Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Opera schließt sich teilweise/cmd-Fenster bei PC-Start

Opera schließt sich teilweise/cmd-Fenster bei PC-Start


Plagegeister aller Art und deren Bekämpfung: Opera schließt sich teilweise/cmd-Fenster bei PC-Start

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 3 von 4 12 3 4
Alt 13.06.2013, 22:45   #31
Rigras
 
Opera schließt sich teilweise/cmd-Fenster bei PC-Start - Standard

Opera schließt sich teilweise/cmd-Fenster bei PC-Start


Hier wäre der Log:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 13.06.2013 23:31:37 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sebastian\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 53,18% Memory free
5,93 Gb Paging File | 4,39 Gb Available in Paging File | 74,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,56 Gb Total Space | 130,36 Gb Free Space | 59,10% Space Free | Partition Type: NTFS
 
Computer Name: PC-22 | User Name: Sebastian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sebastian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Opera\opera.exe (Opera Software)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
PRC - C:\Programme\Broadcom\BPowMon\BPowMon.exe (Broadcom Corp.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Programme\NETGEAR\WG111v3\WG111v3.exe ()
PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
MOD - C:\Programme\Opera\gstreamer\gstreamer.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstoggdec.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstwebmdec.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstffmpegcolorspace.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstcoreelements.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstaudioresample.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstaudioconvert.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstwavparse.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstdirectsound.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstdecodebin2.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstautodetect.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstwaveform.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gsttypefindfunctions.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll ()
MOD - C:\Programme\ICQ7.2\MDb.dll ()
MOD - C:\Programme\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - c:\Programme\Common Files\Roxio Shared\DLLShared\SQLite352.dll ()
MOD - C:\Programme\NETGEAR\WG111v3\WG111v3.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (RoxWatch12) -- C:\Programme\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Programme\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (NOBU) -- C:\Program Files\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (BPowMon) -- C:\Programme\Broadcom\BPowMon\BPowMon.exe (Broadcom Corp.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MEMSWEEP2) -- C:\Windows\system32\F09B.tmp File not found
DRV - (catchme) -- C:\Users\SEBAST~1\AppData\Local\Temp\catchme.sys File not found
DRV - (DrvAgent32) -- C:\Windows\System32\drivers\DrvAgent32.sys (Phoenix Technologies)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (SCR3XX2K) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (PCDSRVC{E9D79540-57D5953E-06020101}_0) -- c:\Programme\Dell Support Center\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                           )
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{D0B51842-A86C-4630-A4F2-DA6FF2479E55}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{24408C1E-C980-413B-BCA8-79DF804C2358}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=aaf9a38e-ab1c-48ef-a907-48c1b260d8c3&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{28FFCE4B-2F52-456B-8E62-A3228FE0F12D}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=aaf9a38e-ab1c-48ef-a907-48c1b260d8c3&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{7E167E07-56D7-4131-9C99-038CD5BC5175}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=aaf9a38e-ab1c-48ef-a907-48c1b260d8c3&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{A5C7A678-F953-4423-A4E6-72C855C7BBD9}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=aaf9a38e-ab1c-48ef-a907-48c1b260d8c3&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{CE80C947-7D57-4582-9E32-CA04FF756492}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=aaf9a38e-ab1c-48ef-a907-48c1b260d8c3&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{F8924446-037A-4055-976A-F90B1613043E}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=aaf9a38e-ab1c-48ef-a907-48c1b260d8c3&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Sebastian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1035\FirefoxExtension
 
