2013.05.27 19:22:30 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 6915ca9d-9cfe-4463-932a-16ed847f4e70.job
[2013.05.27 19:22:09 | 000,000,351 | ---- | C] () -- C:\Users\Rico\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.03.21 19:50:01 | 000,007,605 | ---- | C] () -- C:\Users\Rico\AppData\Local\Resmon.ResmonCfg
[2013.03.06 19:02:08 | 000,000,171 | ---- | C] () -- C:\Windows\Clony2.ini
[2012.11.02 20:48:58 | 000,000,126 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.11.01 04:31:09 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012.10.26 20:03:37 | 001,641,574 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.15 17:58:58 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\GkSui18.EXE
[2012.08.12 17:10:11 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.08.12 17:10:10 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.08.08 18:01:24 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2012.08.01 21:16:49 | 000,003,348 | ---- | C] () -- C:\Windows\SysWow64\ludap17.ini
[2012.08.01 21:16:49 | 000,000,078 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2012.08.01 20:57:40 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.08.01 20:57:40 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.08.01 19:26:25 | 000,000,140 | ---- | C] () -- C:\Windows\winamp.ini
[2012.08.01 18:41:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.08.01 17:41:32 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.08.01 17:41:30 | 000,028,976 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.07.30 14:16:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.07.30 14:16:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.07.30 14:16:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.07.30 14:16:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.06.11 18:50:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.06.11 18:50:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.02 15:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.07 13:17:34 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\APP_NAME_NON_STRING
[2012.09.04 21:57:08 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Canneverbe Limited
[2012.08.01 19:43:39 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\DAEMON Tools Lite
[2012.10.31 16:05:34 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\DeepBurner
[2013.06.06 16:38:42 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Dropbox
[2012.10.31 21:17:43 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Epson
[2012.10.14 16:28:00 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\FRITZ!
[2012.10.14 16:26:51 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2013.05.12 14:38:41 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\iFunbox_UserCache
[2012.08.01 18:45:45 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Leadertech
[2012.08.01 19:16:03 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Miranda
[2013.03.30 12:13:05 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Origin
[2013.01.07 13:18:24 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\PDF Architect
[2012.08.30 17:01:08 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Samsung
[2012.10.15 22:14:47 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\streamripper
[2013.06.06 16:33:46 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\TS3Client
[2013.04.01 22:15:44 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\ts3overlay
[2013.02.28 22:03:22 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\uTorrent
[2013.04.03 20:18:30 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Vodafone Messenger PC
[2013.06.06 11:29:15 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\WebCake
[2012.08.21 11:59:15 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\WindSolutions
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:A035D7423CF14E98

< End of report >
         

--- --- ---

Hi,

ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte SecurityCheck und:

• Speichere es auf dem Desktop.
• Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
• Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches OTL log bitte. Noch Probleme?

bekomme bei SecurityCheck nur gesagt
UNSUPPORTED OPERATING SYSTEM! ABORTED!

ach ja hab win7 64 bit

Dann lass den weg

So hier die beiden Logfiles

Zitat:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f672ea5d757d494e82fd2e1123599d0e
# engine=14013
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-06 05:46:21
# local_time=2013-06-06 07:46:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 67902 235964071 60692 0
# compatibility_mode=5893 16776573 100 94 175627 122170631 0 0
# scanned=401547
# found=6
# cleaned=0
# scan_time=7166
sh=C9EB39AFAF693BB49A2649A34B685ED30D8F088D ft=1 fh=cd6d007f6116fdd9 vn="probably a variant of Win32/Adware.Yontoo.A application" ac=I fn="C:\Program Files (x86)\WebCake\WebCakeIEClient.dll"
sh=A96144C1D980B72EF71A99C7C6C022221504E407 ft=1 fh=2c0a91bc9d493f2d vn="multiple threats" ac=I fn="C:\Users\Rico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZCELXEO8\WebCakesetup[1].exe"
sh=DE173068B26F388420138BFD5186418136F15EB3 ft=1 fh=4be4c4f8421aba03 vn="probably a variant of Win32/TrojanDownloader.Banload.DVCGKVL trojan" ac=I fn="G:\Daten\Eigene Programme\Internet\Filme & Games downloadprogramme\RapidShare Link Grab Helper v1.0\RSLGH.exe"
sh=DA79FF32504C28CED361D37BE0574AA8C74FEBE5 ft=1 fh=9c3bdcf3a864f950 vn="probably a variant of Win32/Agent.DRFOJCG trojan" ac=I fn="G:\Daten\Eigene Programme\Wavelab 5\setup.exe"
sh=3B5B4E1760559AEEAAD93C400E3CA815C1C2C301 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="G:\Daten\Spass\Programme\Hotkeys.rar"
sh=89DC5F6AEB6BD411FD8191153623A461CB6FB62B ft=1 fh=3f74c93bf77dfdd8 vn="multiple threats" ac=I fn="G:\Daten\Spass\Programme\Hotkeys\TV Total\IMESHV3.EXE"

OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 07.06.2013 21:08:00 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rico\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,77 Gb Available Physical Memory | 72,28% Memory free
15,96 Gb Paging File | 12,87 Gb Available in Paging File | 80,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 31,15 Gb Total Space | 2,82 Gb Free Space | 9,07% Space Free | Partition Type: NTFS
Drive D: | 87,99 Gb Total Space | 68,76 Gb Free Space | 78,14% Space Free | Partition Type: NTFS
Drive E: | 368,10 Gb Total Space | 118,34 Gb Free Space | 32,15% Space Free | Partition Type: NTFS
Drive F: | 97,66 Gb Total Space | 41,23 Gb Free Space | 42,22% Space Free | Partition Type: NTFS
Drive G: | 1397,26 Gb Total Space | 429,23 Gb Free Space | 30,72% Space Free | Partition Type: NTFS
 
Computer Name: RICO-PC | User Name: Rico | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Rico\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Rico\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC)
PRC - C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe (WebCake LLC)
PRC - C:\Users\Rico\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - E:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe (Samsung Electronics.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\Rico\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
PRC - C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR)
PRC - C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR)
PRC - D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
PRC - E:\Program Files (x86)\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc.)
PRC - E:\Program Files (x86)\AI Suite II\EPU\EPUHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe ()
PRC - E:\Program Files (x86)\AI Suite II\AsRoutineController.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe ()
PRC - E:\Program Files (x86)\AI Suite II\Sensor\AlertHelper\AlertHelper.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - E:\Program Files (x86)\Streamripper\wstreamripper.exe ()
PRC - E:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - E:\Program Files (x86)\Winamp\winamp.exe (Nullsoft)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Rico\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Rico\AppData\Local\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Rico\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
MOD - C:\Users\Rico\AppData\Local\Google\Chrome\Application\27.0.1453.110\libglesv2.dll ()
MOD - C:\Users\Rico\AppData\Local\Google\Chrome\Application\27.0.1453.110\libegl.dll ()
MOD - C:\Users\Rico\AppData\Local\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll ()
MOD - E:\Program Files (x86)\Samsung SSD Magician\SAMSUNG_SSD.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Users\Rico\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Users\Rico\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll ()
MOD - C:\Users\Rico\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll ()
MOD - C:\Users\Rico\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6fd278018f0cf369362fc810f8aefcb5\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4cae4b1b6c8423f80d1f86eae7fd8203\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Users\Rico\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - E:\Program Files (x86)\AI Suite II\Sensor\Sensor.dll ()
MOD - E:\Program Files (x86)\AI Suite II\BarGadget\BarGadget.dll ()
MOD - E:\Program Files (x86)\AI Suite II\Sensor Graph\SensorGraph.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - E:\Program Files (x86)\AI Suite II\MyLogo\MyLogo.dll ()
MOD - E:\Program Files (x86)\AI Suite II\ASUS Update\Update.dll ()
MOD - E:\Program Files (x86)\AI Suite II\AssistFunc.dll ()
MOD - E:\Program Files (x86)\AI Suite II\Settings\Settings.dll ()
MOD - E:\Program Files (x86)\AI Suite II\Probe_II\ProbeII.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMLib.dll ()
MOD - E:\Program Files (x86)\AI Suite II\TabGadget\TabGadget.dll ()
MOD - E:\Program Files (x86)\AI Suite II\Splitter\Splitter.dll ()
MOD - E:\Program Files (x86)\AI Suite II\Sensor\AlertHelper\ImageHelper.dll ()
MOD - E:\Program Files (x86)\AI Suite II\ImageHelper.dll ()
MOD - E:\Program Files (x86)\AI Suite II\pngio.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()
MOD - E:\Program Files (x86)\Streamripper\wstreamripper.exe ()
MOD - E:\Program Files (x86)\Streamripper\streamripper.dll ()
MOD - E:\Program Files (x86)\Winamp\Plugins\gen_sripper.dll ()
MOD - C:\Windows\SysWOW64\CmdRtr.DLL ()
MOD - E:\Program Files (x86)\Streamripper\zlib1.dll ()
MOD - E:\Program Files (x86)\Streamripper\libintl-8.dll ()
MOD - E:\Program Files (x86)\Streamripper\libiconv-2.dll ()
MOD - E:\Program Files (x86)\Streamripper\ogg.dll ()
