GVU Trojaner

SabineS78 · 16.01.2013, 17:36

Hallo,
anbei der SystemLook.text.

SystemLook 30.07.11 by jpshortstuff
Log created at 17:29 on 16/01/2013 by Sabine
Administrator - Elevation successful

========== filefind ==========

Searching for "*iLivid*"
C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.dat --a--c- 232 bytes [13:55 30/11/2011] [13:55 30/11/2011] F01CEA7CE4333EA3E84076BE00413309
C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.exe --a--c- 3001198 bytes [13:55 30/11/2011] [14:24 03/11/2011] 9C0D16DA08434A1BA63E274C0A54328D
C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.lnk --a--c- 0 bytes [13:55 30/11/2011] [13:55 30/11/2011] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.msi --a--c- 265728 bytes [13:55 30/11/2011] [14:24 03/11/2011] A2D691886D299E9C9316220D43EA399E
C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.par --a--c- 1555 bytes [13:55 30/11/2011] [13:55 30/11/2011] D6F4EA05715FD2DD2F0D57E654AFC7B9
C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.res --a--c- 2350911 bytes [13:55 30/11/2011] [14:24 03/11/2011] 6896755F9F046FEE43E6DEC89E721B78
C:\Users\All Users\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.dat --a--c- 232 bytes [13:55 30/11/2011] [13:55 30/11/2011] F01CEA7CE4333EA3E84076BE00413309
C:\Users\All Users\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.exe --a--c- 3001198 bytes [13:55 30/11/2011] [14:24 03/11/2011] 9C0D16DA08434A1BA63E274C0A54328D
C:\Users\All Users\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.lnk --a--c- 0 bytes [13:55 30/11/2011] [13:55 30/11/2011] D41D8CD98F00B204E9800998ECF8427E
C:\Users\All Users\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.msi --a--c- 265728 bytes [13:55 30/11/2011] [14:24 03/11/2011] A2D691886D299E9C9316220D43EA399E
C:\Users\All Users\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.par --a--c- 1555 bytes [13:55 30/11/2011] [13:55 30/11/2011] D6F4EA05715FD2DD2F0D57E654AFC7B9
C:\Users\All Users\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.res --a--c- 2350911 bytes [13:55 30/11/2011] [14:24 03/11/2011] 6896755F9F046FEE43E6DEC89E721B78
C:\Users\Public\Desktop\iLivid Download Manager.lnk --a---- 873 bytes [13:55 30/11/2011] [13:55 30/11/2011] 98334F508B82101A5B2956F2695E959E
C:\Users\Sabine\Downloads\iLividSetupV1(1).exe --a---- 2060760 bytes [13:54 30/11/2011] [13:54 30/11/2011] A3524B9D0A9BF6462B0A53F7335241D4
C:\Users\Sabine\Downloads\iLividSetupV1.exe --a---- 2060760 bytes [17:12 28/11/2011] [17:12 28/11/2011] A3524B9D0A9BF6462B0A53F7335241D4

Searching for "*Searchqu*"
No files found.

Searching for "*DataMngr*"
No files found.

Searching for "*SweetIM*"
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@home.sweetim[1].txt --a---- 416 bytes [16:01 09/01/2013] [16:02 09/01/2013] 79566709C84E1F70EECD268277A89ED6

Searching for "*Conduit*"
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1206160 bytes [21:32 09/08/2012] [21:32 09/08/2012] 309B2B1B22EE841E49F62C7A6FB55E46
C:\Users\Sabine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J0UXOV6Q\appsmetadata_toolbar_conduit-services_com[1].txt --a---- 1260 bytes [22:52 11/01/2013] [22:52 11/01/2013] 8631C5AB80CBD577FF8BA4C4BF3E81EF
C:\Users\Sabine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J0UXOV6Q\translation_toolbar_conduit-services_com[1].txt --a---- 108056 bytes [22:52 11/01/2013] [22:52 11/01/2013] E9B17243769EE6FFBE574CFBDACABAE7
C:\Users\Sabine\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\0K2YQ2LT\facebook.conduitapps[1].xml --a---- 13 bytes [14:44 04/10/2012] [14:44 04/10/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\sabine@apps.conduit[1].txt --a---- 217 bytes [22:52 11/01/2013] [22:52 11/01/2013] 67975E6163D4F875674DABE181192A15
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\sabine@services.apps.conduit[1].txt --a---- 226 bytes [22:52 11/01/2013] [22:52 11/01/2013] 6D0E70BDA6382CB507CD1CA9934FB311
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\sabine@social.conduit[1].txt --a---- 219 bytes [22:52 11/01/2013] [22:52 11/01/2013] AB29B1170E7579CE9961C8C517BCBDAE
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@apps.conduit[1].txt --a---- 217 bytes [22:52 11/01/2013] [22:52 11/01/2013] EFAD7332731D3E85E8947AD28D8AA479
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@search.conduit[1].txt --a---- 163 bytes [16:02 09/01/2013] [16:02 09/01/2013] A1BCD8AEB949784AC5323B79B8CF1EF7
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@services.apps.conduit[1].txt --a---- 226 bytes [22:52 11/01/2013] [22:52 11/01/2013] 9CC507530F621EB30D86F0E81D57C065
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@social.conduit[1].txt --a---- 219 bytes [22:52 11/01/2013] [22:52 11/01/2013] C0C1A3E25ACA95F0535CCBBE25220A33

Searching for "*softonic*"
No files found.

Searching for "Ask"
No files found.

========== folderfind ==========

Searching for "*iLivid*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*DataMngr*"
No folders found.

Searching for "*SweetIM*"
No folders found.

Searching for "*Conduit*"
C:\Users\AppData\LocalLow\Conduit d------ [22:51 25/02/2011]

Searching for "*softonic*"
No folders found.

Searching for "Ask"
No folders found.

