Trojaner-Board - GVU Trojaner

Hallo,
anbei der SystemLook.text.

SystemLook 30.07.11 by jpshortstuff
Log created at 17:29 on 16/01/2013 by Sabine
Administrator - Elevation successful

========== filefind ==========

Searching for "*iLivid*"
C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.dat --a--c- 232 bytes [13:55 30/11/2011] [13:55 30/11/2011] F01CEA7CE4333EA3E84076BE00413309
C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.exe --a--c- 3001198 bytes [13:55 30/11/2011] [14:24 03/11/2011] 9C0D16DA08434A1BA63E274C0A54328D
C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.lnk --a--c- 0 bytes [13:55 30/11/2011] [13:55 30/11/2011] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.msi --a--c- 265728 bytes [13:55 30/11/2011] [14:24 03/11/2011] A2D691886D299E9C9316220D43EA399E
C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.par --a--c- 1555 bytes [13:55 30/11/2011] [13:55 30/11/2011] D6F4EA05715FD2DD2F0D57E654AFC7B9
C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.res --a--c- 2350911 bytes [13:55 30/11/2011] [14:24 03/11/2011] 6896755F9F046FEE43E6DEC89E721B78
C:\Users\All Users\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.dat --a--c- 232 bytes [13:55 30/11/2011] [13:55 30/11/2011] F01CEA7CE4333EA3E84076BE00413309
C:\Users\All Users\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.exe --a--c- 3001198 bytes [13:55 30/11/2011] [14:24 03/11/2011] 9C0D16DA08434A1BA63E274C0A54328D
C:\Users\All Users\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.lnk --a--c- 0 bytes [13:55 30/11/2011] [13:55 30/11/2011] D41D8CD98F00B204E9800998ECF8427E
C:\Users\All Users\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.msi --a--c- 265728 bytes [13:55 30/11/2011] [14:24 03/11/2011] A2D691886D299E9C9316220D43EA399E
C:\Users\All Users\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.par --a--c- 1555 bytes [13:55 30/11/2011] [13:55 30/11/2011] D6F4EA05715FD2DD2F0D57E654AFC7B9
C:\Users\All Users\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.res --a--c- 2350911 bytes [13:55 30/11/2011] [14:24 03/11/2011] 6896755F9F046FEE43E6DEC89E721B78
C:\Users\Public\Desktop\iLivid Download Manager.lnk --a---- 873 bytes [13:55 30/11/2011] [13:55 30/11/2011] 98334F508B82101A5B2956F2695E959E
C:\Users\Sabine\Downloads\iLividSetupV1(1).exe --a---- 2060760 bytes [13:54 30/11/2011] [13:54 30/11/2011] A3524B9D0A9BF6462B0A53F7335241D4
C:\Users\Sabine\Downloads\iLividSetupV1.exe --a---- 2060760 bytes [17:12 28/11/2011] [17:12 28/11/2011] A3524B9D0A9BF6462B0A53F7335241D4

Searching for "*Searchqu*"
No files found.

Searching for "*DataMngr*"
No files found.

Searching for "*SweetIM*"
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@home.sweetim[1].txt --a---- 416 bytes [16:01 09/01/2013] [16:02 09/01/2013] 79566709C84E1F70EECD268277A89ED6

Searching for "*Conduit*"
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1206160 bytes [21:32 09/08/2012] [21:32 09/08/2012] 309B2B1B22EE841E49F62C7A6FB55E46
C:\Users\Sabine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J0UXOV6Q\appsmetadata_toolbar_conduit-services_com[1].txt --a---- 1260 bytes [22:52 11/01/2013] [22:52 11/01/2013] 8631C5AB80CBD577FF8BA4C4BF3E81EF
C:\Users\Sabine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J0UXOV6Q\translation_toolbar_conduit-services_com[1].txt --a---- 108056 bytes [22:52 11/01/2013] [22:52 11/01/2013] E9B17243769EE6FFBE574CFBDACABAE7
C:\Users\Sabine\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\0K2YQ2LT\facebook.conduitapps[1].xml --a---- 13 bytes [14:44 04/10/2012] [14:44 04/10/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\sabine@apps.conduit[1].txt --a---- 217 bytes [22:52 11/01/2013] [22:52 11/01/2013] 67975E6163D4F875674DABE181192A15
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\sabine@services.apps.conduit[1].txt --a---- 226 bytes [22:52 11/01/2013] [22:52 11/01/2013] 6D0E70BDA6382CB507CD1CA9934FB311
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\sabine@social.conduit[1].txt --a---- 219 bytes [22:52 11/01/2013] [22:52 11/01/2013] AB29B1170E7579CE9961C8C517BCBDAE
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@apps.conduit[1].txt --a---- 217 bytes [22:52 11/01/2013] [22:52 11/01/2013] EFAD7332731D3E85E8947AD28D8AA479
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@search.conduit[1].txt --a---- 163 bytes [16:02 09/01/2013] [16:02 09/01/2013] A1BCD8AEB949784AC5323B79B8CF1EF7
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@services.apps.conduit[1].txt --a---- 226 bytes [22:52 11/01/2013] [22:52 11/01/2013] 9CC507530F621EB30D86F0E81D57C065
C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@social.conduit[1].txt --a---- 219 bytes [22:52 11/01/2013] [22:52 11/01/2013] C0C1A3E25ACA95F0535CCBBE25220A33

Searching for "*softonic*"
No files found.