MOD - E:\Program Files (x86)\Streamripper\vorbis.dll ()
MOD - C:\Windows\SysWOW64\P17.dll ()
MOD - E:\Program Files (x86)\Winamp\Plugins\gen_ff.dll ()
MOD - E:\Program Files (x86)\Winamp\Plugins\in_cdda.dll ()
MOD - E:\Program Files (x86)\Winamp\Plugins\in_mp4.dll ()
MOD - E:\Program Files (x86)\Winamp\Plugins\in_mp3.dll ()
MOD - E:\Program Files (x86)\Winamp\Plugins\in_vorbis.dll ()
MOD - E:\Program Files (x86)\Winamp\Plugins\in_mod.dll ()
MOD - E:\Program Files (x86)\Winamp\Plugins\in_wm.dll ()
MOD - E:\Program Files (x86)\Winamp\Plugins\in_midi.dll ()
MOD - E:\Program Files (x86)\Winamp\Plugins\read_file.dll ()
MOD - E:\Program Files (x86)\Winamp\Plugins\gen_jumpex.dll ()
MOD - E:\Program Files (x86)\Winamp\Plugins\out_ds.dll ()
MOD - E:\Program Files (x86)\Winamp\Plugins\in_wave.dll ()
MOD - E:\Program Files (x86)\Winamp\Plugins\gen_hotkeys.dll ()
MOD - E:\Program Files (x86)\Winamp\Plugins\out_disk.dll ()
MOD - E:\Program Files (x86)\Winamp\Plugins\out_wave.dll ()
MOD - E:\Program Files (x86)\Winamp\Plugins\gen_tray.dll ()
MOD - E:\Program Files (x86)\Winamp\Deutsch.lng ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (EpsonScanSvc) -- C:\Windows\SysNative\escsvc64.exe (Seiko Epson Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (!SASCORE) -- E:\SASCore64.exe (SUPERAntiSpyware.com)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PDF Architect Helper Service) -- C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR)
SRV - (PDF Architect Service) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (AntiVirSchedulerService) -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (asComSvc) -- C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe ()
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- D:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (asHmComSvc) -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe ()
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.)
DRV:64bit: - (ICCWDT) -- C:\Windows\SysNative\drivers\ICCWDT.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tmnsusbser) -- C:\Windows\SysNative\drivers\tmnsusbser.sys (Wireless Device)
DRV:64bit: - (tmusbnet) -- C:\Windows\SysNative\drivers\tmusbnet.sys (QUALCOMM Incorporated)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (P17) -- C:\Windows\SysNative\drivers\P17.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (t3) -- C:\Windows\SysNative\drivers\t3.sys (Creative Technology Ltd.)
DRV:64bit: - (athrusb) -- C:\Windows\SysNative\drivers\athrxusb.sys (Atheros Communications, Inc.)
DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV:64bit: - (cdrbsdrv) -- C:\Windows\SysNative\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV:64bit: - (P1764) -- C:\Windows\SysNative\drivers\P1764.sys (Creative Technology Ltd.)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (cpuz135) -- d:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys (CPUID)
DRV - (SASDIFSV) -- E:\\SASDIFSV64.SYS ()
DRV - (SASKUTIL) -- E:\\SASKUTIL64.SYS ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (ElbyCDIO) -- C:\Windows\SysWOW64\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (ElbyDelay) -- C:\Windows\SysWOW64\drivers\ElbyDelay.sys (Elaborate Bytes AG)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-965118736-2546946651-4236771150-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-965118736-2546946651-4236771150-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-965118736-2546946651-4236771150-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-965118736-2546946651-4236771150-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C 08 07 73 03 70 CD 01  [binary data]
IE - HKU\S-1-5-21-965118736-2546946651-4236771150-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-965118736-2546946651-4236771150-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-965118736-2546946651-4236771150-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-965118736-2546946651-4236771150-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost; 127.0.0.1; <local>; www.google.de, www.facebook.com
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15
FF - prefs.js..extensions.enabledAddons: plugin%40getwebcake.com:1.00.01
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.http: "199.241.184.143"
FF - prefs.js..network.proxy.http_port: 3128
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: E:\Program Files (x86)\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rico\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rico\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Rico\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012.12.16 14:47:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.01.07 13:17:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\autolyrics@man-soft.net: C:\Program Files (x86)\AutoLyrics\FF\
 