========== regfind ==========

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\iLivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files (x86)\iLivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1(2).exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid]
@="URL:ilivid Player"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid\shell\open\command]
@=""C:\Program Files (x86)\iLivid\ilivid.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160]
"ProductName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\SourceList]
"PackageName"="iLividSetupV1.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Applications\iLividSetupV1(2).exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\ilivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\ilivid]
@="URL:ilivid Player"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\ilivid\shell\open\command]
@=""C:\Program Files (x86)\iLivid\ilivid.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2D14257D02FF048419C2C3F7787732C8]
"2B1E51D87B2D71A44BB42DDD5E894160"="C:\Program Files (x86)\iLivid\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6770AEB7E06F926409292E7BC2601EFE]
"2B1E51D87B2D71A44BB42DDD5E894160"="01:\Software\ilivid\general\ReferrerID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AC8629C735242C4C8DA212489E5DE11]
"2B1E51D87B2D71A44BB42DDD5E894160"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"InstallLocation"="C:\Program Files (x86)\iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"DisplayName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Applications\iLividSetupV1(2).exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\ilivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\ilivid]
@="URL:ilivid Player"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\ilivid\shell\open\command]
@=""C:\Program Files (x86)\iLivid\ilivid.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
"InstallLocation"="C:\Program Files (x86)\iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
"DisplayName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
"UninstallString"="C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{80269624-336E-41BF-B278-32C270CA12B5}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3A2D4C09-6BF7-46DC-9848-DBF839F7EFFE}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{80269624-336E-41BF-B278-32C270CA12B5}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3A2D4C09-6BF7-46DC-9848-DBF839F7EFFE}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{80269624-336E-41BF-B278-32C270CA12B5}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3A2D4C09-6BF7-46DC-9848-DBF839F7EFFE}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_USERS\S-1-5-21-2719320216-1920363383-2196071213-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\iLivid]
[HKEY_USERS\S-1-5-21-2719320216-1920363383-2196071213-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files (x86)\iLivid]

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "DataMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{47A5D50F-ED54-4387-A3E3-3A4743253011}]
"AppPath"="C:\PROGRA~2\WI371A~1\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{80269624-336E-41BF-B278-32C270CA12B5}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3A2D4C09-6BF7-46DC-9848-DBF839F7EFFE}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{80269624-336E-41BF-B278-32C270CA12B5}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3A2D4C09-6BF7-46DC-9848-DBF839F7EFFE}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{80269624-336E-41BF-B278-32C270CA12B5}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3A2D4C09-6BF7-46DC-9848-DBF839F7EFFE}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"

Searching for "SweetIM"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27AD7445-03BD-49C4-BB5C-33881D70C31C}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Sabine\Downloads\SweetImSetup.exe|Name=SweetIM Installer|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B8E36E-BAA4-49CD-A7F2-EDCFAADD4E08}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Sabine\Downloads\SweetImSetup.exe|Name=SweetIM Installer|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27AD7445-03BD-49C4-BB5C-33881D70C31C}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Sabine\Downloads\SweetImSetup.exe|Name=SweetIM Installer|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B8E36E-BAA4-49CD-A7F2-EDCFAADD4E08}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Sabine\Downloads\SweetImSetup.exe|Name=SweetIM Installer|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27AD7445-03BD-49C4-BB5C-33881D70C31C}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Sabine\Downloads\SweetImSetup.exe|Name=SweetIM Installer|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B8E36E-BAA4-49CD-A7F2-EDCFAADD4E08}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Sabine\Downloads\SweetImSetup.exe|Name=SweetIM Installer|Edge=FALSE|"

Searching for "Conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"AE48807DEC2E935419BD7466CCE1F5F5"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"

Searching for "softonic"
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Users\Sabine\Downloads\SoftonicDownloader_fuer_izarc.exe"="ELEVATECREATEPROCESS"
[HKEY_USERS\S-1-5-21-2719320216-1920363383-2196071213-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Users\Sabine\Downloads\SoftonicDownloader_fuer_izarc.exe"="ELEVATECREATEPROCESS"

Searching for "Ask Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF\SourceList]
"PackageName"="Ask Toolbar.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B355C356-3D0F-4A93-8ADE-89C7BEA37A53}]
"Path"="\Scheduled Update for Ask Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar]

Searching for " "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{21C35C68-A6C5-4A75-8FFD-DB503CE6F67B}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
<Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{18CD34B7-7AA3-42b9-A303-5A729B2FF228}">
<Descriptor descriptorID="{ABE23B46-7F9F-495b-B4A9-87F41743727F}"/>
<Descriptor descriptorID="{B54162A2-F67F-46dc-9ED5-F6067520EC94}"/>
<Descriptor descriptorID="{7E0BC004-F80B-402d-A1FC-5FCDFF04DAB1}"/>
<Descriptor descriptorID="{BE562A5F-2A80-4c28-9752-74C696E2ABAF}"/>
</Rating>
</Ratings>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{DD05EAD9-FAA2-4A07-8AD3-FA36DC8F65C2}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
<Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{97D9239C-2BA3-4e1d-A710-B626DC4602A6}">
<Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
</Rating>
<Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{6948F4DF-FD98-41ea-979A-8364043D7FD6}"/>
<Rating ratingSystemID="{5B39D1B8-ED49-4055-8A47-04B29A579AD6}" ratingID="{9AE7AC26-0F9A-4f59-A167-00E4F6C96E26}">
<Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
</Rating>
<Rating ratingSystemID="{9AAFBACD-EAB9-4946-8BE8-C4D997927C81}" ratingID="{F7066480-67CC-4697-9B47-7E534B74089D}">
<Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
</R
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Resource>
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0001]
"DriverDesc"="iPod "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0001]
"FriendlyName"="iPod "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0003]
"DriverDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0003]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0007]
"DriverDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0007]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0015]
"DriverDesc"="PRS-T1 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0015]
"FriendlyName"="PRS-T1 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0019]
"DriverDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0019]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_#1010289201039 0&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_#1010289201039 0&0#]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_#1204181200206 2&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_#1204181200206 2&0#]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09021208F C1174&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09021208F C1174&0#]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_2.70# 000A270011A39AA4&0#]
"DeviceDesc"="iPod "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_2.70# 000A270011A39AA4&0#]
"FriendlyName"="iPod "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_SONY&PROD_PRS-T1&REV_2001#148427501415694&0#]
"DeviceDesc"="PRS-T1 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_SONY&PROD_PRS-T1&REV_2001#148427501415694&0#]
"FriendlyName"="PRS-T1 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0001]
"DriverDesc"="iPod "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0001]
"FriendlyName"="iPod "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0003]
"DriverDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0003]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0007]
"DriverDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0007]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0015]
"DriverDesc"="PRS-T1 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0015]
"FriendlyName"="PRS-T1 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0019]
"DriverDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0019]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_#1010289201039 0&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_#1010289201039 0&0#]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_#1204181200206 2&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_#1204181200206 2&0#]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09021208F C1174&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09021208F C1174&0#]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_2.70# 000A270011A39AA4&0#]
"DeviceDesc"="iPod "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_2.70# 000A270011A39AA4&0#]
"FriendlyName"="iPod "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_SONY&PROD_PRS-T1&REV_2001#148427501415694&0#]
"DeviceDesc"="PRS-T1 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_SONY&PROD_PRS-T1&REV_2001#148427501415694&0#]
"FriendlyName"="PRS-T1 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0001]
"DriverDesc"="iPod "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0001]
"FriendlyName"="iPod "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0003]
"DriverDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0003]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0007]
"DriverDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0007]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0015]
"DriverDesc"="PRS-T1 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0015]
"FriendlyName"="PRS-T1 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0019]
"DriverDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0019]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_#101028920 10390&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_#101028920 10390&0#]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_#120418120 02062&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_#120418120 02062&0#]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09021 208FC1174&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09021 208FC1174&0#]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_2 .70#000A270011A39AA4&0#]
"DeviceDesc"="iPod "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_2 .70#000A270011A39AA4&0#]
"FriendlyName"="iPod "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_SONY&PROD_PRS-T1&REV_2001#148427501415694&0#]
"DeviceDesc"="PRS-T1 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_SONY&PROD_PRS-T1&REV_2001#148427501415694&0#]
"FriendlyName"="PRS-T1 "