Searching for "Ask"
No files found.

========== folderfind ==========

Searching for "*iLivid*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*DataMngr*"
No folders found.

Searching for "*SweetIM*"
No folders found.

Searching for "*Conduit*"
C:\Users\AppData\LocalLow\Conduit d------ [22:51 25/02/2011]

Searching for "*softonic*"
No folders found.

Searching for "Ask"
No folders found.

========== regfind ==========

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\iLivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files (x86)\iLivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1(2).exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid]
@="URL:ilivid Player"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid\shell\open\command]
@=""C:\Program Files (x86)\iLivid\ilivid.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160]
"ProductName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\SourceList]
"PackageName"="iLividSetupV1.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Applications\iLividSetupV1(2).exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\ilivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\ilivid]
@="URL:ilivid Player"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\ilivid\shell\open\command]
@=""C:\Program Files (x86)\iLivid\ilivid.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2D14257D02FF048419C2C3F7787732C8]
"2B1E51D87B2D71A44BB42DDD5E894160"="C:\Program Files (x86)\iLivid\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6770AEB7E06F926409292E7BC2601EFE]
"2B1E51D87B2D71A44BB42DDD5E894160"="01:\Software\ilivid\general\ReferrerID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AC8629C735242C4C8DA212489E5DE11]
"2B1E51D87B2D71A44BB42DDD5E894160"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"InstallLocation"="C:\Program Files (x86)\iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"DisplayName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Applications\iLividSetupV1(2).exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\ilivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\ilivid]
@="URL:ilivid Player"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\ilivid\shell\open\command]
@=""C:\Program Files (x86)\iLivid\ilivid.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
"InstallLocation"="C:\Program Files (x86)\iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
"DisplayName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
"UninstallString"="C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{80269624-336E-41BF-B278-32C270CA12B5}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3A2D4C09-6BF7-46DC-9848-DBF839F7EFFE}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{80269624-336E-41BF-B278-32C270CA12B5}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3A2D4C09-6BF7-46DC-9848-DBF839F7EFFE}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{80269624-336E-41BF-B278-32C270CA12B5}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3A2D4C09-6BF7-46DC-9848-DBF839F7EFFE}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_USERS\S-1-5-21-2719320216-1920363383-2196071213-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\iLivid]
[HKEY_USERS\S-1-5-21-2719320216-1920363383-2196071213-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files (x86)\iLivid]

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "DataMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{47A5D50F-ED54-4387-A3E3-3A4743253011}]
"AppPath"="C:\PROGRA~2\WI371A~1\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{80269624-336E-41BF-B278-32C270CA12B5}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3A2D4C09-6BF7-46DC-9848-DBF839F7EFFE}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{80269624-336E-41BF-B278-32C270CA12B5}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3A2D4C09-6BF7-46DC-9848-DBF839F7EFFE}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{80269624-336E-41BF-B278-32C270CA12B5}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3A2D4C09-6BF7-46DC-9848-DBF839F7EFFE}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"

Searching for "SweetIM"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27AD7445-03BD-49C4-BB5C-33881D70C31C}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Sabine\Downloads\SweetImSetup.exe|Name=SweetIM Installer|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B8E36E-BAA4-49CD-A7F2-EDCFAADD4E08}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Sabine\Downloads\SweetImSetup.exe|Name=SweetIM Installer|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27AD7445-03BD-49C4-BB5C-33881D70C31C}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Sabine\Downloads\SweetImSetup.exe|Name=SweetIM Installer|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B8E36E-BAA4-49CD-A7F2-EDCFAADD4E08}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Sabine\Downloads\SweetImSetup.exe|Name=SweetIM Installer|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27AD7445-03BD-49C4-BB5C-33881D70C31C}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Sabine\Downloads\SweetImSetup.exe|Name=SweetIM Installer|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B8E36E-BAA4-49CD-A7F2-EDCFAADD4E08}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Sabine\Downloads\SweetImSetup.exe|Name=SweetIM Installer|Edge=FALSE|"

Searching for "Conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"AE48807DEC2E935419BD7466CCE1F5F5"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"

Searching for "softonic"
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Users\Sabine\Downloads\SoftonicDownloader_fuer_izarc.exe"="ELEVATECREATEPROCESS"
[HKEY_USERS\S-1-5-21-2719320216-1920363383-2196071213-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Users\Sabine\Downloads\SoftonicDownloader_fuer_izarc.exe"="ELEVATECREATEPROCESS"

Searching for "Ask Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF\SourceList]
"PackageName"="Ask Toolbar.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B355C356-3D0F-4A93-8ADE-89C7BEA37A53}]
"Path"="\Scheduled Update for Ask Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar]