[2012.08.01 19:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rico\AppData\Roaming\mozilla\Extensions
[2013.06.05 13:45:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rico\AppData\Roaming\mozilla\Firefox\Profiles\ion25bl6.default\extensions
[2013.05.29 22:37:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Rico\AppData\Roaming\mozilla\Firefox\Profiles\ion25bl6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.12.15 14:33:13 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\Users\Rico\AppData\Roaming\mozilla\Firefox\Profiles\ion25bl6.default\extensions\fdm_ffext@freedownloadmanager.org
[2013.06.05 13:45:21 | 000,000,000 | ---D | M] (WebCake) -- C:\Users\Rico\AppData\Roaming\mozilla\Firefox\Profiles\ion25bl6.default\extensions\plugin@getwebcake.com
[2013.06.02 20:10:20 | 000,004,503 | ---- | M] () (No name found) -- C:\Users\Rico\AppData\Roaming\mozilla\firefox\profiles\ion25bl6.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2013.05.09 13:26:19 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Rico\AppData\Roaming\mozilla\firefox\profiles\ion25bl6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rico\AppData\Local\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Rico\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Rico\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Happy Cloud Plugin (Disabled) = C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Rico\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Rico\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = E:\Program Files (x86)\Java\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: VLC Web Plugin (Enabled) = d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - Extension: Google Docs = C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0\
CHR - Extension: Google-Suche = C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Logitech SetPoint = C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.51.8_0\
CHR - Extension: WebCake = C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0\
CHR - Extension: Google Mail = C:\Users\Rico\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.09.20 17:42:51 | 000,000,915 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 178.63.74.210 status.wow-europe.com
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (WebCake) - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\WebCake\WebCakeIEClient.dll (WebCake LLC)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (AddLyrics) - {4145006D-47F8-42F2-8186-2225AAFECDD3} - C:\Program Files (x86)\AddLyrics\AddLyrics.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files (x86)\Java\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files (x86)\Java\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CloneCDTray] e:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [P17Helper] C:\Windows\SysWow64\P17.dll ()
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-965118736-2546946651-4236771150-1000..\Run: [DAEMON Tools Lite] E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-965118736-2546946651-4236771150-1000..\Run: [Facebook Update] C:\Users\Rico\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-965118736-2546946651-4236771150-1000..\Run: [SpybotSD TeaTimer] e:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-965118736-2546946651-4236771150-1000..\Run: [SUPERAntiSpyware] E:\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-965118736-2546946651-4236771150-1000..\Run: [WebCake Desktop] C:\Users\Rico\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-F50GB.exe" /REG /REGSVRMODE File not found
O4 - HKU\.DEFAULT..\RunOnce: [DefaultP17] C:\Windows\P17DEF.EXE (Creative Technology Ltd)
O4 - HKU\.DEFAULT..\RunOnce: [DefaultP17MIDI] C:\Windows\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\RunOnce: [DefaultP17] C:\Windows\P17DEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\RunOnce: [DefaultP17MIDI] C:\Windows\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rico\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Rico\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
O4 - Startup: C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk = E:\Program Files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe (Logitech, Inc.)