-= EOF =-

Viele Grüsse, Sabine

M-K-D-B · 16.01.2013, 19:18

Servus,

wir entfernen jetzt noch Reste und führen Kontrollsuchläufe durch:

Schritt 1

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
:services
:files
C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}
C:\Users\All Users\{08E30618-5D06-461B-BBD3-4ADFB0810824}
C:\Users\Public\Desktop\iLivid Download Manager.lnk
C:\Users\Sabine\Downloads\iLividSetupV1(1).exe
C:\Users\Sabine\Downloads\iLividSetupV1.exe
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@home.sweetim[1].txt
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\sabine@apps.conduit[1].txt
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\sabine@services.apps.conduit[1].txt
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\sabine@social.conduit[1].txt
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@apps.conduit[1].txt
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@search.conduit[1].txt
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@services.apps.conduit[1].txt
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@social.conduit[1].txt
C:\Users\AppData\LocalLow\Conduit

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{47A5D50F-ED54-4387-A3E3-3A4743253011}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{80269624-336E-41BF-B278-32C270CA12B5}"=-
"{3A2D4C09-6BF7-46DC-9848-DBF839F7EFFE}"=-
"{27AD7445-03BD-49C4-BB5C-33881D70C31C}"=-
"{00B8E36E-BAA4-49CD-A7F2-EDCFAADD4E08}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Users\Sabine\Downloads\SoftonicDownloader_fuer_izarc.exe"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B355C356-3D0F-4A93-8ADE-89C7BEA37A53}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1(2).exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Applications\iLividSetupV1(2).exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\ilivid]

:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Starte Malwarebytes' Anti-Malware, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4
Downloade Dir bitte SecurityCheck

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

die Logdatei von OTL,
die Logdatei von MBAM,
die Logdatei von ESET,
die Logdatei von SecurityCheck.

SabineS78 · 16.01.2013, 21:11

Hi,
hier schon mal die Logdatei von OTL:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 16.01.2013 20:53:10 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sabine\Desktop\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,05 Gb Available Physical Memory | 76,20% Memory free
8,22 Gb Paging File | 6,26 Gb Available in Paging File | 76,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 150,00 Gb Total Space | 53,63 Gb Free Space | 35,75% Space Free | Partition Type: NTFS
Drive D: | 756,51 Gb Total Space | 730,00 Gb Free Space | 96,50% Space Free | Partition Type: NTFS
Drive E: | 25,00 Gb Total Space | 24,91 Gb Free Space | 99,64% Space Free | Partition Type: NTFS
 