Searching for " "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{21C35C68-A6C5-4A75-8FFD-DB503CE6F67B}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
<Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{18CD34B7-7AA3-42b9-A303-5A729B2FF228}">
<Descriptor descriptorID="{ABE23B46-7F9F-495b-B4A9-87F41743727F}"/>
<Descriptor descriptorID="{B54162A2-F67F-46dc-9ED5-F6067520EC94}"/>
<Descriptor descriptorID="{7E0BC004-F80B-402d-A1FC-5FCDFF04DAB1}"/>
<Descriptor descriptorID="{BE562A5F-2A80-4c28-9752-74C696E2ABAF}"/>
</Rating>
</Ratings>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{DD05EAD9-FAA2-4A07-8AD3-FA36DC8F65C2}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
<Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{97D9239C-2BA3-4e1d-A710-B626DC4602A6}">
<Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
</Rating>
<Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{6948F4DF-FD98-41ea-979A-8364043D7FD6}"/>
<Rating ratingSystemID="{5B39D1B8-ED49-4055-8A47-04B29A579AD6}" ratingID="{9AE7AC26-0F9A-4f59-A167-00E4F6C96E26}">
<Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
</Rating>
<Rating ratingSystemID="{9AAFBACD-EAB9-4946-8BE8-C4D997927C81}" ratingID="{F7066480-67CC-4697-9B47-7E534B74089D}">
<Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
</R
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Resource>
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0001]
"DriverDesc"="iPod "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0001]
"FriendlyName"="iPod "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0003]
"DriverDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0003]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0007]
"DriverDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0007]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0015]
"DriverDesc"="PRS-T1 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0015]
"FriendlyName"="PRS-T1 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0019]
"DriverDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0019]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_#1010289201039 0&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_#1010289201039 0&0#]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_#1204181200206 2&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_#1204181200206 2&0#]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09021208F C1174&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09021208F C1174&0#]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_2.70# 000A270011A39AA4&0#]
"DeviceDesc"="iPod "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_2.70# 000A270011A39AA4&0#]
"FriendlyName"="iPod "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_SONY&PROD_PRS-T1&REV_2001#148427501415694&0#]
"DeviceDesc"="PRS-T1 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_SONY&PROD_PRS-T1&REV_2001#148427501415694&0#]
"FriendlyName"="PRS-T1 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0001]
"DriverDesc"="iPod "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0001]
"FriendlyName"="iPod "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0003]
"DriverDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0003]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0007]
"DriverDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0007]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0015]
"DriverDesc"="PRS-T1 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0015]
"FriendlyName"="PRS-T1 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0019]
"DriverDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0019]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_#1010289201039 0&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_#1010289201039 0&0#]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_#1204181200206 2&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_#1204181200206 2&0#]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09021208F C1174&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09021208F C1174&0#]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_2.70# 000A270011A39AA4&0#]
"DeviceDesc"="iPod "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_2.70# 000A270011A39AA4&0#]
"FriendlyName"="iPod "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_SONY&PROD_PRS-T1&REV_2001#148427501415694&0#]
"DeviceDesc"="PRS-T1 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_SONY&PROD_PRS-T1&REV_2001#148427501415694&0#]
"FriendlyName"="PRS-T1 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0001]
"DriverDesc"="iPod "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0001]
"FriendlyName"="iPod "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0003]
"DriverDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0003]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0007]
"DriverDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0007]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0015]
"DriverDesc"="PRS-T1 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0015]
"FriendlyName"="PRS-T1 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0019]
"DriverDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0019]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_#101028920 10390&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_#101028920 10390&0#]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_#120418120 02062&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_#120418120 02062&0#]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09021 208FC1174&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09021 208FC1174&0#]
"FriendlyName"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_2 .70#000A270011A39AA4&0#]
"DeviceDesc"="iPod "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_2 .70#000A270011A39AA4&0#]
"FriendlyName"="iPod "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_SONY&PROD_PRS-T1&REV_2001#148427501415694&0#]
"DeviceDesc"="PRS-T1 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_SONY&PROD_PRS-T1&REV_2001#148427501415694&0#]
"FriendlyName"="PRS-T1 "

-= EOF =-

Viele Grüsse, Sabine

Hi,
hier schon mal die Logdatei von OTL:OTL Logfile:

Code:

OTL logfile created on: 16.01.2013 20:53:10 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sabine\Desktop\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 3,05 Gb Available Physical Memory | 76,20% Memory free

8,22 Gb Paging File | 6,26 Gb Available in Paging File | 76,10% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 150,00 Gb Total Space | 53,63 Gb Free Space | 35,75% Space Free | Partition Type: NTFS

Drive D: | 756,51 Gb Total Space | 730,00 Gb Free Space | 96,50% Space Free | Partition Type: NTFS

Drive E: | 25,00 Gb Total Space | 24,91 Gb Free Space | 99,64% Space Free | Partition Type: NTFS

 

Computer Name: SABINES-PC | User Name: Sabine | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Sabine\Desktop\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - D:\Program Files (x86)\iTunesHelper.exe (Apple Inc.)

PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()

PRC - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)

PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)

PRC - C:\Windows\SysWOW64\dgdersvc.exe (Devguru Co., Ltd.)

PRC - C:\Windows\SysWOW64\FsUsbExService.Exe (Teruten)

PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

PRC - C:\Program Files (x86)\ASUS\EPU\EPU.exe (

ASUSTeK Computer Inc.)

PRC - C:\Windows\DAODx.exe ()

PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.)