O4 - Startup: C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk = E:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe (Samsung Electronics.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-965118736-2546946651-4236771150-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-965118736-2546946651-4236771150-1000\..Trusted Domains: jdnas ([]file in Lokales Intranet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A8AD02A-DC95-4FE1-861E-1B5B18ADA50E}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B41A589-C6D5-4B1E-8A1C-592526FE98F3}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{912A429A-42EF-4CE7-82BF-E62BA49F8FC2}: DhcpNameServer = 192.168.123.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0B96586-C0A4-41F7-A45C-B537D9E667FA}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{857d421a-dbed-11e1-a4db-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{857d421a-dbed-11e1-a4db-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Bin\assetup.exe
O33 - MountPoints2\{d2f9f0cf-7d05-11e2-a58c-14dae9f49b36}\Shell - "" = AutoRun
O33 - MountPoints2\{d2f9f0cf-7d05-11e2-a58c-14dae9f49b36}\Shell\AutoRun\command - "" = K:\.\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.06 17:44:36 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Rico\Desktop\esetsmartinstaller_enu.exe
[2013.06.06 16:39:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.06 16:39:55 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.06 16:38:33 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.06.06 16:35:24 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Rico\Desktop\JRT.exe
[2013.06.06 15:41:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rico\Desktop\OTL.exe
[2013.06.06 14:22:35 | 000,000,000 | ---D | C] -- C:\Users\Rico\AppData\Roaming\Malwarebytes
[2013.06.06 14:22:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.06 14:22:21 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.06.06 14:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.06 14:22:04 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Rico\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.05 13:46:44 | 000,719,872 | -HS- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll
[2013.06.05 13:46:43 | 000,369,152 | -HS- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll
[2013.06.05 13:46:42 | 000,070,656 | -HS- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2013.06.05 13:46:42 | 000,070,656 | -HS- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll
[2013.06.05 13:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2013.06.05 13:45:54 | 000,000,000 | ---D | C] -- C:\Users\Rico\Documents\eRightSoft
[2013.06.05 13:45:45 | 000,327,749 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drvc.dll
[2013.06.05 13:45:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft
[2013.06.05 13:45:20 | 000,000,000 | ---D | C] -- C:\Users\Rico\AppData\Roaming\WebCake
[2013.06.05 13:45:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebCake
[2013.06.05 13:41:49 | 051,636,894 | ---- | C] (eRightSoft                                                  ) -- C:\Users\Rico\Desktop\SUPERsetup.exe
[2013.06.05 13:32:30 | 000,000,000 | ---D | C] -- C:\Users\Rico\Desktop\hochwasser
[2013.06.05 13:20:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung SSD Magician
[2013.06.04 01:35:53 | 000,000,000 | ---D | C] -- C:\Users\Rico\Desktop\emo
[2013.06.02 19:56:21 | 000,000,000 | ---D | C] -- C:\Users\Rico\Desktop\Neuer Ordner
[2013.05.30 14:42:57 | 000,000,000 | ---D | C] -- C:\Users\Rico\Desktop\ip4
[2013.05.27 19:22:27 | 000,000,000 | ---D | C] -- C:\Users\Rico\AppData\Roaming\SUPERAntiSpyware.com
[2013.05.27 19:22:09 | 000,000,000 | ---D | C] -- C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013.05.27 19:22:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013.05.27 19:21:12 | 000,618,912 | ---- | C] (www.download-sponsor.de) -- C:\Users\Rico\Desktop\SuperAntiSpyware - CHIP-Downloader.exe
[2013.05.15 14:25:15 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.15 14:25:15 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.15 14:25:14 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.15 14:25:14 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.05.15 14:25:14 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.05.15 14:25:14 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.05.15 14:25:14 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.15 14:25:14 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.05.15 14:25:14 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.05.15 14:25:14 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.05.15 14:25:14 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.05.15 14:25:14 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.05.15 14:25:13 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.15 14:25:13 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.15 14:25:12 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.14 19:28:40 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.14 19:28:40 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.14 19:28:39 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.14 19:28:39 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.14 19:28:39 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.14 19:28:39 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.07 20:28:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-965118736-2546946651-4236771150-1000UA.job