Computer Name: SABINES-PC | User Name: Sabine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sabine\Desktop\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - D:\Program Files (x86)\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
PRC - C:\Windows\SysWOW64\dgdersvc.exe (Devguru Co., Ltd.)
PRC - C:\Windows\SysWOW64\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
PRC - C:\Windows\DAODx.exe ()
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.)
PRC - C:\Windows\SysWOW64\sokscmnt.exe (SCM Microsystems)
PRC - C:\Windows\SysWOW64\sokscmpn.exe (SCM Microsystems)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Sabine\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll ()
MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\a8bd6b91bf16c6727723481b42ea3293\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\7a6057cfa7b4c9eb592d14e405aad34a\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\5f29a2d3dc6bdadb9751faaa0f230911\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c21fbb4bf27a7c8705e29f08827c9c7e\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\36b3b787a2942e629e87b1b96fa049d4\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\227927e469cb6b079e4cc7d81e38f8f5\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\1741fc5f7819af118d4de616016a8b2d\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\698b02e36bac06ac74077cc3ec6eced0\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\30740aecd686555cb6800b47cc80fae7\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\5c2eff65e7e457ea372f767c024c04f7\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4e03b2b9835e9cb4e879c703880fe74\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2d3806670b3c3e4163592b5aca62f8cc\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\d4e8a005f4cdd6528f1c7295d833877f\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU\ASUSSERVICE.DLL ()
MOD - C:\Windows\DAODx.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (Sony SCSI Helper Service) -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (StarMoney 7.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (SearchAnonymizer) -- C:\Users\Sabine\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (dgdersvc) -- C:\Windows\SysWOW64\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (FsUsbExService) -- C:\Windows\SysWOW64\FsUsbExService.Exe (Teruten)
SRV - (AMD Reservation Manager) -- D:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SCM_Smart_Card_Office_Kernel) -- C:\Windows\SysWOW64\sokscmnt.exe (SCM Microsystems)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\DRIVERS\ssudmdm.sys ()
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\DRIVERS\ssudbus.sys ()
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys ()
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys ()
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys ()
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys ()
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys ()
DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys ()
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\Drivers\TFsExDisk.sys ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\DRIVERS\nusb3xhc.sys ()
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\DRIVERS\nusb3hub.sys ()
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys ()
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\DRIVERS\amdiox64.sys ()
DRV:64bit: - (S3XXx64) -- C:\Windows\SysNative\DRIVERS\S3XXx64.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys ()
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys ()
DRV:64bit: - (USBCCID) -- C:\Windows\SysNative\DRIVERS\usbccid.sys ()
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV - (dgderdrv) -- C:\Windows\SysWOW64\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (FsUsbExDisk) -- C:\Windows\SysWOW64\FsUsbExDisk.Sys ()
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (SCR33x USB Smart Card Reader) -- C:\Windows\SysWOW64\drivers\SCR33x.sys (SCM Microsystems Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Bing
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 15 02 B9 95 1E D5 CB 01  [binary data]
IE - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Bing
IE - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\..\SearchScopes\{0E040F10-301D-4F3C-B35E-8C41E8FDA8FF}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=21c98645-e6d5-4c91-8471-1eace5eca192&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\..\SearchScopes\{18A155DB-CC36-474C-8C18-3E72373005E6}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=21c98645-e6d5-4c91-8471-1eace5eca192&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\..\SearchScopes\{28F56C94-08DC-46FB-9BC0-12874E440995}: "URL" = hxxp://www.google.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E64652F7365617263683F713D7B7365617263685465726D737D&st={searchTerms}&clid=21c98645-e6d5-4c91-8471-1eace5eca192&pid=freewarede&k=0
IE - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\..\SearchScopes\{2C8A31FB-4103-40DF-86D5-337D7671F073}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=21c98645-e6d5-4c91-8471-1eace5eca192&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\..\SearchScopes\{6B3C55C4-48CB-4AB4-9F08-5ECD079B150A}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=21c98645-e6d5-4c91-8471-1eace5eca192&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\..\SearchScopes\{8E4C94BC-9B02-465C-9B94-DCA6670F90E3}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=21c98645-e6d5-4c91-8471-1eace5eca192&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\..\SearchScopes\{BAEFE9B0-3F4C-4668-B2B6-AA5DD69AEA8D}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=21c98645-e6d5-4c91-8471-1eace5eca192&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\..\SearchScopes\{F8549710-68EB-411E-BE11-51230C5D4B5B}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.1.20121011034613
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {0e3dbc69-a682-48da-84e1-82c63a5d678e}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {a51a36e6-31e7-4838-9ff7-76298b527ec0}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012.12.29 19:06:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2013.01.10 22:08:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.12 08:02:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: D:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.12 09:16:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: D:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox [2011.08.28 13:55:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2013.01.10 22:08:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.12 08:02:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: D:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.12 09:16:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: D:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.11.30 14:55:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sabine\AppData\Roaming\mozilla\Extensions
[2010.12.26 08:51:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sabine\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.01.13 20:21:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sabine\AppData\Roaming\mozilla\Firefox\Profiles\716td2vp.default\extensions
[2012.10.12 05:11:30 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Sabine\AppData\Roaming\mozilla\Firefox\Profiles\716td2vp.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.08.28 13:55:51 | 000,002,077 | ---- | M] () -- C:\Users\Sabine\AppData\Roaming\mozilla\firefox\profiles\716td2vp.default\searchplugins\{38FE8752-1854-4993-968E-73FA0CD4415D}.xml
[2011.08.28 13:55:51 | 000,001,870 | ---- | M] () -- C:\Users\Sabine\AppData\Roaming\mozilla\firefox\profiles\716td2vp.default\searchplugins\{8F1844A0-B483-4E93-9428-E3CBE1B22C01}.xml
[2011.08.28 13:55:51 | 000,002,188 | ---- | M] () -- C:\Users\Sabine\AppData\Roaming\mozilla\firefox\profiles\716td2vp.default\searchplugins\{CCD49770-2ECC-4FA2-923E-F91FE61D0473}.xml
 