[2013.05.31 23:14:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2013.06.12 14:25:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1035\TmIEPlg.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Programme\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000..\Run: [Device Detector] DevDetect.exe -autorun File not found
O4 - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40A08364-7561-4EDD-853F-3B34E3A4119D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{969497E6-2214-4FB7-B126-F5280AA8C34E}: DhcpNameServer = 10.72.0.72 10.72.0.73
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1035\TmIEPlg.dll File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.13 17:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.06.13 17:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.06.13 16:52:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.13 16:52:35 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.13 16:52:24 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Sebastian\Desktop\JRT.exe
[2013.06.13 00:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.06.13 00:35:28 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\mbar
[2013.06.12 18:17:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.06.12 18:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.06.12 18:17:16 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013.06.12 17:04:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.12 17:04:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.12 17:04:21 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\temp
[2013.06.12 16:49:29 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.06.12 16:45:31 | 005,078,680 | R--- | C] (Swearware) -- C:\Users\Sebastian\Desktop\ComboFix.exe
[2013.06.12 14:12:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.12 14:12:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.12 14:12:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.12 14:10:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.12 14:10:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.12 13:35:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe
[2013.06.11 17:51:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2013.06.05 00:03:33 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\Microsoft Office 2007
[2013.06.03 12:13:03 | 000,000,000 | RHSD | C] -- C:\Users\Sebastian\AppData\Roaming\anklazol
[2013.06.03 12:12:55 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\noc
[2013.05.31 23:14:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions
[2013.05.31 23:14:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins
[2013.05.31 23:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.05.28 11:04:37 | 000,617,312 | ---- | C] (www.download-sponsor.de) -- C:\Users\Sebastian\Desktop\ICQ Ignore Checker 1.4 Setup.exe
[2013.05.25 23:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ Status Checker
[2013.05.25 23:32:57 | 000,512,000 | ---- | C] (www.download-sponsor.de) -- C:\Users\Sebastian\Desktop\ICQ_Status_Checker_1.9_Setup.exe
[2013.05.24 19:02:17 | 002,139,080 | ---- | C] (murb.com                                                    ) -- C:\Users\Sebastian\Desktop\ICQ Contact Revealer 1.1 Setup.exe
[2012.03.30 13:58:02 | 007,516,152 | ---- | C] (Wargaming.net                                               ) -- C:\Users\Sebastian\WoT_internet_install_eu.exe
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.13 23:32:38 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.13 23:32:38 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.13 23:24:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.13 23:23:54 | 2388,238,336 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.13 23:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.13 22:01:25 | 000,648,201 | ---- | M] () -- C:\Users\Sebastian\Desktop\adwcleaner.exe
[2013.06.13 21:59:09 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Sebastian\Desktop\JRT.exe
[2013.06.13 20:32:21 | 000,742,102 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.13 20:32:21 | 000,703,984 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.13 20:32:21 | 000,157,878 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.13 20:32:21 | 000,134,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.13 20:29:02 | 000,210,395 | ---- | M] () -- C:\Users\Sebastian\Desktop\S.Runge_12.06.2013.pdf
[2013.06.13 19:56:06 | 000,012,578 | ---- | M] () -- C:\Users\Sebastian\Desktop\Wahlmodule_TN_Liste_BA_BSc.pdf
[2013.06.13 17:29:14 | 000,041,174 | ---- | M] () -- C:\Users\Sebastian\Desktop\JRT.7z
[2013.06.13 17:27:24 | 001,110,476 | ---- | M] () -- C:\Users\Sebastian\Desktop\7z920.exe
[2013.06.13 15:35:20 | 000,032,685 | ---- | M] () -- C:\Users\Sebastian\Desktop\2012-Stellenausschreibung.pdf
[2013.06.13 10:04:26 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.06.13 00:34:39 | 013,169,742 | ---- | M] () -- C:\Users\Sebastian\Desktop\mbar-1.06.0.1003.zip
[2013.06.12 23:42:21 | 000,377,856 | ---- | M] () -- C:\Users\Sebastian\Desktop\f2z70jfj.exe
[2013.06.12 18:17:17 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.06.12 16:45:47 | 005,078,680 | R--- | M] (Swearware) -- C:\Users\Sebastian\Desktop\ComboFix.exe
[2013.06.12 14:25:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.06.12 13:35:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe
[2013.06.12 13:01:06 | 000,593,896 | ---- | M] () -- C:\Users\Sebastian\Desktop\983784_10151456235356139_488713995_n.png
[2013.06.11 22:09:17 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.06.11 22:09:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.06.11 21:51:27 | 000,151,575 | ---- | M] () -- C:\Users\Sebastian\Desktop\IsaacTod.jpg
[2013.06.10 08:57:20 | 000,731,701 | ---- | M] () -- C:\Users\Sebastian\Desktop\Unbenannt.png
[2013.06.10 08:50:31 | 004,658,683 | ---- | M] () -- C:\Users\Sebastian\Desktop\Kurs_1_Gruppe_4.pdf
[2013.06.10 08:46:31 | 001,829,655 | ---- | M] () -- C:\Users\Sebastian\Desktop\UR2_Digitalisierungsgebiete 2013.jpg
[2013.06.08 19:59:19 | 000,001,781 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2013.06.07 23:14:02 | 001,024,780 | ---- | M] () -- C:\Users\Sebastian\Desktop\2013_EC_Qualified_Players.pdf
[2013.06.06 20:13:13 | 000,063,248 | ---- | M] () -- C:\Users\Sebastian\Desktop\Anmeldeformular_Methoden_Geomatik_WS_2013_2014_AUSFUELLBAR_SebastianRunge.pdf
[2013.06.06 19:56:00 | 000,068,742 | ---- | M] () -- C:\Users\Sebastian\Desktop\Anmeldeformular_Methoden_Geomatik_WS_2013_2014_AUSFUELLBAR
[2013.06.05 21:17:02 | 000,015,967 | ---- | M] () -- C:\Users\Sebastian\Desktop\messages-36.zip
[2013.06.05 00:02:48 | 001,839,109 | ---- | M] () -- C:\Users\Sebastian\Desktop\rub-2009.zip
[2013.06.02 15:19:47 | 000,548,925 | ---- | M] () -- C:\Users\Sebastian\Desktop\HfNc71Y.jpg
[2013.05.28 11:04:37 | 000,617,312 | ---- | M] (www.download-sponsor.de) -- C:\Users\Sebastian\Desktop\ICQ Ignore Checker 1.4 Setup.exe
[2013.05.25 23:32:57 | 000,512,000 | ---- | M] (www.download-sponsor.de) -- C:\Users\Sebastian\Desktop\ICQ_Status_Checker_1.9_Setup.exe
[2013.05.24 19:02:07 | 002,115,087 | ---- | M] () -- C:\Users\Sebastian\Desktop\icq_contact_revealer.zip
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.13 20:29:00 | 000,210,395 | ---- | C] () -- C:\Users\Sebastian\Desktop\S.Runge_12.06.2013.pdf
[2013.06.13 19:56:06 | 000,012,578 | ---- | C] () -- C:\Users\Sebastian\Desktop\Wahlmodule_TN_Liste_BA_BSc.pdf
[2013.06.13 17:29:14 | 000,041,174 | ---- | C] () -- C:\Users\Sebastian\Desktop\JRT.7z
[2013.06.13 17:27:24 | 001,110,476 | ---- | C] () -- C:\Users\Sebastian\Desktop\7z920.exe
[2013.06.13 16:55:45 | 000,648,201 | ---- | C] () -- C:\Users\Sebastian\Desktop\adwcleaner.exe
[2013.06.13 15:35:20 | 000,032,685 | ---- | C] () -- C:\Users\Sebastian\Desktop\2012-Stellenausschreibung.pdf
[2013.06.13 00:34:21 | 013,169,742 | ---- | C] () -- C:\Users\Sebastian\Desktop\mbar-1.06.0.1003.zip
[2013.06.12 23:42:21 | 000,377,856 | ---- | C] () -- C:\Users\Sebastian\Desktop\f2z70jfj.exe
[2013.06.12 18:17:17 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.06.12 14:12:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.12 14:12:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.12 14:12:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.12 14:12:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.12 14:12:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.12 13:01:06 | 000,593,896 | ---- | C] () -- C:\Users\Sebastian\Desktop\983784_10151456235356139_488713995_n.png
[2013.06.11 21:51:27 | 000,151,575 | ---- | C] () -- C:\Users\Sebastian\Desktop\IsaacTod.jpg
[2013.06.10 08:57:20 | 000,731,701 | ---- | C] () -- C:\Users\Sebastian\Desktop\Unbenannt.png
[2013.06.10 08:50:31 | 004,658,683 | ---- | C] () -- C:\Users\Sebastian\Desktop\Kurs_1_Gruppe_4.pdf
[2013.06.10 08:46:31 | 001,829,655 | ---- | C] () -- C:\Users\Sebastian\Desktop\UR2_Digitalisierungsgebiete 2013.jpg
[2013.06.08 19:59:19 | 000,001,793 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2013.06.08 19:59:19 | 000,001,781 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2013.06.06 20:13:12 | 000,063,248 | ---- | C] () -- C:\Users\Sebastian\Desktop\Anmeldeformular_Methoden_Geomatik_WS_2013_2014_AUSFUELLBAR_SebastianRunge.pdf
[2013.06.06 19:56:00 | 000,068,742 | ---- | C] () -- C:\Users\Sebastian\Desktop\Anmeldeformular_Methoden_Geomatik_WS_2013_2014_AUSFUELLBAR
[2013.06.05 21:17:01 | 000,015,967 | ---- | C] () -- C:\Users\Sebastian\Desktop\messages-36.zip
[2013.06.05 00:02:47 | 001,839,109 | ---- | C] () -- C:\Users\Sebastian\Desktop\rub-2009.zip
[2013.06.04 20:53:51 | 001,024,780 | ---- | C] () -- C:\Users\Sebastian\Desktop\2013_EC_Qualified_Players.pdf
[2013.06.02 15:19:46 | 000,548,925 | ---- | C] () -- C:\Users\Sebastian\Desktop\HfNc71Y.jpg
[2013.05.24 19:02:07 | 002,115,087 | ---- | C] () -- C:\Users\Sebastian\Desktop\icq_contact_revealer.zip
[2013.05.14 16:09:47 | 000,000,407 | ---- | C] () -- C:\Windows\ArcView9x.INI
[2012.09.28 03:23:00 | 000,000,840 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\EasyToolz.ini
[2012.08.27 13:45:38 | 001,145,382 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\Tempmusic.ogg
[2012.08.18 21:48:28 | 000,000,051 | ---- | C] () -- C:\ProgramData\qefueqpygehfged
[2012.06.28 17:12:48 | 000,000,052 | ---- | C] () -- C:\ProgramData\aidlraxsofxebza
[2011.01.06 00:32:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 13.06.2013 23:31:37 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sebastian\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 53,18% Memory free
5,93 Gb Paging File | 4,39 Gb Available in Paging File | 74,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,56 Gb Total Space | 130,36 Gb Free Space | 59,10% Space Free | Partition Type: NTFS
 