PRC - C:\Windows\SysWOW64\sokscmnt.exe (SCM Microsystems)

PRC - C:\Windows\SysWOW64\sokscmpn.exe (SCM Microsystems)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Users\Sabine\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll ()

MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll ()

MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\a8bd6b91bf16c6727723481b42ea3293\System.Management.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\7a6057cfa7b4c9eb592d14e405aad34a\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\5f29a2d3dc6bdadb9751faaa0f230911\System.Xaml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c21fbb4bf27a7c8705e29f08827c9c7e\PresentationFramework.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\36b3b787a2942e629e87b1b96fa049d4\PresentationCore.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\227927e469cb6b079e4cc7d81e38f8f5\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\1741fc5f7819af118d4de616016a8b2d\System.Core.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\698b02e36bac06ac74077cc3ec6eced0\PresentationFramework.Aero.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\30740aecd686555cb6800b47cc80fae7\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\5c2eff65e7e457ea372f767c024c04f7\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4e03b2b9835e9cb4e879c703880fe74\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2d3806670b3c3e4163592b5aca62f8cc\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\d4e8a005f4cdd6528f1c7295d833877f\mscorlib.ni.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Program Files (x86)\ASUS\EPU\pngio.dll ()

MOD - C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll ()

MOD - C:\Windows\SysWOW64\AsIO.dll ()

MOD - C:\Program Files (x86)\ASUS\EPU\ASUSSERVICE.DLL ()

MOD - C:\Windows\DAODx.exe ()

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe ()

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()

SRV - (Sony SCSI Helper Service) -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)

SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (StarMoney 7.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)

SRV - (SearchAnonymizer) -- C:\Users\Sabine\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()

SRV - (dgdersvc) -- C:\Windows\SysWOW64\dgdersvc.exe (Devguru Co., Ltd.)

SRV - (FsUsbExService) -- C:\Windows\SysWOW64\FsUsbExService.Exe (Teruten)

SRV - (AMD Reservation Manager) -- D:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (SCM_Smart_Card_Office_Kernel) -- C:\Windows\SysWOW64\sokscmnt.exe (SCM Microsystems)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys ()

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()

DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\DRIVERS\ssudmdm.sys ()

DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\DRIVERS\ssudbus.sys ()

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys ()

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys ()

DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys ()

DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()

DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()

DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys ()

DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys ()

DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys ()

DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\Drivers\TFsExDisk.sys ()

DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()

DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\DRIVERS\nusb3xhc.sys ()

DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\DRIVERS\nusb3hub.sys ()

DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys ()

DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\DRIVERS\amdiox64.sys ()

DRV:64bit: - (S3XXx64) -- C:\Windows\SysNative\DRIVERS\S3XXx64.sys ()

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys ()

DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()

DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys ()

DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys ()

DRV:64bit: - (USBCCID) -- C:\Windows\SysNative\DRIVERS\usbccid.sys ()

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()

DRV - (dgderdrv) -- C:\Windows\SysWOW64\drivers\dgderdrv.sys (Devguru Co., Ltd)

DRV - (FsUsbExDisk) -- C:\Windows\SysWOW64\FsUsbExDisk.Sys ()

DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)

DRV - (SCR33x USB Smart Card Reader) -- C:\Windows\SysWOW64\drivers\SCR33x.sys (SCM Microsystems Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Bing

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 15 02 B9 95 1E D5 CB 01  [binary data]

IE - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = Bing

IE - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\..\SearchScopes\{0E040F10-301D-4F3C-B35E-8C41E8FDA8FF}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=21c98645-e6d5-4c91-8471-1eace5eca192&pid=freewarede&mode=bounce&k=0

IE - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\..\SearchScopes\{18A155DB-CC36-474C-8C18-3E72373005E6}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=21c98645-e6d5-4c91-8471-1eace5eca192&pid=freewarede&mode=bounce&k=0

IE - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\..\SearchScopes\{28F56C94-08DC-46FB-9BC0-12874E440995}: "URL" = hxxp://www.google.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E64652F7365617263683F713D7B7365617263685465726D737D&st={searchTerms}&clid=21c98645-e6d5-4c91-8471-1eace5eca192&pid=freewarede&k=0

IE - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\..\SearchScopes\{2C8A31FB-4103-40DF-86D5-337D7671F073}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=21c98645-e6d5-4c91-8471-1eace5eca192&pid=freewarede&mode=bounce&k=0

IE - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\..\SearchScopes\{6B3C55C4-48CB-4AB4-9F08-5ECD079B150A}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=21c98645-e6d5-4c91-8471-1eace5eca192&pid=freewarede&mode=bounce&k=0

IE - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\..\SearchScopes\{8E4C94BC-9B02-465C-9B94-DCA6670F90E3}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=21c98645-e6d5-4c91-8471-1eace5eca192&pid=freewarede&mode=bounce&k=0

IE - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\..\SearchScopes\{BAEFE9B0-3F4C-4668-B2B6-AA5DD69AEA8D}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=21c98645-e6d5-4c91-8471-1eace5eca192&pid=freewarede&mode=bounce&k=0

IE - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\..\SearchScopes\{F8549710-68EB-411E-BE11-51230C5D4B5B}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000

IE - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaulturl: ""

FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.1.20121011034613

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - prefs.js..extensions.enabledItems: {0e3dbc69-a682-48da-84e1-82c63a5d678e}:3.3.3.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313