[2013.06.07 20:08:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-965118736-2546946651-4236771150-1000UA.job
[2013.06.07 19:22:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 6915ca9d-9cfe-4463-932a-16ed847f4e70.job
[2013.06.07 14:56:17 | 000,024,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.07 14:56:17 | 000,024,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.07 14:55:03 | 001,622,100 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.07 14:55:03 | 000,700,380 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.07 14:55:03 | 000,655,092 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.07 14:55:03 | 000,149,176 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.07 14:55:03 | 000,121,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.07 14:49:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.07 14:49:04 | 2132,721,663 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.07 02:30:48 | 000,000,140 | ---- | M] () -- C:\Windows\winamp.ini
[2013.06.07 02:08:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-965118736-2546946651-4236771150-1000Core.job
[2013.06.07 00:28:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-965118736-2546946651-4236771150-1000Core.job
[2013.06.06 20:09:09 | 000,890,839 | ---- | M] () -- C:\Users\Rico\Desktop\SecurityCheck.exe
[2013.06.06 17:44:36 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Rico\Desktop\esetsmartinstaller_enu.exe
[2013.06.06 17:29:49 | 000,002,358 | ---- | M] () -- C:\Users\Rico\Desktop\Google Chrome.lnk
[2013.06.06 17:29:05 | 000,162,380 | ---- | M] () -- C:\Users\Rico\Desktop\8109G.jpg
[2013.06.06 17:03:34 | 000,297,921 | ---- | M] () -- C:\Users\Rico\Desktop\photo.jpg
[2013.06.06 17:03:23 | 000,154,001 | ---- | M] () -- C:\Users\Rico\Desktop\photo (1).jpg
[2013.06.06 16:35:27 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Rico\Desktop\JRT.exe
[2013.06.06 16:34:32 | 000,632,031 | ---- | M] () -- C:\Users\Rico\Desktop\adwcleaner.exe
[2013.06.06 15:41:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rico\Desktop\OTL.exe
[2013.06.06 14:22:22 | 000,000,795 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.06 14:22:09 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Rico\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.06 00:57:46 | 000,001,047 | ---- | M] () -- C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.06.05 16:13:16 | 000,366,614 | ---- | M] () -- C:\Users\Rico\Desktop\kaufiphone5 001.jpg
[2013.06.05 13:44:08 | 051,636,894 | ---- | M] (eRightSoft                                                  ) -- C:\Users\Rico\Desktop\SUPERsetup.exe
[2013.06.05 13:20:42 | 000,000,827 | ---- | M] () -- C:\Users\Rico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
[2013.05.30 18:27:49 | 000,062,094 | ---- | M] () -- C:\Users\Rico\Desktop\Verkaufsschild-iPhone-4-16-GB-Weiss-ohne-Simlock-neuwertig.pdf
[2013.05.27 21:30:12 | 000,045,846 | ---- | M] () -- C:\Users\Rico\Desktop\download.pdf
[2013.05.27 19:22:09 | 000,000,351 | ---- | M] () -- C:\Users\Rico\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.05.27 19:21:12 | 000,618,912 | ---- | M] (www.download-sponsor.de) -- C:\Users\Rico\Desktop\SuperAntiSpyware - CHIP-Downloader.exe
[2013.05.15 18:46:01 | 000,419,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.12 14:38:37 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\iFunbox.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.06 20:09:08 | 000,890,839 | ---- | C] () -- C:\Users\Rico\Desktop\SecurityCheck.exe
[2013.06.06 17:29:05 | 000,162,380 | ---- | C] () -- C:\Users\Rico\Desktop\8109G.jpg
[2013.06.06 17:03:23 | 000,154,001 | ---- | C] () -- C:\Users\Rico\Desktop\photo (1).jpg
[2013.06.06 17:03:19 | 000,297,921 | ---- | C] () -- C:\Users\Rico\Desktop\photo.jpg
[2013.06.06 16:34:29 | 000,632,031 | ---- | C] () -- C:\Users\Rico\Desktop\adwcleaner.exe