Computer Name: PC-22 | User Name: Sebastian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sebastian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Opera\opera.exe (Opera Software)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
PRC - C:\Programme\Broadcom\BPowMon\BPowMon.exe (Broadcom Corp.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Programme\NETGEAR\WG111v3\WG111v3.exe ()
PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
MOD - C:\Programme\Opera\gstreamer\gstreamer.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstoggdec.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstwebmdec.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstffmpegcolorspace.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstcoreelements.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstaudioresample.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstaudioconvert.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstwavparse.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstdirectsound.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstdecodebin2.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstautodetect.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstwaveform.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gsttypefindfunctions.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll ()
MOD - C:\Programme\ICQ7.2\MDb.dll ()
MOD - C:\Programme\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - c:\Programme\Common Files\Roxio Shared\DLLShared\SQLite352.dll ()
MOD - C:\Programme\NETGEAR\WG111v3\WG111v3.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (RoxWatch12) -- C:\Programme\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Programme\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (NOBU) -- C:\Program Files\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (BPowMon) -- C:\Programme\Broadcom\BPowMon\BPowMon.exe (Broadcom Corp.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MEMSWEEP2) -- C:\Windows\system32\F09B.tmp File not found
DRV - (catchme) -- C:\Users\SEBAST~1\AppData\Local\Temp\catchme.sys File not found
DRV - (DrvAgent32) -- C:\Windows\System32\drivers\DrvAgent32.sys (Phoenix Technologies)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (SCR3XX2K) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (PCDSRVC{E9D79540-57D5953E-06020101}_0) -- c:\Programme\Dell Support Center\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                           )
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{D0B51842-A86C-4630-A4F2-DA6FF2479E55}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{24408C1E-C980-413B-BCA8-79DF804C2358}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=aaf9a38e-ab1c-48ef-a907-48c1b260d8c3&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{28FFCE4B-2F52-456B-8E62-A3228FE0F12D}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=aaf9a38e-ab1c-48ef-a907-48c1b260d8c3&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{7E167E07-56D7-4131-9C99-038CD5BC5175}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=aaf9a38e-ab1c-48ef-a907-48c1b260d8c3&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{A5C7A678-F953-4423-A4E6-72C855C7BBD9}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=aaf9a38e-ab1c-48ef-a907-48c1b260d8c3&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{CE80C947-7D57-4582-9E32-CA04FF756492}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=aaf9a38e-ab1c-48ef-a907-48c1b260d8c3&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{F8924446-037A-4055-976A-F90B1613043E}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=aaf9a38e-ab1c-48ef-a907-48c1b260d8c3&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Sebastian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1035\FirefoxExtension
 