FF - prefs.js..extensions.enabledItems: {a51a36e6-31e7-4838-9ff7-76298b527ec0}:3.3.3.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012.12.29 19:06:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2013.01.10 22:08:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.12 08:02:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: D:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.12 09:16:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: D:\Program Files (x86)\Mozilla Thunderbird\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox [2011.08.28 13:55:46 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2013.01.10 22:08:36 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.12 08:02:18 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: D:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.12 09:16:10 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: D:\Program Files (x86)\Mozilla Thunderbird\plugins

 

[2011.11.30 14:55:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sabine\AppData\Roaming\mozilla\Extensions

[2010.12.26 08:51:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sabine\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2013.01.13 20:21:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sabine\AppData\Roaming\mozilla\Firefox\Profiles\716td2vp.default\extensions

[2012.10.12 05:11:30 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Sabine\AppData\Roaming\mozilla\Firefox\Profiles\716td2vp.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2011.08.28 13:55:51 | 000,002,077 | ---- | M] () -- C:\Users\Sabine\AppData\Roaming\mozilla\firefox\profiles\716td2vp.default\searchplugins\{38FE8752-1854-4993-968E-73FA0CD4415D}.xml

[2011.08.28 13:55:51 | 000,001,870 | ---- | M] () -- C:\Users\Sabine\AppData\Roaming\mozilla\firefox\profiles\716td2vp.default\searchplugins\{8F1844A0-B483-4E93-9428-E3CBE1B22C01}.xml

[2011.08.28 13:55:51 | 000,002,188 | ---- | M] () -- C:\Users\Sabine\AppData\Roaming\mozilla\firefox\profiles\716td2vp.default\searchplugins\{CCD49770-2ECC-4FA2-923E-F91FE61D0473}.xml

 
 ========== Chrome  ==========

 

CHR - homepage: Google

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: Google

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll

CHR - plugin: RealPlayer Download Plugin (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll

CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll

CHR - plugin: Reader Application Detector (Enabled) = C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll

CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files (x86)\Mozilla Plugins\npitunes.dll

CHR - Extension: Internetradio Deutschland = C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\agclceincpmoblobmbhhbdfmplndgndf\1_0\

CHR - Extension: YouTube = C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: Google-Suche = C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\

CHR - Extension: Google Kalender = C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\

CHR - Extension: Facebook for Chrome = C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp\6.2.2_0\

CHR - Extension: RealDownloader = C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\

CHR - Extension: preisspion.de = C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfpelakfkbbkkdchaaaknckhoadkcbo\3.0.2_0\

CHR - Extension: Google Mail = C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

 

O1 HOSTS File: ([2013.01.13 21:22:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O2:64bit: - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll (Conversion One GmbH)

O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)

O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Sabine\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [CHIPDRIVEPinManager] C:\Windows\SysWOW64\sokscmpn.exe (SCM Microsystems)

O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)

O4 - HKLM..\Run: [iTunesHelper] D:\Program Files (x86)\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)

O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (

ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2719320216-1920363383-2196071213-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F24B0481-22E0-41F6-BDA7-0976FAD7DFB0}: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found

O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found

O24 - Desktop WallPaper: C:\Users\Sabine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Sabine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.01.13 21:30:38 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013.01.13 21:24:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013.01.13 21:22:05 | 000,000,000 | ---D | C] -- C:\Users\Sabine\AppData\Local\temp

[2013.01.13 21:02:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013.01.13 21:02:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013.01.13 21:02:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013.01.13 21:02:06 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013.01.13 21:01:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013.01.13 20:35:18 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013.01.13 20:35:03 | 000,000,000 | ---D | C] -- C:\JRT

[2013.01.13 14:42:17 | 000,000,000 | ---D | C] -- C:\Users\Sabine\Desktop\Desktop

[2013.01.13 09:01:09 | 000,000,000 | ---D | C] -- C:\Users\Sabine\AppData\Roaming\Malwarebytes

[2013.01.13 09:00:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013.01.13 09:00:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013.01.13 09:00:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013.01.09 20:21:35 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0

[2013.01.06 18:37:00 | 000,000,000 | ---D | C] -- C:\Users\Sabine\Desktop\order_detail.aspx-Dateien

[2012.12.29 19:07:10 | 000,000,000 | ---D | C] -- C:\Users\Sabine\AppData\Roaming\RealNetworks

[2012.12.29 19:06:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks

[2012.12.29 19:05:59 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks

[2012.12.29 19:05:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared

[2012.12.29 19:05:37 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll

[2012.12.29 19:05:07 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll

[2012.12.29 19:05:07 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll

[2012.12.29 19:05:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks

[2012.12.29 19:05:00 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll

[2012.12.22 11:30:46 | 000,000,000 | ---D | C] -- C:\Users\Sabine\AppData\Local\Vast Studios

[2012.12.22 11:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEUTSCHLAND SPIELT

[2012.12.22 11:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DEUTSCHLAND SPIELT

[2012.12.22 11:29:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OXXOGames

[2012.12.20 06:08:16 | 000,000,000 | ---D | C] -- C:\Users\Sabine\Documents\Servicekonferenz

[2012.12.20 06:03:50 | 000,000,000 | ---D | C] -- C:\Users\Sabine\Documents\Bücher

[2012.12.17 22:30:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012.12.17 22:30:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012.12.17 22:30:05 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012.12.17 22:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.01.16 20:32:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013.01.16 20:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.01.16 19:55:29 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{89D75358-13C5-4B32-8DCA-4F2BF7B3C54E}.job