========== Chrome  ==========
 
CHR - homepage: Google
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: Google
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Reader Application Detector (Enabled) = C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files (x86)\Mozilla Plugins\npitunes.dll
CHR - Extension: Internetradio Deutschland = C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\agclceincpmoblobmbhhbdfmplndgndf\1_0\
CHR - Extension: YouTube = C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Kalender = C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Facebook for Chrome = C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp\6.2.2_0\
CHR - Extension: RealDownloader = C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: preisspion.de = C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfpelakfkbbkkdchaaaknckhoadkcbo\3.0.2_0\
CHR - Extension: Google Mail = C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013.01.13 21:22:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll (Conversion One GmbH)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Sabine\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CHIPDRIVEPinManager] C:\Windows\SysWOW64\sokscmpn.exe (SCM Microsystems)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [iTunesHelper] D:\Program Files (x86)\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F24B0481-22E0-41F6-BDA7-0976FAD7DFB0}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O24 - Desktop WallPaper: C:\Users\Sabine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sabine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.13 21:30:38 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.01.13 21:24:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.13 21:22:05 | 000,000,000 | ---D | C] -- C:\Users\Sabine\AppData\Local\temp
[2013.01.13 21:02:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.01.13 21:02:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.01.13 21:02:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.01.13 21:02:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.13 21:01:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.13 20:35:18 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.01.13 20:35:03 | 000,000,000 | ---D | C] -- C:\JRT
[2013.01.13 14:42:17 | 000,000,000 | ---D | C] -- C:\Users\Sabine\Desktop\Desktop
[2013.01.13 09:01:09 | 000,000,000 | ---D | C] -- C:\Users\Sabine\AppData\Roaming\Malwarebytes
[2013.01.13 09:00:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.13 09:00:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.13 09:00:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.09 20:21:35 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013.01.06 18:37:00 | 000,000,000 | ---D | C] -- C:\Users\Sabine\Desktop\order_detail.aspx-Dateien
[2012.12.29 19:07:10 | 000,000,000 | ---D | C] -- C:\Users\Sabine\AppData\Roaming\RealNetworks
[2012.12.29 19:06:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2012.12.29 19:05:59 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2012.12.29 19:05:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012.12.29 19:05:37 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012.12.29 19:05:07 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012.12.29 19:05:07 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012.12.29 19:05:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012.12.29 19:05:00 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012.12.22 11:30:46 | 000,000,000 | ---D | C] -- C:\Users\Sabine\AppData\Local\Vast Studios
[2012.12.22 11:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEUTSCHLAND SPIELT
[2012.12.22 11:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DEUTSCHLAND SPIELT
[2012.12.22 11:29:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OXXOGames
[2012.12.20 06:08:16 | 000,000,000 | ---D | C] -- C:\Users\Sabine\Documents\Servicekonferenz
[2012.12.20 06:03:50 | 000,000,000 | ---D | C] -- C:\Users\Sabine\Documents\Bücher
[2012.12.17 22:30:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.12.17 22:30:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.12.17 22:30:05 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.12.17 22:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.16 20:32:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.16 20:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.16 19:55:29 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{89D75358-13C5-4B32-8DCA-4F2BF7B3C54E}.job
[2013.01.16 19:21:05 | 000,004,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.16 19:21:04 | 000,004,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.16 18:32:02 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.16 17:21:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.13 21:22:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.01.13 14:36:35 | 000,000,000 | ---- | M] () -- C:\Users\Sabine\defogger_reenable
[2013.01.13 09:01:00 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.10 22:11:22 | 000,002,816 | ---- | M] () -- C:\Users\Sabine\Desktop\Mitglieder01.13.csv
[2013.01.09 16:56:23 | 000,002,913 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.09 16:27:37 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.01.09 16:27:37 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.07 22:04:25 | 000,044,032 | ---- | M] () -- C:\Users\Sabine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.06 19:30:09 | 000,313,416 | ---- | M] () -- C:\Users\Sabine\Desktop\order_detail.aspx.pdf
[2013.01.06 19:29:25 | 001,822,170 | ---- | M] () -- C:\Users\Sabine\Desktop\order_detail.aspx.htm
[2013.01.06 18:34:17 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013.01.06 17:52:50 | 000,850,932 | ---- | M] () -- C:\Users\Sabine\Desktop\Logo.pdf
[2013.01.06 17:03:00 | 003,764,373 | ---- | M] () -- C:\Users\Sabine\Desktop\477_frank-beer_DE_HF_Nr4HF.jpg
[2013.01.06 17:02:51 | 002,369,503 | ---- | M] () -- C:\Users\Sabine\Desktop\DS4_2015v5.jpg
[2013.01.03 22:07:50 | 000,245,697 | ---- | M] () -- C:\Users\Sabine\Desktop\MDT_Werbung_Zumba.pdf
[2013.01.03 22:07:41 | 000,237,712 | ---- | M] () -- C:\Users\Sabine\Desktop\MDT_Werbung_DanceMix.pdf
[2013.01.03 20:32:18 | 000,497,128 | ---- | M] () -- C:\Users\Sabine\Desktop\2013_www_Tanzkurs.jpg
[2013.01.02 17:59:55 | 000,052,904 | ---- | M] () -- C:\Users\Sabine\Desktop\mdt_Hzt_Tanzkurs_gelbeRosen_HighRes.jpg
[2012.12.29 19:06:28 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012.12.29 19:05:37 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012.12.29 19:05:07 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012.12.29 19:05:07 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012.12.29 19:05:01 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012.12.22 11:29:47 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\GAME CENTER.lnk
[2012.12.22 11:29:43 | 000,001,367 | ---- | M] () -- C:\Users\Public\Desktop\Nightfall Mysteries Der Fluch der Oper.lnk
[2012.12.20 06:05:26 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.20 06:05:26 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.20 06:05:26 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.20 06:05:26 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.20 06:05:26 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.17 22:30:42 | 000,001,442 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
 
========== Files Created - No Company Name ==========
 
[2013.01.13 21:02:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.01.13 21:02:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.01.13 21:02:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.01.13 21:02:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.01.13 21:02:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.13 14:36:35 | 000,000,000 | ---- | C] () -- C:\Users\Sabine\defogger_reenable
[2013.01.13 09:01:00 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.13 09:00:59 | 000,024,176 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.10 22:11:22 | 000,002,816 | ---- | C] () -- C:\Users\Sabine\Desktop\Mitglieder01.13.csv
[2013.01.09 16:56:23 | 000,002,913 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.06 19:30:09 | 000,313,416 | ---- | C] () -- C:\Users\Sabine\Desktop\order_detail.aspx.pdf
[2013.01.06 18:36:59 | 001,822,170 | ---- | C] () -- C:\Users\Sabine\Desktop\order_detail.aspx.htm
[2013.01.06 17:52:48 | 000,850,932 | ---- | C] () -- C:\Users\Sabine\Desktop\Logo.pdf
[2013.01.06 17:02:59 | 003,764,373 | ---- | C] () -- C:\Users\Sabine\Desktop\477_frank-beer_DE_HF_Nr4HF.jpg
[2013.01.06 17:02:33 | 002,369,503 | ---- | C] () -- C:\Users\Sabine\Desktop\DS4_2015v5.jpg
[2013.01.03 22:07:50 | 000,245,697 | ---- | C] () -- C:\Users\Sabine\Desktop\MDT_Werbung_Zumba.pdf
[2013.01.03 22:07:41 | 000,237,712 | ---- | C] () -- C:\Users\Sabine\Desktop\MDT_Werbung_DanceMix.pdf
[2013.01.03 20:32:17 | 000,497,128 | ---- | C] () -- C:\Users\Sabine\Desktop\2013_www_Tanzkurs.jpg
[2013.01.02 17:59:52 | 000,052,904 | ---- | C] () -- C:\Users\Sabine\Desktop\mdt_Hzt_Tanzkurs_gelbeRosen_HighRes.jpg
[2012.12.31 12:19:44 | 000,203,320 | ---- | C] () -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2012.12.31 12:19:44 | 000,099,384 | ---- | C] () -- C:\Windows\SysNative\drivers\ssudbus.sys
[2012.12.29 19:06:28 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012.12.22 11:29:47 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\GAME CENTER.lnk
[2012.12.22 11:29:43 | 000,001,367 | ---- | C] () -- C:\Users\Public\Desktop\Nightfall Mysteries Der Fluch der Oper.lnk
[2012.12.17 22:30:42 | 000,001,442 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.17 10:44:52 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.10.10 06:30:43 | 000,000,680 | ---- | C] () -- C:\Users\Sabine\AppData\Local\d3d9caps.dat
[2012.05.23 17:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.10.08 23:35:46 | 2138,636,840 | ---- | C] () -- C:\Users\Sabine\FotobuchHochzeitFinale.cpr
[2011.05.01 09:58:34 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll
[2011.05.01 09:58:34 | 000,036,640 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys
[2011.02.28 20:19:00 | 000,044,032 | ---- | C] () -- C:\Users\Sabine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.21 18:32:10 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.02.21 18:32:10 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7440N.DAT
[2011.02.21 18:31:24 | 000,000,214 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011.02.21 18:31:24 | 000,000,076 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011.02.21 18:29:58 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2011.02.21 18:29:58 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2011.02.21 18:29:57 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011.02.21 18:29:57 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011.02.21 18:29:57 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2010.12.23 16:26:13 | 000,000,732 | ---- | C] () -- C:\Users\Sabine\AppData\Local\d3d9caps64.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011.01.21 16:56:31 | 012,898,304 | ---- | M] ()
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.03.03 05:53:36 | 000,891,392 | ---- | M] ()
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] ()
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
 