[2013.05.31 23:14:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2013.06.12 14:25:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1035\TmIEPlg.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Programme\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000..\Run: [Device Detector] DevDetect.exe -autorun File not found
O4 - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40A08364-7561-4EDD-853F-3B34E3A4119D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{969497E6-2214-4FB7-B126-F5280AA8C34E}: DhcpNameServer = 10.72.0.72 10.72.0.73
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1035\TmIEPlg.dll File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.13 17:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.06.13 17:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.06.13 16:52:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.13 16:52:35 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.13 16:52:24 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Sebastian\Desktop\JRT.exe
[2013.06.13 00:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.06.13 00:35:28 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\mbar
[2013.06.12 18:17:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.06.12 18:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.06.12 18:17:16 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013.06.12 17:04:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.12 17:04:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.12 17:04:21 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\temp
[2013.06.12 16:49:29 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.06.12 16:45:31 | 005,078,680 | R--- | C] (Swearware) -- C:\Users\Sebastian\Desktop\ComboFix.exe
[2013.06.12 14:12:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.12 14:12:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.12 14:12:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.12 14:10:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.12 14:10:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.12 13:35:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe
[2013.06.11 17:51:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2013.06.05 00:03:33 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\Microsoft Office 2007
[2013.06.03 12:13:03 | 000,000,000 | RHSD | C] -- C:\Users\Sebastian\AppData\Roaming\anklazol
[2013.06.03 12:12:55 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\noc
[2013.05.31 23:14:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions
[2013.05.31 23:14:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins
[2013.05.31 23:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.05.28 11:04:37 | 000,617,312 | ---- | C] (www.download-sponsor.de) -- C:\Users\Sebastian\Desktop\ICQ Ignore Checker 1.4 Setup.exe
[2013.05.25 23:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ Status Checker
[2013.05.25 23:32:57 | 000,512,000 | ---- | C] (www.download-sponsor.de) -- C:\Users\Sebastian\Desktop\ICQ_Status_Checker_1.9_Setup.exe
[2013.05.24 19:02:17 | 002,139,080 | ---- | C] (murb.com                                                    ) -- C:\Users\Sebastian\Desktop\ICQ Contact Revealer 1.1 Setup.exe
[2012.03.30 13:58:02 | 007,516,152 | ---- | C] (Wargaming.net                                               ) -- C:\Users\Sebastian\WoT_internet_install_eu.exe
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.13 23:32:38 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.13 23:32:38 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.13 23:24:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.13 23:23:54 | 2388,238,336 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.13 23:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.13 22:01:25 | 000,648,201 | ---- | M] () -- C:\Users\Sebastian\Desktop\adwcleaner.exe
[2013.06.13 21:59:09 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Sebastian\Desktop\JRT.exe
[2013.06.13 20:32:21 | 000,742,102 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.13 20:32:21 | 000,703,984 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.13 20:32:21 | 000,157,878 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.13 20:32:21 | 000,134,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.13 20:29:02 | 000,210,395 | ---- | M] () -- C:\Users\Sebastian\Desktop\S.Runge_12.06.2013.pdf
[2013.06.13 19:56:06 | 000,012,578 | ---- | M] () -- C:\Users\Sebastian\Desktop\Wahlmodule_TN_Liste_BA_BSc.pdf
[2013.06.13 17:29:14 | 000,041,174 | ---- | M] () -- C:\Users\Sebastian\Desktop\JRT.7z
[2013.06.13 17:27:24 | 001,110,476 | ---- | M] () -- C:\Users\Sebastian\Desktop\7z920.exe
[2013.06.13 15:35:20 | 000,032,685 | ---- | M] () -- C:\Users\Sebastian\Desktop\2012-Stellenausschreibung.pdf
[2013.06.13 10:04:26 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.06.13 00:34:39 | 013,169,742 | ---- | M] () -- C:\Users\Sebastian\Desktop\mbar-1.06.0.1003.zip
[2013.06.12 23:42:21 | 000,377,856 | ---- | M] () -- C:\Users\Sebastian\Desktop\f2z70jfj.exe
[2013.06.12 18:17:17 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.06.12 16:45:47 | 005,078,680 | R--- | M] (Swearware) -- C:\Users\Sebastian\Desktop\ComboFix.exe
[2013.06.12 14:25:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.06.12 13:35:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe
[2013.06.12 13:01:06 | 000,593,896 | ---- | M] () -- C:\Users\Sebastian\Desktop\983784_10151456235356139_488713995_n.png
[2013.06.11 22:09:17 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.06.11 22:09:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.06.11 21:51:27 | 000,151,575 | ---- | M] () -- C:\Users\Sebastian\Desktop\IsaacTod.jpg
[2013.06.10 08:57:20 | 000,731,701 | ---- | M] () -- C:\Users\Sebastian\Desktop\Unbenannt.png
[2013.06.10 08:50:31 | 004,658,683 | ---- | M] () -- C:\Users\Sebastian\Desktop\Kurs_1_Gruppe_4.pdf
[2013.06.10 08:46:31 | 001,829,655 | ---- | M] () -- C:\Users\Sebastian\Desktop\UR2_Digitalisierungsgebiete 2013.jpg
[2013.06.08 19:59:19 | 000,001,781 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2013.06.07 23:14:02 | 001,024,780 | ---- | M] () -- C:\Users\Sebastian\Desktop\2013_EC_Qualified_Players.pdf
[2013.06.06 20:13:13 | 000,063,248 | ---- | M] () -- C:\Users\Sebastian\Desktop\Anmeldeformular_Methoden_Geomatik_WS_2013_2014_AUSFUELLBAR_SebastianRunge.pdf
[2013.06.06 19:56:00 | 000,068,742 | ---- | M] () -- C:\Users\Sebastian\Desktop\Anmeldeformular_Methoden_Geomatik_WS_2013_2014_AUSFUELLBAR
[2013.06.05 21:17:02 | 000,015,967 | ---- | M] () -- C:\Users\Sebastian\Desktop\messages-36.zip
[2013.06.05 00:02:48 | 001,839,109 | ---- | M] () -- C:\Users\Sebastian\Desktop\rub-2009.zip
[2013.06.02 15:19:47 | 000,548,925 | ---- | M] () -- C:\Users\Sebastian\Desktop\HfNc71Y.jpg
[2013.05.28 11:04:37 | 000,617,312 | ---- | M] (www.download-sponsor.de) -- C:\Users\Sebastian\Desktop\ICQ Ignore Checker 1.4 Setup.exe
[2013.05.25 23:32:57 | 000,512,000 | ---- | M] (www.download-sponsor.de) -- C:\Users\Sebastian\Desktop\ICQ_Status_Checker_1.9_Setup.exe
[2013.05.24 19:02:07 | 002,115,087 | ---- | M] () -- C:\Users\Sebastian\Desktop\icq_contact_revealer.zip
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.13 20:29:00 | 000,210,395 | ---- | C] () -- C:\Users\Sebastian\Desktop\S.Runge_12.06.2013.pdf
[2013.06.13 19:56:06 | 000,012,578 | ---- | C] () -- C:\Users\Sebastian\Desktop\Wahlmodule_TN_Liste_BA_BSc.pdf
[2013.06.13 17:29:14 | 000,041,174 | ---- | C] () -- C:\Users\Sebastian\Desktop\JRT.7z
[2013.06.13 17:27:24 | 001,110,476 | ---- | C] () -- C:\Users\Sebastian\Desktop\7z920.exe
[2013.06.13 16:55:45 | 000,648,201 | ---- | C] () -- C:\Users\Sebastian\Desktop\adwcleaner.exe
[2013.06.13 15:35:20 | 000,032,685 | ---- | C] () -- C:\Users\Sebastian\Desktop\2012-Stellenausschreibung.pdf
[2013.06.13 00:34:21 | 013,169,742 | ---- | C] () -- C:\Users\Sebastian\Desktop\mbar-1.06.0.1003.zip
[2013.06.12 23:42:21 | 000,377,856 | ---- | C] () -- C:\Users\Sebastian\Desktop\f2z70jfj.exe
[2013.06.12 18:17:17 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.06.12 14:12:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.12 14:12:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.12 14:12:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.12 14:12:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.12 14:12:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.12 13:01:06 | 000,593,896 | ---- | C] () -- C:\Users\Sebastian\Desktop\983784_10151456235356139_488713995_n.png
[2013.06.11 21:51:27 | 000,151,575 | ---- | C] () -- C:\Users\Sebastian\Desktop\IsaacTod.jpg
[2013.06.10 08:57:20 | 000,731,701 | ---- | C] () -- C:\Users\Sebastian\Desktop\Unbenannt.png
[2013.06.10 08:50:31 | 004,658,683 | ---- | C] () -- C:\Users\Sebastian\Desktop\Kurs_1_Gruppe_4.pdf
[2013.06.10 08:46:31 | 001,829,655 | ---- | C] () -- C:\Users\Sebastian\Desktop\UR2_Digitalisierungsgebiete 2013.jpg
[2013.06.08 19:59:19 | 000,001,793 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2013.06.08 19:59:19 | 000,001,781 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2013.06.06 20:13:12 | 000,063,248 | ---- | C] () -- C:\Users\Sebastian\Desktop\Anmeldeformular_Methoden_Geomatik_WS_2013_2014_AUSFUELLBAR_SebastianRunge.pdf
[2013.06.06 19:56:00 | 000,068,742 | ---- | C] () -- C:\Users\Sebastian\Desktop\Anmeldeformular_Methoden_Geomatik_WS_2013_2014_AUSFUELLBAR
[2013.06.05 21:17:01 | 000,015,967 | ---- | C] () -- C:\Users\Sebastian\Desktop\messages-36.zip
[2013.06.05 00:02:47 | 001,839,109 | ---- | C] () -- C:\Users\Sebastian\Desktop\rub-2009.zip
[2013.06.04 20:53:51 | 001,024,780 | ---- | C] () -- C:\Users\Sebastian\Desktop\2013_EC_Qualified_Players.pdf
[2013.06.02 15:19:46 | 000,548,925 | ---- | C] () -- C:\Users\Sebastian\Desktop\HfNc71Y.jpg
[2013.05.24 19:02:07 | 002,115,087 | ---- | C] () -- C:\Users\Sebastian\Desktop\icq_contact_revealer.zip
[2013.05.14 16:09:47 | 000,000,407 | ---- | C] () -- C:\Windows\ArcView9x.INI
[2012.09.28 03:23:00 | 000,000,840 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\EasyToolz.ini
[2012.08.27 13:45:38 | 001,145,382 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\Tempmusic.ogg
[2012.08.18 21:48:28 | 000,000,051 | ---- | C] () -- C:\ProgramData\qefueqpygehfged
[2012.06.28 17:12:48 | 000,000,052 | ---- | C] () -- C:\ProgramData\aidlraxsofxebza
[2011.01.06 00:32:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
--- --- ---
Alt 13.06.2013, 23:17   #32
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Opera schließt sich teilweise/cmd-Fenster bei PC-Start - Standard