[2013.01.16 19:21:05 | 000,004,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013.01.16 19:21:04 | 000,004,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013.01.16 18:32:02 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013.01.16 17:21:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.01.13 21:22:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013.01.13 14:36:35 | 000,000,000 | ---- | M] () -- C:\Users\Sabine\defogger_reenable

[2013.01.13 09:01:00 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013.01.10 22:11:22 | 000,002,816 | ---- | M] () -- C:\Users\Sabine\Desktop\Mitglieder01.13.csv

[2013.01.09 16:56:23 | 000,002,913 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js

[2013.01.09 16:27:37 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013.01.09 16:27:37 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013.01.07 22:04:25 | 000,044,032 | ---- | M] () -- C:\Users\Sabine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013.01.06 19:30:09 | 000,313,416 | ---- | M] () -- C:\Users\Sabine\Desktop\order_detail.aspx.pdf

[2013.01.06 19:29:25 | 001,822,170 | ---- | M] () -- C:\Users\Sabine\Desktop\order_detail.aspx.htm

[2013.01.06 18:34:17 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI

[2013.01.06 17:52:50 | 000,850,932 | ---- | M] () -- C:\Users\Sabine\Desktop\Logo.pdf

[2013.01.06 17:03:00 | 003,764,373 | ---- | M] () -- C:\Users\Sabine\Desktop\477_frank-beer_DE_HF_Nr4HF.jpg

[2013.01.06 17:02:51 | 002,369,503 | ---- | M] () -- C:\Users\Sabine\Desktop\DS4_2015v5.jpg

[2013.01.03 22:07:50 | 000,245,697 | ---- | M] () -- C:\Users\Sabine\Desktop\MDT_Werbung_Zumba.pdf

[2013.01.03 22:07:41 | 000,237,712 | ---- | M] () -- C:\Users\Sabine\Desktop\MDT_Werbung_DanceMix.pdf

[2013.01.03 20:32:18 | 000,497,128 | ---- | M] () -- C:\Users\Sabine\Desktop\2013_www_Tanzkurs.jpg

[2013.01.02 17:59:55 | 000,052,904 | ---- | M] () -- C:\Users\Sabine\Desktop\mdt_Hzt_Tanzkurs_gelbeRosen_HighRes.jpg

[2012.12.29 19:06:28 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk

[2012.12.29 19:05:37 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll

[2012.12.29 19:05:07 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll

[2012.12.29 19:05:07 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll

[2012.12.29 19:05:01 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll

[2012.12.22 11:29:47 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\GAME CENTER.lnk

[2012.12.22 11:29:43 | 000,001,367 | ---- | M] () -- C:\Users\Public\Desktop\Nightfall Mysteries Der Fluch der Oper.lnk

[2012.12.20 06:05:26 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.12.20 06:05:26 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.12.20 06:05:26 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.12.20 06:05:26 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.12.20 06:05:26 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.12.17 22:30:42 | 000,001,442 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

 
 ========== Files Created - No Company Name ==========

 

[2013.01.13 21:02:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013.01.13 21:02:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013.01.13 21:02:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013.01.13 21:02:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013.01.13 21:02:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013.01.13 14:36:35 | 000,000,000 | ---- | C] () -- C:\Users\Sabine\defogger_reenable

[2013.01.13 09:01:00 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013.01.13 09:00:59 | 000,024,176 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys

[2013.01.10 22:11:22 | 000,002,816 | ---- | C] () -- C:\Users\Sabine\Desktop\Mitglieder01.13.csv

[2013.01.09 16:56:23 | 000,002,913 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js

[2013.01.06 19:30:09 | 000,313,416 | ---- | C] () -- C:\Users\Sabine\Desktop\order_detail.aspx.pdf

[2013.01.06 18:36:59 | 001,822,170 | ---- | C] () -- C:\Users\Sabine\Desktop\order_detail.aspx.htm

[2013.01.06 17:52:48 | 000,850,932 | ---- | C] () -- C:\Users\Sabine\Desktop\Logo.pdf

[2013.01.06 17:02:59 | 003,764,373 | ---- | C] () -- C:\Users\Sabine\Desktop\477_frank-beer_DE_HF_Nr4HF.jpg

[2013.01.06 17:02:33 | 002,369,503 | ---- | C] () -- C:\Users\Sabine\Desktop\DS4_2015v5.jpg

[2013.01.03 22:07:50 | 000,245,697 | ---- | C] () -- C:\Users\Sabine\Desktop\MDT_Werbung_Zumba.pdf

[2013.01.03 22:07:41 | 000,237,712 | ---- | C] () -- C:\Users\Sabine\Desktop\MDT_Werbung_DanceMix.pdf

[2013.01.03 20:32:17 | 000,497,128 | ---- | C] () -- C:\Users\Sabine\Desktop\2013_www_Tanzkurs.jpg

[2013.01.02 17:59:52 | 000,052,904 | ---- | C] () -- C:\Users\Sabine\Desktop\mdt_Hzt_Tanzkurs_gelbeRosen_HighRes.jpg

[2012.12.31 12:19:44 | 000,203,320 | ---- | C] () -- C:\Windows\SysNative\drivers\ssudmdm.sys