[2013.06.06 14:22:22 | 000,000,795 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.05 16:13:16 | 000,366,614 | ---- | C] () -- C:\Users\Rico\Desktop\kaufiphone5 001.jpg
[2013.06.05 13:46:42 | 000,032,256 | -HS- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2013.05.30 18:27:49 | 000,062,094 | ---- | C] () -- C:\Users\Rico\Desktop\Verkaufsschild-iPhone-4-16-GB-Weiss-ohne-Simlock-neuwertig.pdf
[2013.05.29 17:41:37 | 000,002,358 | ---- | C] () -- C:\Users\Rico\Desktop\Google Chrome.lnk
[2013.05.27 21:34:42 | 004,168,821 | ---- | C] () -- C:\Users\Rico\Desktop\08 Rock & Roll Queen.mp3
[2013.05.27 21:30:12 | 000,045,846 | ---- | C] () -- C:\Users\Rico\Desktop\download.pdf
[2013.05.27 19:22:30 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 6915ca9d-9cfe-4463-932a-16ed847f4e70.job
[2013.05.27 19:22:09 | 000,000,351 | ---- | C] () -- C:\Users\Rico\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.03.21 19:50:01 | 000,007,605 | ---- | C] () -- C:\Users\Rico\AppData\Local\Resmon.ResmonCfg
[2013.03.06 19:02:08 | 000,000,171 | ---- | C] () -- C:\Windows\Clony2.ini
[2012.11.02 20:48:58 | 000,000,126 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.11.01 04:31:09 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012.10.26 20:03:37 | 001,641,574 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.15 17:58:58 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\GkSui18.EXE
[2012.08.12 17:10:11 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.08.12 17:10:10 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.08.08 18:01:24 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2012.08.01 21:16:49 | 000,003,348 | ---- | C] () -- C:\Windows\SysWow64\ludap17.ini
[2012.08.01 21:16:49 | 000,000,078 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2012.08.01 20:57:40 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.08.01 20:57:40 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.08.01 19:26:25 | 000,000,140 | ---- | C] () -- C:\Windows\winamp.ini
[2012.08.01 18:41:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.08.01 17:41:32 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.08.01 17:41:30 | 000,028,976 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.07.30 14:16:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.07.30 14:16:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.07.30 14:16:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.07.30 14:16:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.06.11 18:50:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.06.11 18:50:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.02 15:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.07 13:17:34 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\APP_NAME_NON_STRING
[2012.09.04 21:57:08 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Canneverbe Limited
[2012.08.01 19:43:39 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\DAEMON Tools Lite
[2012.10.31 16:05:34 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\DeepBurner
[2013.06.07 14:49:16 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Dropbox
[2012.10.31 21:17:43 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Epson
[2012.10.14 16:28:00 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\FRITZ!
[2012.10.14 16:26:51 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2013.05.12 14:38:41 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\iFunbox_UserCache
[2012.08.01 18:45:45 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Leadertech
[2012.08.01 19:16:03 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Miranda
[2013.03.30 12:13:05 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Origin
[2013.01.07 13:18:24 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\PDF Architect
[2012.08.30 17:01:08 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Samsung
[2012.10.15 22:14:47 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\streamripper
[2013.06.07 01:02:01 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\TS3Client
[2013.04.01 22:15:44 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\ts3overlay
[2013.02.28 22:03:22 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\uTorrent
[2013.04.03 20:18:30 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\Vodafone Messenger PC
[2013.06.06 11:29:15 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\WebCake
[2012.08.21 11:59:15 | 000,000,000 | ---D | M] -- C:\Users\Rico\AppData\Roaming\WindSolutions
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:A035D7423CF14E98