Opera schließt sich teilweise/cmd-Fenster bei PC-Start


Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
[2012.08.18 21:48:28 | 000,000,051 | ---- | C] () -- C:\ProgramData\qefueqpygehfged
[2012.06.28 17:12:48 | 000,000,052 | ---- | C] () -- C:\ProgramData\aidlraxsofxebza
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________

__________________
Alt 13.06.2013, 23:29   #33
Rigras
 
Opera schließt sich teilweise/cmd-Fenster bei PC-Start - Standard

Opera schließt sich teilweise/cmd-Fenster bei PC-Start


Hier wäre der Log:
Code:
ATTFilter
All processes killed
========== OTL ==========
C:\ProgramData\qefueqpygehfged moved successfully.
C:\ProgramData\aidlraxsofxebza moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Sebastian\Desktop\cmd.bat deleted successfully.
C:\Users\Sebastian\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Sebastian
->Temp folder emptied: 96389484 bytes
->Temporary Internet Files folder emptied: 1062054470 bytes
->Java cache emptied: 12140007 bytes
->Opera cache emptied: 28775414 bytes
->Flash cache emptied: 75785 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 10889 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6624 bytes
RecycleBin emptied: 843034 bytes
 
Total Files Cleaned = 1.145,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
 
OTL by OldTimer - Version 3.2.69.0 log created on 06142013_002239

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Der file move vom Host wurde von Avira blockiert. Gleiches Skript nochmal mit deaktiviertem Avira durchführen?
__________________
Alt 13.06.2013, 23:52   #34
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Opera schließt sich teilweise/cmd-Fenster bei PC-Start - Standard

Opera schließt sich teilweise/cmd-Fenster bei PC-Start


Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.06.2013, 22:40   #35
Rigras
 
Opera schließt sich teilweise/cmd-Fenster bei PC-Start - Standard

Opera schließt sich teilweise/cmd-Fenster bei PC-Start


Sorry, hat etwas gedauert, hatte heute lange Uni und die Scans haben auch etwas gedauert.