========== LOP Check ==========
 
[2011.02.13 10:28:31 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Aisle 5 Games, Inc
[2011.06.13 14:56:08 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\BloodTies
[2011.06.10 21:39:32 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Blue Tea Games
[2011.08.28 13:56:10 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\cbl electronics inc
[2011.08.28 13:59:36 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\CBL-Electronics
[2011.06.13 15:32:44 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Enki Games
[2011.06.10 14:59:38 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\ERS G-Studio
[2011.06.22 20:17:16 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\ERS Game Studios
[2011.05.03 21:19:11 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Finstere Liebschaft
[2011.04.19 20:28:57 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Flood Light Games
[2011.05.08 09:17:51 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Floodlight Games
[2011.12.20 10:59:55 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Fotobuchexpress24
[2011.06.09 23:04:52 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Freeze Tag
[2011.06.08 21:13:02 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Friday's games
[2011.06.17 12:38:43 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Frogwares
[2011.04.26 22:01:37 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Games
[2011.04.17 18:35:28 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Gogii
[2011.06.10 21:06:23 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Gogii Games
[2011.02.13 15:04:18 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\GTM_Bodie
[2011.06.09 22:34:44 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\MA2
[2011.06.16 22:10:49 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Merscom
[2011.04.10 20:32:27 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Mystery of Mortlake Mansion
[2011.02.13 12:48:28 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Oberon 3 Days Zoo Mystery
[2011.08.28 13:55:41 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\OCS
[2011.08.28 13:55:52 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Opera
[2011.04.13 21:09:06 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Phantasmat_bf_ce1
[2011.04.13 19:54:31 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Phantasmat_oberon_se
[2011.05.22 12:23:13 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\PlayPond
[2011.04.29 19:27:01 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Princess Isabella
[2012.06.12 18:59:46 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Samsung
[2012.12.31 13:07:56 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Temp
[2010.12.26 08:51:56 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Thunderbird
[2011.04.12 15:29:47 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Top Evidence
[2011.01.05 20:21:57 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\TS3Client
[2011.03.27 09:30:25 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Ubisoft
[2011.02.26 17:42:44 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Uniblue
[2012.12.23 12:21:29 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\UseNeXT
[2011.05.28 21:55:02 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\VampireSaga
[2011.06.16 22:34:55 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Vogat Interactive
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< :OTL >
[2006.11.02 16:42:03 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 16:42:03 | 000,032,562 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.01.07 20:14:45 | 000,000,424 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{89D75358-13C5-4B32-8DCA-4F2BF7B3C54E}.job
[2012.04.17 05:20:47 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.07.15 15:08:30 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.07.15 15:08:31 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
 
< :services >
 
< :files >
 
< C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824} >
 
< C:\Users\All Users\{08E30618-5D06-461B-BBD3-4ADFB0810824} >
 
< C:\Users\Public\Desktop\iLivid Download Manager.lnk >
[2011.11.30 14:55:37 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\iLivid Download Manager.lnk
 
< C:\Users\Sabine\Downloads\iLividSetupV1(1).exe >
[2011.11.30 14:54:34 | 002,060,760 | ---- | M] (Bandoo Media Inc.                                                                                                                                                                                                                                                                                           ) -- C:\Users\Sabine\Downloads\iLividSetupV1(1).exe
 
< C:\Users\Sabine\Downloads\iLividSetupV1.exe >
[2011.11.28 18:12:09 | 002,060,760 | ---- | M] (Bandoo Media Inc.                                                                                                                                                                                                                                                                                           ) -- C:\Users\Sabine\Downloads\iLividSetupV1.exe
 
< C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@home.sweetim[1].txt >
[2013.01.09 17:02:04 | 000,000,416 | ---- | M] () -- C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@home.sweetim[1].txt
 
< C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\sabine@apps.conduit[1].txt >
[2013.01.11 23:52:05 | 000,000,217 | ---- | M] () -- C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\sabine@apps.conduit[1].txt
 
< C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\sabine@services.apps.conduit[1].txt >
[2013.01.11 23:52:05 | 000,000,226 | ---- | M] () -- C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\sabine@services.apps.conduit[1].txt
 
< C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\sabine@social.conduit[1].txt >
[2013.01.11 23:52:05 | 000,000,219 | ---- | M] () -- C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\sabine@social.conduit[1].txt
 
< C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@apps.conduit[1].txt >
[2013.01.11 23:52:05 | 000,000,217 | ---- | M] () -- C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@apps.conduit[1].txt
 
< C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@search.conduit[1].txt >
[2013.01.09 17:02:10 | 000,000,163 | ---- | M] () -- C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@search.conduit[1].txt
 
< C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@services.apps.conduit[1].txt >
[2013.01.11 23:52:05 | 000,000,226 | ---- | M] () -- C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@services.apps.conduit[1].txt
 
< C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@social.conduit[1].txt >
[2013.01.11 23:52:05 | 000,000,219 | ---- | M] () -- C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@social.conduit[1].txt
 
< C:\Users\AppData\LocalLow\Conduit >
 
<  >
 
< :reg >
 
< [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{47A5D50F-ED54-4387-A3E3-3A4743253011}] >
 