[2012.12.31 12:19:44 | 000,099,384 | ---- | C] () -- C:\Windows\SysNative\drivers\ssudbus.sys

[2012.12.29 19:06:28 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk

[2012.12.22 11:29:47 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\GAME CENTER.lnk

[2012.12.22 11:29:43 | 000,001,367 | ---- | C] () -- C:\Users\Public\Desktop\Nightfall Mysteries Der Fluch der Oper.lnk

[2012.12.17 22:30:42 | 000,001,442 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012.12.17 10:44:52 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2012.10.10 06:30:43 | 000,000,680 | ---- | C] () -- C:\Users\Sabine\AppData\Local\d3d9caps.dat

[2012.05.23 17:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2011.10.08 23:35:46 | 2138,636,840 | ---- | C] () -- C:\Users\Sabine\FotobuchHochzeitFinale.cpr

[2011.05.01 09:58:34 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll

[2011.05.01 09:58:34 | 000,036,640 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys

[2011.02.28 20:19:00 | 000,044,032 | ---- | C] () -- C:\Users\Sabine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.02.21 18:32:10 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2011.02.21 18:32:10 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7440N.DAT

[2011.02.21 18:31:24 | 000,000,214 | ---- | C] () -- C:\Windows\Brpfx04a.ini

[2011.02.21 18:31:24 | 000,000,076 | ---- | C] () -- C:\Windows\brpcfx.ini

[2011.02.21 18:29:58 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL

[2011.02.21 18:29:58 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI

[2011.02.21 18:29:57 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll

[2011.02.21 18:29:57 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini

[2011.02.21 18:29:57 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat

[2010.12.23 16:26:13 | 000,000,732 | ---- | C] () -- C:\Users\Sabine\AppData\Local\d3d9caps64.dat

 
 ========== ZeroAccess Check ==========

 

[2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2011.01.21 16:56:31 | 012,898,304 | ---- | M] ()

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.03.03 05:53:36 | 000,891,392 | ---- | M] ()

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] ()

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\SysWow64\wbem\wbemess.dll

 
 ========== LOP Check ==========

 

[2011.02.13 10:28:31 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Aisle 5 Games, Inc

[2011.06.13 14:56:08 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\BloodTies

[2011.06.10 21:39:32 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Blue Tea Games

[2011.08.28 13:56:10 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\cbl electronics inc

[2011.08.28 13:59:36 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\CBL-Electronics

[2011.06.13 15:32:44 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Enki Games

[2011.06.10 14:59:38 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\ERS G-Studio

[2011.06.22 20:17:16 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\ERS Game Studios

[2011.05.03 21:19:11 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Finstere Liebschaft

[2011.04.19 20:28:57 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Flood Light Games

[2011.05.08 09:17:51 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Floodlight Games

[2011.12.20 10:59:55 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Fotobuchexpress24

[2011.06.09 23:04:52 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Freeze Tag

[2011.06.08 21:13:02 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Friday's games

[2011.06.17 12:38:43 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Frogwares

[2011.04.26 22:01:37 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Games

[2011.04.17 18:35:28 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Gogii

[2011.06.10 21:06:23 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Gogii Games

[2011.02.13 15:04:18 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\GTM_Bodie

[2011.06.09 22:34:44 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\MA2

[2011.06.16 22:10:49 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Merscom

[2011.04.10 20:32:27 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Mystery of Mortlake Mansion

[2011.02.13 12:48:28 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Oberon 3 Days Zoo Mystery

[2011.08.28 13:55:41 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\OCS

[2011.08.28 13:55:52 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Opera

[2011.04.13 21:09:06 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Phantasmat_bf_ce1

[2011.04.13 19:54:31 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Phantasmat_oberon_se

[2011.05.22 12:23:13 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\PlayPond

[2011.04.29 19:27:01 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Princess Isabella

[2012.06.12 18:59:46 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Samsung

[2012.12.31 13:07:56 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Temp

[2010.12.26 08:51:56 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Thunderbird

[2011.04.12 15:29:47 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Top Evidence

[2011.01.05 20:21:57 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\TS3Client

[2011.03.27 09:30:25 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Ubisoft

[2011.02.26 17:42:44 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Uniblue

[2012.12.23 12:21:29 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\UseNeXT

[2011.05.28 21:55:02 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\VampireSaga

[2011.06.16 22:34:55 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Vogat Interactive

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < :OTL >

[2006.11.02 16:42:03 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT

[2006.11.02 16:42:03 | 000,032,562 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2011.01.07 20:14:45 | 000,000,424 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{89D75358-13C5-4B32-8DCA-4F2BF7B3C54E}.job

[2012.04.17 05:20:47 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

[2012.07.15 15:08:30 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

[2012.07.15 15:08:31 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

 
 < :services >

 
 < :files >

 
 < C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824} >

 
 < C:\Users\All Users\{08E30618-5D06-461B-BBD3-4ADFB0810824} >

 
 < C:\Users\Public\Desktop\iLivid Download Manager.lnk >

[2011.11.30 14:55:37 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\iLivid Download Manager.lnk

 
 < C:\Users\Sabine\Downloads\iLividSetupV1(1).exe >

[2011.11.30 14:54:34 | 002,060,760 | ---- | M] (Bandoo Media Inc.                                                                                                                                                                                                                                                                                           ) -- C:\Users\Sabine\Downloads\iLividSetupV1(1).exe