< End of report >
         

--- --- ---

Fixen mit OTL

• Starte bitte die OTL.exe.
• Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code: Alles auswählenAufklappen

ATTFilter

:OTL
FF - prefs.js..network.proxy.http: "199.241.184.143"
FF - prefs.js..network.proxy.http_port: 3128
O4 - HKU\S-1-5-21-965118736-2546946651-4236771150-1000..\Run: [WebCake Desktop] C:\Users\Rico\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC)

:files
C:\Program Files (x86)\WebCake
G:\Daten\Eigene Programme\Internet\Filme & Games downloadprogramme\RapidShare Link Grab Helper v1.0\RSLGH.exe
G:\Daten\Eigene Programme\Wavelab 5\setup.exe
G:\Daten\Spass\Programme\Hotkeys.rar
G:\Daten\Spass\Programme\Hotkeys\TV Total\IMESHV3.EXE
:Commands
[emptytemp]
         

• Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
• Schließe bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
  ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
  Kopiere nun den Inhalt hier in Deinen Thread

Noch Probleme?

ok habe die Schritte ausgeführt und neu gestartet und dann bekam ich die Textdatei

Zitat:

All processes killed
========== OTL ==========
Prefs.js: "199.241.184.143" removed from network.proxy.http
Prefs.js: 3128 removed from network.proxy.http_port
Registry value HKEY_USERS\S-1-5-21-965118736-2546946651-4236771150-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WebCake Desktop deleted successfully.
C:\Users\Rico\AppData\Roaming\WebCake\WebCakeDesktop.exe moved successfully.
========== FILES ==========
C:\Program Files (x86)\WebCake folder moved successfully.
G:\Daten\Eigene Programme\Internet\Filme & Games downloadprogramme\RapidShare Link Grab Helper v1.0\RSLGH.exe moved successfully.
G:\Daten\Eigene Programme\Wavelab 5\setup.exe moved successfully.
G:\Daten\Spass\Programme\Hotkeys.rar moved successfully.
G:\Daten\Spass\Programme\Hotkeys\TV Total\IMESHV3.EXE moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Rico
->Temp folder emptied: 1631140567 bytes
->Temporary Internet Files folder emptied: 41949274 bytes
->Java cache emptied: 15813746 bytes
->FireFox cache emptied: 345832898 bytes
->Google Chrome cache emptied: 259837411 bytes
->Flash cache emptied: 24866 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 150016 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21732774 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67960 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2.209,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06092013_144952

Files\Folders moved on Reboot...
C:\Users\Rico\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Rico\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

also ich gucke grad bissl rum und noch hab ich nix gefunden
vielen vielen dank für die Hilfe.
Gibt es was was ich tun kann um noch besser vorzubeugen, ausser nem Virenscanner und evtl Firewall. Welche Programme würdet ihr mir da so empfehlen?

Das kommt jetzt, wir sind fertig und räumen auf

Die Reihenfolge ist hier entscheidend.

1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
   • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
   • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
   • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
3. Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
   • Schließe alle offenen Programme.
   • Starte die delfix.exe mit einem Doppelklick.
   • Setze vor jede Funktion ein Häkchen.
   • Klicke auf Start.
   • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
   • Starte deinen Rechner abschließend neu.
4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob/Kritik loswerden möchtest:
Lob, Kritik und Wünsche - Trojaner-Board


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

• Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
• Windows Updates
  • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
  • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
• Gehe sicher das die automatischen Updates aktiviert sind.
• Software Updates
  Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
  Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

• Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

• MalwareBytes Anti Malware
  Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
  Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
  Ein Tutorial zur Verwendung findest Du hier.
• WinPatrol
  Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

• SpywareBlaster
  Eine kurze Einführung findest du Hier
• MVPs hosts file
  Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
• WOT (Web of trust)
  Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

• Opera
• Mozilla Firefox.
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts

• Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
• verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
• Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
• Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

ok habe delfix jetzt durchlaufen lassen und folgende Datei bekommen

Zitat:

# DelFix v10.3 - Datei am 09/06/2013 um 16:43:12 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Benutzer : Rico - RICO-PC
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Aktiviere die Benutzerkontensteuerung ... OK

~ Entferne die Bereinigungsprogramme ...

Gelöscht : C:\JRT
Gelöscht : C:\_OTL
Gelöscht : C:\AdwCleaner[R1].txt
Gelöscht : C:\AdwCleaner[S1].txt
Gelöscht : C:\Users\Rico\Desktop\adwcleaner.exe
Gelöscht : C:\Users\Rico\Desktop\AdwCleaner[R1].txt
Gelöscht : C:\Users\Rico\Desktop\AdwCleaner[S1].txt
Gelöscht : C:\Users\Rico\Desktop\esetsmartinstaller_enu.exe
Gelöscht : C:\Users\Rico\Desktop\Extras.Txt
Gelöscht : C:\Users\Rico\Desktop\JRT.exe
Gelöscht : C:\Users\Rico\Desktop\JRT.txt
Gelöscht : C:\Users\Rico\Desktop\OTL.Txt
Gelöscht : C:\Users\Rico\Desktop\OTL2.Txt
Gelöscht : C:\Users\Rico\Desktop\OTL.exe
Gelöscht : C:\Users\Rico\Desktop\SecurityCheck.exe
Gelöscht : HKLM\SOFTWARE\OldTimer Tools
Gelöscht : HKLM\SOFTWARE\AdwCleaner

~ Erstelle ein Backup der Registrierungsdatenbank ... OK

~ Lösche die Wiederherstellungspunkte ...


Ein neuer Wiederherstellungspunkt wurde erstellt !

~ Stelle die Systemeinstellungen wieder her ... OK

########## - EOF - ##########

Windows Updates mache ich regelmäßig. Und Virenscanner auch, werde mir jetzt wohl zusätzlich noch SpywareBlaster laden.
Gibt es noch ne gute Firewall die ich nutzen kann, hatte damsl mal ZoneAlarm aber mittlerweile nur noch die Windows FW.

Danke noch mal für die schnelle und sehr genaue Hilfestellung

Grüße

Windows Firewall is ok