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] >
 
< "{80269624-336E-41BF-B278-32C270CA12B5}"=- >
 
< "{3A2D4C09-6BF7-46DC-9848-DBF839F7EFFE}"=- >
 
< "{27AD7445-03BD-49C4-BB5C-33881D70C31C}"=- >
 
< "{00B8E36E-BAA4-49CD-A7F2-EDCFAADD4E08}"=- >
 
< [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers] >
 
< "C:\Users\Sabine\Downloads\SoftonicDownloader_fuer_izarc.exe"=- >
 
< [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF] >
 
< [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B355C356-3D0F-4A93-8ADE-89C7BEA37A53}] >
 
< [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar] >
 
< [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1(2).exe] >
 
< [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid] >
 
< [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160] >
 
< [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}] >
 
< [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Applications\iLividSetupV1(2).exe] >
 
< [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\ilivid] >
 
<  >
 
< :Commands >
 
< [emptytemp] >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:52FE3CCD
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:A9C7B545
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:9C504A4D
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:726A7C8D
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:8D8F3340
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:EBE4F6FC
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:87FA5E8A
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:E690114B
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:1B389835
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:E2CFA9CD
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:4ABFB16D
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:204BEE0F
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:30997E0F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:8DCF53BE
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:A98B0BB8
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:2A8CD561
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:2AF322BF
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:FB97DB91

< End of report >

--- --- ---

mbam-log:

Malwarebytes Anti-Malware (Test) 1.70.0.1100
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.01.16.08

Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 8.0.6001.19088
Sabine :: SABINES-PC [Administrator]

Schutz: Aktiviert

16.01.2013 21:14:41
mbam-log-2013-01-16 (21-14-41).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 219095
Laufzeit: 2 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=de66397e9e639448b700251732d83f56
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-16 10:00:28
# local_time=2013-01-16 11:00:28 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1799 16775165 100 99 21239 223796918 9959 0
# compatibility_mode=5892 16776574 100 100 63948 195897534 0 0
# scanned=260478
# found=2
# cleaned=0
# scan_time=4053
C:\ProgramData\dsgsdgdsgdsgw.js JS/Agent.NID trojan B10B9733C8386028B2F356CB2E17E5B7ABD3CB53 I
C:\Users\All Users\dsgsdgdsgdsgw.js JS/Agent.NID trojan B10B9733C8386028B2F356CB2E17E5B7ABD3CB53 I

Und der letzte Text :

Results of screen317's Security Check version 0.99.57
Windows Vista Service Pack 1 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.70.0.1100
JavaFX 2.1.1
Java(TM) 6 Update 29
Java 7 Update 9
Java version out of Date!
Adobe Flash Player 11.5.502.146
Adobe Reader 10.1.5 Adobe Reader out of Date!
Mozilla Firefox (4.0.1)
Mozilla Thunderbird (3.1.7) Thunderbird out of Date!
Google Chrome 23.0.1271.97
Google Chrome 24.0.1312.52
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
StarMoney 7.0 S-Edition ouservice StarMoneyOnlineUpdate.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

M-K-D-B · 17.01.2013, 16:17

Servus,

du hast meine Anleitung zu OTL nicht richtig gelesen. Ich wollte einen Fix sehen und keinen Scan!

Liest du auch das, was ich schreibe oder drückst du nur "irgendwas", worauf du gerade Bock hast

Wir versuchen es nochmal...

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:files
C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}
C:\Users\All Users\{08E30618-5D06-461B-BBD3-4ADFB0810824}
C:\Users\Public\Desktop\iLivid Download Manager.lnk
C:\Users\Sabine\Downloads\iLividSetupV1(1).exe
C:\Users\Sabine\Downloads\iLividSetupV1.exe
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@home.sweetim[1].txt
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\sabine@apps.conduit[1].txt
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\sabine@services.apps.conduit[1].txt
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\sabine@social.conduit[1].txt
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@apps.conduit[1].txt
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@search.conduit[1].txt
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@services.apps.conduit[1].txt
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@social.conduit[1].txt
C:\Users\AppData\LocalLow\Conduit
C:\ProgramData\dsgsdgdsgdsgw.js
C:\Users\All Users\dsgsdgdsgdsgw.js

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{47A5D50F-ED54-4387-A3E3-3A4743253011}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{80269624-336E-41BF-B278-32C270CA12B5}"=-
"{3A2D4C09-6BF7-46DC-9848-DBF839F7EFFE}"=-
"{27AD7445-03BD-49C4-BB5C-33881D70C31C}"=-
"{00B8E36E-BAA4-49CD-A7F2-EDCFAADD4E08}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Users\Sabine\Downloads\SoftonicDownloader_fuer_izarc.exe"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B355C356-3D0F-4A93-8ADE-89C7BEA37A53}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1(2).exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Applications\iLividSetupV1(2).exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\ilivid]

:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

SabineS78 · 17.01.2013, 16:47

Hi,
bitte entschuldige vielmals meinen Fehler. Natürlich lese ich Deine Anweisungen und drücke nicht irgendwas. Bisher hab ich doch alles immer nach Deinen Anweisungen gemacht - habe mich nur diesmal mit Scan und Fix verklickt.
Also hier jetzt hoffentlich die richtige Datei:

All processes killed
========== FILES ==========
C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824} folder moved successfully.
File\Folder C:\Users\All Users\{08E30618-5D06-461B-BBD3-4ADFB0810824} not found.
C:\Users\Public\Desktop\iLivid Download Manager.lnk moved successfully.
C:\Users\Sabine\Downloads\iLividSetupV1(1).exe moved successfully.
C:\Users\Sabine\Downloads\iLividSetupV1.exe moved successfully.
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@home.sweetim[1].txt moved successfully.
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\sabine@apps.conduit[1].txt moved successfully.
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\sabine@services.apps.conduit[1].txt moved successfully.
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\sabine@social.conduit[1].txt moved successfully.
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@apps.conduit[1].txt moved successfully.
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@search.conduit[1].txt moved successfully.
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@services.apps.conduit[1].txt moved successfully.
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@social.conduit[1].txt moved successfully.
C:\Users\AppData\LocalLow\Conduit\Community Alerts\Log folder moved successfully.
C:\Users\AppData\LocalLow\Conduit\Community Alerts folder moved successfully.
C:\Users\AppData\LocalLow\Conduit folder moved successfully.
C:\ProgramData\dsgsdgdsgdsgw.js moved successfully.
File\Folder C:\Users\All Users\dsgsdgdsgdsgw.js not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{47A5D50F-ED54-4387-A3E3-3A4743253011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47A5D50F-ED54-4387-A3E3-3A4743253011}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{80269624-336E-41BF-B278-32C270CA12B5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80269624-336E-41BF-B278-32C270CA12B5}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3A2D4C09-6BF7-46DC-9848-DBF839F7EFFE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A2D4C09-6BF7-46DC-9848-DBF839F7EFFE}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{27AD7445-03BD-49C4-BB5C-33881D70C31C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27AD7445-03BD-49C4-BB5C-33881D70C31C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{00B8E36E-BAA4-49CD-A7F2-EDCFAADD4E08} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00B8E36E-BAA4-49CD-A7F2-EDCFAADD4E08}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\\C:\Users\Sabine\Downloads\SoftonicDownloader_fuer_izarc.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B355C356-3D0F-4A93-8ADE-89C7BEA37A53}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B355C356-3D0F-4A93-8ADE-89C7BEA37A53}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1(2).exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Applications\iLividSetupV1(2).exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\ilivid\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Sabine
->Temp folder emptied: 8343951 bytes
->Temporary Internet Files folder emptied: 302929039 bytes
->Java cache emptied: 3389594 bytes
->FireFox cache emptied: 138849366 bytes
->Google Chrome cache emptied: 406082925 bytes
->Flash cache emptied: 118811825 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 268442894 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 122584 bytes