 
 < C:\Users\Sabine\Downloads\iLividSetupV1.exe >

[2011.11.28 18:12:09 | 002,060,760 | ---- | M] (Bandoo Media Inc.                                                                                                                                                                                                                                                                                           ) -- C:\Users\Sabine\Downloads\iLividSetupV1.exe

 
 < C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@home.sweetim[1].txt >

[2013.01.09 17:02:04 | 000,000,416 | ---- | M] () -- C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@home.sweetim[1].txt

 
 < C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\sabine@apps.conduit[1].txt >

[2013.01.11 23:52:05 | 000,000,217 | ---- | M] () -- C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\sabine@apps.conduit[1].txt

 
 < C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\sabine@services.apps.conduit[1].txt >

[2013.01.11 23:52:05 | 000,000,226 | ---- | M] () -- C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\sabine@services.apps.conduit[1].txt

 
 < C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\sabine@social.conduit[1].txt >

[2013.01.11 23:52:05 | 000,000,219 | ---- | M] () -- C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\sabine@social.conduit[1].txt

 
 < C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@apps.conduit[1].txt >

[2013.01.11 23:52:05 | 000,000,217 | ---- | M] () -- C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@apps.conduit[1].txt

 
 < C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@search.conduit[1].txt >

[2013.01.09 17:02:10 | 000,000,163 | ---- | M] () -- C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@search.conduit[1].txt

 
 < C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@services.apps.conduit[1].txt >

[2013.01.11 23:52:05 | 000,000,226 | ---- | M] () -- C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@services.apps.conduit[1].txt

 
 < C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@social.conduit[1].txt >

[2013.01.11 23:52:05 | 000,000,219 | ---- | M] () -- C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Cookies\Low\sabine@social.conduit[1].txt

 
 < C:\Users\AppData\LocalLow\Conduit >

 
 <  >

 
 < :reg >

 
 < [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{47A5D50F-ED54-4387-A3E3-3A4743253011}] >

 
 < [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] >

 
 < "{80269624-336E-41BF-B278-32C270CA12B5}"=- >

 
 < "{3A2D4C09-6BF7-46DC-9848-DBF839F7EFFE}"=- >

 
 < "{27AD7445-03BD-49C4-BB5C-33881D70C31C}"=- >

 
 < "{00B8E36E-BAA4-49CD-A7F2-EDCFAADD4E08}"=- >

 
 < [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers] >

 
 < "C:\Users\Sabine\Downloads\SoftonicDownloader_fuer_izarc.exe"=- >

 
 < [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF] >

 
 < [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B355C356-3D0F-4A93-8ADE-89C7BEA37A53}] >

 
 < [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar] >

 
 < [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1(2).exe] >

 
 < [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid] >

 
 < [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160] >

 
 < [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}] >

 
 < [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Applications\iLividSetupV1(2).exe] >

 
 < [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\ilivid] >

 
 <  >

 
 < :Commands >

 
 < [emptytemp] >

 
 <           >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:52FE3CCD

@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:A9C7B545

@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:9C504A4D

@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:726A7C8D

@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:8D8F3340

@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:EBE4F6FC

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:87FA5E8A

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:E690114B

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:1B389835

@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:E2CFA9CD

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:4ABFB16D

@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:204BEE0F

@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:30997E0F

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:8DCF53BE

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:A98B0BB8

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:2A8CD561

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:2AF322BF

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:FB97DB91
 

< End of report >

--- --- ---

mbam-log:

Malwarebytes Anti-Malware (Test) 1.70.0.1100
Malwarebytes : Free anti-malware download

Datenbank Version: v2013.01.16.08

Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 8.0.6001.19088
Sabine :: SABINES-PC [Administrator]

Schutz: Aktiviert

16.01.2013 21:14:41
mbam-log-2013-01-16 (21-14-41).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 219095
Laufzeit: 2 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=de66397e9e639448b700251732d83f56
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-16 10:00:28
# local_time=2013-01-16 11:00:28 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1799 16775165 100 99 21239 223796918 9959 0
# compatibility_mode=5892 16776574 100 100 63948 195897534 0 0
# scanned=260478
# found=2
# cleaned=0
# scan_time=4053
C:\ProgramData\dsgsdgdsgdsgw.js JS/Agent.NID trojan B10B9733C8386028B2F356CB2E17E5B7ABD3CB53 I
C:\Users\All Users\dsgsdgdsgdsgw.js JS/Agent.NID trojan B10B9733C8386028B2F356CB2E17E5B7ABD3CB53 I

Und der letzte Text :

Results of screen317's Security Check version 0.99.57
Windows Vista Service Pack 1 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.70.0.1100
JavaFX 2.1.1
Java(TM) 6 Update 29
Java 7 Update 9
Java version out of Date!
Adobe Flash Player 11.5.502.146
Adobe Reader 10.1.5 Adobe Reader out of Date!
Mozilla Firefox (4.0.1)
Mozilla Thunderbird (3.1.7) Thunderbird out of Date!
Google Chrome 23.0.1271.97
Google Chrome 24.0.1312.52
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
StarMoney 7.0 S-Edition ouservice StarMoneyOnlineUpdate.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````