Malwarebytes:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.14.04

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Sebastian :: PC-22 [Administrator]

14.06.2013 18:28:36
mbam-log-2013-06-14 (18-28-36).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 524939
Laufzeit: 2 Stunde(n), 55 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
ESET:
Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a72f3cdf4cee3e4a9f64118acc76fc3c
# engine=14075
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-14 07:32:36
# local_time=2013-06-14 09:32:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1799 16775165 100 99 992 236661646 0 0
# compatibility_mode=5893 16776573 100 94 12371 122869547 0 0
# scanned=496
# found=0
# cleaned=0
# scan_time=159
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a72f3cdf4cee3e4a9f64118acc76fc3c
# engine=14075
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-14 09:36:03
# local_time=2013-06-14 11:36:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1799 16775165 100 99 8399 236669053 1161 0
# compatibility_mode=5893 16776573 100 94 19778 122876954 0 0
# scanned=326375
# found=3
# cleaned=0
# scan_time=7375
sh=15A2917873048CA631801FF39731CC510F80EFD8 ft=1 fh=9194ec692ec7f912 vn="a variant of Win32/Agent.PRC trojan" ac=I fn="C:\Users\Sebastian\AppData\Roaming\anklazol\anklazol.scr"
sh=2D68A09E2DE3BA3CA54B32C0342C360B342915BF ft=0 fh=0000000000000000 vn="BAT/CoinMiner.BB trojan" ac=I fn="C:\Users\Sebastian\AppData\Roaming\noc\1.bat"
sh=9E1C23C22AB811DCB25443A9752CB5A934EAD4A1 ft=0 fh=0000000000000000 vn="BAT/CoinMiner.BB trojan" ac=I fn="C:\Users\Sebastian\AppData\Roaming\noc\dan.bat"
Während des ESET-Scans hat Opera versucht, sich zu öffnen. Laut der Ansicht waren das irgendwelche Ads, die er offen hatte. Oder öffnen wollte.


Alt 15.06.2013, 00:25   #36
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Opera schließt sich teilweise/cmd-Fenster bei PC-Start - Standard

Opera schließt sich teilweise/cmd-Fenster bei PC-Start


Da sind noch Reste, löschen wir:

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:Files
C:\Users\Sebastian\AppData\Roaming\anklazol
C:\Users\Sebastian\AppData\Roaming\noc
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
--> Opera schließt sich teilweise/cmd-Fenster bei PC-Start

Alt 15.06.2013, 00:38   #37
Rigras
 
Opera schließt sich teilweise/cmd-Fenster bei PC-Start - Standard

Opera schließt sich teilweise/cmd-Fenster bei PC-Start


Hier wäre der Log:
Code:
ATTFilter
All processes killed
========== FILES ==========
C:\Users\Sebastian\AppData\Roaming\anklazol folder moved successfully.
C:\Users\Sebastian\AppData\Roaming\noc folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Sebastian\Desktop\cmd.bat deleted successfully.
C:\Users\Sebastian\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Sebastian
->Temp folder emptied: 8764 bytes
->Temporary Internet Files folder emptied: 13464535 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 21153067 bytes
->Flash cache emptied: 7774 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2664 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 33,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
 
OTL by OldTimer - Version 3.2.69.0 log created on 06152013_013148

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Alt 15.06.2013, 00:48   #38
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Opera schließt sich teilweise/cmd-Fenster bei PC-Start - Standard

Opera schließt sich teilweise/cmd-Fenster bei PC-Start


Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.06.2013, 08:20   #39
Rigras
 
Opera schließt sich teilweise/cmd-Fenster bei PC-Start - Standard

Opera schließt sich teilweise/cmd-Fenster bei PC-Start


Zitat:
Zitat von cosinus Beitrag anzeigen
Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
Ja.
Bundespolizei-Trojaner.

Heute morgen...Video geladen, Java wollte sich updaten--->Avira schlägt zu--->PC gesperrt.

Ist aber eine Version, bei der man den Bildschirm wieder freibekommt. Runterfahren--->Runterfahren abbrechen-->Bildschirm frei und man kann alles machen, was man so auch machen will.

Die letzten Logs wären die, die ich hier gepostet habe.

EDIT: Da es quasi ein neues Problem ist, wäre ein neuer Thread sinnvoller oder gewünscht? Ansonsten bin ich jetzt mal weg, da ich mich aber schon in andere Themen etwas eingelesen habe: PC mit Brenner wäre vorhanden.

Alt 15.06.2013, 15:12   #40
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Opera schließt sich teilweise/cmd-Fenster bei PC-Start - Standard

Opera schließt sich teilweise/cmd-Fenster bei PC-Start


Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?



Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.06.2013, 16:01   #41
Rigras
 
Opera schließt sich teilweise/cmd-Fenster bei PC-Start - Standard

Opera schließt sich teilweise/cmd-Fenster bei PC-Start


Also, ich bin gerade normal am PC online. PC ist seltsamerweise nicht gesperrt.

Können weitere Schritte auch so durchgeführt werden?

Alt 15.06.2013, 16:03   #42
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Opera schließt sich teilweise/cmd-Fenster bei PC-Start - Standard

Opera schließt sich teilweise/cmd-Fenster bei PC-Start


Ist der jetzt doch nicht geperrt?
Mach einfach ein neues OTL-Log

  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.06.2013, 16:33   #43
Rigras
 
Opera schließt sich teilweise/cmd-Fenster bei PC-Start - Standard

Opera schließt sich teilweise/cmd-Fenster bei PC-Start


Seltsamerweise nicht gesperrt.