Total Files Cleaned = 1.189,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01172013_164036

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UKT7V69D\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OBTMPYAH\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWTG0XA8\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C6AVC9EW\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

M-K-D-B · 17.01.2013, 16:53

Servus,

gut gemacht.

Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Download und installiere als Erstes:
Vista Service Pack 2
Internet Explorer 9

Schritt 1
Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

Downloade dir bitte die neueste Java-Version von hier:
Java Download (64 bit)
Speichere die Datei auf deinem Desktop.
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die Datei. Diese wird die neueste Java Version ( Java 7 Update 11 ) installieren.
Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
Wenn die Installation beendet wurde
Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
Klicke auf Dateien löschen....
Gehe sicher das überall ein Haken gesetzt ist und klicke OK.
Klicke erneut OK.

schneller Plugin-Test: PluginCheck

Schritt 2
Deine Version von Adobe Flash Player ist veraltet.
Bitte folge diesen Schritte, um Adobe Flash zu aktualisieren:

Bitte besuche diese Seite von Adobe.
Wähle dein Betriebssystem und deinen Internetbrowser ("Internet Explorer" oder "other" für Firefox zum Beispiel)
Deaktiviere gegebenenfalls den Haken vor Google Chrome bzw. McAfee Security Scan.
Installiere die neuste Version auf deinem Computer.

Schritt 3

Klicke auf > Hilfe > Über Firefox
Warte bis das Update geladen ist, klicke auf Update installieren und lasse Firefox neu starten.
Prüfe bitte, ob weitere Updates vorliegen oder ob Firefox aktuell ist.
Klicke nun auf > Add-ons > > Auf Updates überprüfen
Nach einem weiteren Neustart von Firefox sollte alles aktuell sein.

Prüfe bitte auch (regelmässig) ob folgende Links fehlende Updates bei deinen Plugins zeigen:

Schritt 4
Starte DeFogger und klicke auf Re-enable.
Gegebenenfalls muss dein Rechner neu gestartet werden.

Schritt 5
Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.

Code:

ATTFilter

Combofix /Uninstall

Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.

Schritt 6
Downloade dir bitte delfix auf deinen Desktop.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.
DelFix entfernt u. a. alle verwendeten Programme und löscht sich abschließend selbst.
Sollten noch Programme, die wir verwendet haben, vorhanden sein, so lösche diese bitte per Hand.

Schritt 7
Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles, nur weil es Dich dazu auffordert und schön bunt ist.
Verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe.

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

SabineS78 · 17.01.2013, 17:06

Super, vielen vielen vielen Dank schonmal bis hierhin. Klasse - ohne Deine Hilfe hätte ich das garantiert niemals geschafft. Ich werde die einzelnen Schritte heute im Laufe des Abends durchgehen und Dir eine Rückmeldung geben.
Dicken Daumen hoch!!!!!
Viele Grüsse,
Sabine

M-K-D-B · 17.01.2013, 17:09

Hey Sabine,

alles klar. Dann warte ich auf deine Rückmeldung.

SabineS78 · 18.01.2013, 18:45

So, ich habe jetzt alle Hinweise und Schritte durchgearbeitet. Konnte ich gestern abend nicht alles schaffen.
Nochmals vielen vielen Dank für deine Hilfe!!!
Ich hoffe auf kein baldiges Wiedersehen, weiß aber jetzt im Falle des Falles wohin ich mich wenden kann :-)
Ein schönes Wochenende und viele Grüsse,
Sabine

M-K-D-B · 19.01.2013, 15:42

Ich bin froh, dass wir helfen konnten

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

17.01.2013, 17:09	#23
M-K-D-B /// TB-Ausbilder	GVU Trojaner Hey Sabine, alles klar. Dann warte ich auf deine Rückmeldung.

19.01.2013, 15:42	#25
M-K-D-B /// TB-Ausbilder	GVU Trojaner Ich bin froh, dass wir helfen konnten Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

17.01.2013, 17:06	#22
SabineS78	GVU Trojaner Super, vielen vielen vielen Dank schonmal bis hierhin. Klasse - ohne Deine Hilfe hätte ich das garantiert niemals geschafft. Ich werde die einzelnen Schritte heute im Laufe des Abends durchgehen und Dir eine Rückmeldung geben. Dicken Daumen hoch!!!!! Viele Grüsse, Sabine

18.01.2013, 18:45	#24
SabineS78	GVU Trojaner So, ich habe jetzt alle Hinweise und Schritte durchgearbeitet. Konnte ich gestern abend nicht alles schaffen. Nochmals vielen vielen Dank für deine Hilfe!!! Ich hoffe auf kein baldiges Wiedersehen, weiß aber jetzt im Falle des Falles wohin ich mich wenden kann :-) Ein schönes Wochenende und viele Grüsse, Sabine

GVU Trojaner

Log-Analyse und Auswertung: GVU Trojaner

GVU Trojaner

GVU Trojaner

GVU Trojaner

GVU Trojaner

GVU Trojaner

GVU Trojaner

GVU Trojaner

GVU Trojaner

GVU Trojaner

GVU Trojaner