Hier wären die Logs:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.06.2013 17:05:05 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sebastian\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 50,81% Memory free
5,93 Gb Paging File | 4,37 Gb Available in Paging File | 73,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,56 Gb Total Space | 140,08 Gb Free Space | 63,51% Space Free | Partition Type: NTFS
 
Computer Name: PC-22 | User Name: Sebastian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sebastian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Opera\opera.exe (Opera Software)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
PRC - C:\Programme\Broadcom\BPowMon\BPowMon.exe (Broadcom Corp.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Programme\Common Files\ACD Systems\DE\DevDetect.exe (ACD Systems)
PRC - C:\Programme\NETGEAR\WG111v3\WG111v3.exe ()
PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll ()
MOD - C:\Programme\ICQ7.2\MDb.dll ()
MOD - C:\Programme\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - c:\Programme\Common Files\Roxio Shared\DLLShared\SQLite352.dll ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\AdobeXMP.dll ()
MOD - C:\Programme\NETGEAR\WG111v3\WG111v3.exe ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\ccme_base.dll ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\cryptocme2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (RoxWatch12) -- C:\Programme\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Programme\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (NOBU) -- C:\Program Files\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (BPowMon) -- C:\Programme\Broadcom\BPowMon\BPowMon.exe (Broadcom Corp.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MEMSWEEP2) -- C:\Windows\system32\F09B.tmp File not found
DRV - (catchme) -- C:\Users\SEBAST~1\AppData\Local\Temp\catchme.sys File not found
DRV - (DrvAgent32) -- C:\Windows\System32\drivers\DrvAgent32.sys (Phoenix Technologies)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (SCR3XX2K) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (PCDSRVC{E9D79540-57D5953E-06020101}_0) -- c:\Programme\Dell Support Center\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                           )
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{D0B51842-A86C-4630-A4F2-DA6FF2479E55}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{24408C1E-C980-413B-BCA8-79DF804C2358}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=aaf9a38e-ab1c-48ef-a907-48c1b260d8c3&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{28FFCE4B-2F52-456B-8E62-A3228FE0F12D}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=aaf9a38e-ab1c-48ef-a907-48c1b260d8c3&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{7E167E07-56D7-4131-9C99-038CD5BC5175}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=aaf9a38e-ab1c-48ef-a907-48c1b260d8c3&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{A5C7A678-F953-4423-A4E6-72C855C7BBD9}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=aaf9a38e-ab1c-48ef-a907-48c1b260d8c3&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{CE80C947-7D57-4582-9E32-CA04FF756492}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=aaf9a38e-ab1c-48ef-a907-48c1b260d8c3&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{F8924446-037A-4055-976A-F90B1613043E}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=aaf9a38e-ab1c-48ef-a907-48c1b260d8c3&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Sebastian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1035\FirefoxExtension
 
[2013.05.31 23:14:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2013.06.12 14:25:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1035\TmIEPlg.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Programme\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000..\Run: [ctfmon.exe] C:\ProgramData\to2coj.dat ()
O4 - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000..\Run: [Device Detector] DevDetect.exe -autorun File not found
O4 - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40A08364-7561-4EDD-853F-3B34E3A4119D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{969497E6-2214-4FB7-B126-F5280AA8C34E}: DhcpNameServer = 10.72.0.72 10.72.0.73
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1035\TmIEPlg.dll File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.15 09:27:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2013.06.15 09:12:15 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013.06.14 21:28:01 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Sebastian\Desktop\esetsmartinstaller_enu.exe
[2013.06.14 18:26:44 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Sebastian\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.13 17:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.06.13 17:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.06.13 16:52:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.13 16:52:35 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.13 16:52:24 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Sebastian\Desktop\JRT.exe
[2013.06.13 00:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.06.13 00:35:28 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\mbar
[2013.06.12 18:17:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.06.12 18:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.06.12 18:17:16 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013.06.12 17:04:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.12 17:04:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.12 17:04:21 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\temp
[2013.06.12 16:49:29 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.06.12 16:45:31 | 005,078,680 | R--- | C] (Swearware) -- C:\Users\Sebastian\Desktop\ComboFix.exe
[2013.06.12 14:12:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.12 14:12:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.12 14:12:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.12 14:10:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.12 14:10:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.12 13:35:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe
[2013.06.05 00:03:33 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\Microsoft Office 2007
[2013.05.31 23:14:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions
[2013.05.31 23:14:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins
[2013.05.31 23:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.05.28 11:04:37 | 000,617,312 | ---- | C] (www.download-sponsor.de) -- C:\Users\Sebastian\Desktop\ICQ Ignore Checker 1.4 Setup.exe
[2013.05.25 23:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ Status Checker
[2013.05.25 23:32:57 | 000,512,000 | ---- | C] (www.download-sponsor.de) -- C:\Users\Sebastian\Desktop\ICQ_Status_Checker_1.9_Setup.exe
[2013.05.24 19:02:17 | 002,139,080 | ---- | C] (murb.com                                                    ) -- C:\Users\Sebastian\Desktop\ICQ Contact Revealer 1.1 Setup.exe
[2012.03.30 13:58:02 | 007,516,152 | ---- | C] (Wargaming.net                                               ) -- C:\Users\Sebastian\WoT_internet_install_eu.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.15 17:12:33 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.06.15 17:09:24 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.15 17:05:35 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.15 17:05:35 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.15 16:56:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.15 16:56:39 | 2388,238,336 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.15 16:53:22 | 095,023,320 | ---- | M] () -- C:\ProgramData\joc2ot.pad
[2013.06.15 16:49:10 | 000,002,633 | ---- | M] () -- C:\ProgramData\joc2ot.js
[2013.06.15 09:14:23 | 000,167,936 | ---- | M] () -- C:\ProgramData\h3ozd.dat
[2013.06.15 09:12:35 | 000,001,031 | ---- | M] () -- C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
[2013.06.15 09:12:15 | 000,167,936 | ---- | M] () -- C:\ProgramData\to2coj.dat
[2013.06.15 09:12:15 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013.06.14 21:29:02 | 000,742,102 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.14 21:29:02 | 000,703,984 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.14 21:29:02 | 000,157,878 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.14 21:29:02 | 000,134,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.14 21:28:01 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Sebastian\Desktop\esetsmartinstaller_enu.exe
[2013.06.14 18:27:20 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.14 18:26:55 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Sebastian\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.13 22:01:25 | 000,648,201 | ---- | M] () -- C:\Users\Sebastian\Desktop\adwcleaner.exe
[2013.06.13 21:59:09 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Sebastian\Desktop\JRT.exe
[2013.06.13 20:29:02 | 000,210,395 | ---- | M] () -- C:\Users\Sebastian\Desktop\S.Runge_12.06.2013.pdf
[2013.06.13 19:56:06 | 000,012,578 | ---- | M] () -- C:\Users\Sebastian\Desktop\Wahlmodule_TN_Liste_BA_BSc.pdf
[2013.06.13 17:29:14 | 000,041,174 | ---- | M] () -- C:\Users\Sebastian\Desktop\JRT.7z
[2013.06.13 17:27:24 | 001,110,476 | ---- | M] () -- C:\Users\Sebastian\Desktop\7z920.exe
[2013.06.13 15:35:20 | 000,032,685 | ---- | M] () -- C:\Users\Sebastian\Desktop\2012-Stellenausschreibung.pdf
[2013.06.13 00:34:39 | 013,169,742 | ---- | M] () -- C:\Users\Sebastian\Desktop\mbar-1.06.0.1003.zip
[2013.06.12 23:42:21 | 000,377,856 | ---- | M] () -- C:\Users\Sebastian\Desktop\f2z70jfj.exe
[2013.06.12 18:17:17 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.06.12 16:45:47 | 005,078,680 | R--- | M] (Swearware) -- C:\Users\Sebastian\Desktop\ComboFix.exe
[2013.06.12 14:25:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.06.12 13:35:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe
[2013.06.12 13:01:06 | 000,593,896 | ---- | M] () -- C:\Users\Sebastian\Desktop\983784_10151456235356139_488713995_n.png
[2013.06.11 22:09:17 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.06.11 22:09:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.06.11 21:51:27 | 000,151,575 | ---- | M] () -- C:\Users\Sebastian\Desktop\IsaacTod.jpg
[2013.06.10 08:57:20 | 000,731,701 | ---- | M] () -- C:\Users\Sebastian\Desktop\Unbenannt.png
[2013.06.10 08:50:31 | 004,658,683 | ---- | M] () -- C:\Users\Sebastian\Desktop\Kurs_1_Gruppe_4.pdf
[2013.06.10 08:46:31 | 001,829,655 | ---- | M] () -- C:\Users\Sebastian\Desktop\UR2_Digitalisierungsgebiete 2013.jpg
[2013.06.08 19:59:19 | 000,001,781 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2013.06.07 23:14:02 | 001,024,780 | ---- | M] () -- C:\Users\Sebastian\Desktop\2013_EC_Qualified_Players.pdf
[2013.06.06 20:13:13 | 000,063,248 | ---- | M] () -- C:\Users\Sebastian\Desktop\Anmeldeformular_Methoden_Geomatik_WS_2013_2014_AUSFUELLBAR_SebastianRunge.pdf
[2013.06.06 19:56:00 | 000,068,742 | ---- | M] () -- C:\Users\Sebastian\Desktop\Anmeldeformular_Methoden_Geomatik_WS_2013_2014_AUSFUELLBAR
[2013.06.05 21:17:02 | 000,015,967 | ---- | M] () -- C:\Users\Sebastian\Desktop\messages-36.zip
[2013.06.05 00:02:48 | 001,839,109 | ---- | M] () -- C:\Users\Sebastian\Desktop\rub-2009.zip
[2013.06.02 15:19:47 | 000,548,925 | ---- | M] () -- C:\Users\Sebastian\Desktop\HfNc71Y.jpg
[2013.05.28 11:04:37 | 000,617,312 | ---- | M] (www.download-sponsor.de) -- C:\Users\Sebastian\Desktop\ICQ Ignore Checker 1.4 Setup.exe
[2013.05.25 23:32:57 | 000,512,000 | ---- | M] (www.download-sponsor.de) -- C:\Users\Sebastian\Desktop\ICQ_Status_Checker_1.9_Setup.exe
[2013.05.24 19:02:07 | 002,115,087 | ---- | M] () -- C:\Users\Sebastian\Desktop\icq_contact_revealer.zip
 
========== Files Created - No Company Name ==========
 
[2013.06.15 16:49:10 | 000,002,633 | ---- | C] () -- C:\ProgramData\joc2ot.js
[2013.06.15 09:14:23 | 000,167,936 | ---- | C] () -- C:\ProgramData\h3ozd.dat
[2013.06.15 09:12:35 | 000,001,031 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
[2013.06.15 09:12:22 | 095,023,320 | ---- | C] () -- C:\ProgramData\joc2ot.pad
[2013.06.15 09:12:15 | 000,167,936 | ---- | C] () -- C:\ProgramData\to2coj.dat
[2013.06.13 20:29:00 | 000,210,395 | ---- | C] () -- C:\Users\Sebastian\Desktop\S.Runge_12.06.2013.pdf
[2013.06.13 19:56:06 | 000,012,578 | ---- | C] () -- C:\Users\Sebastian\Desktop\Wahlmodule_TN_Liste_BA_BSc.pdf
[2013.06.13 17:29:14 | 000,041,174 | ---- | C] () -- C:\Users\Sebastian\Desktop\JRT.7z
[2013.06.13 17:27:24 | 001,110,476 | ---- | C] () -- C:\Users\Sebastian\Desktop\7z920.exe
[2013.06.13 16:55:45 | 000,648,201 | ---- | C] () -- C:\Users\Sebastian\Desktop\adwcleaner.exe
[2013.06.13 15:35:20 | 000,032,685 | ---- | C] () -- C:\Users\Sebastian\Desktop\2012-Stellenausschreibung.pdf
[2013.06.13 00:34:21 | 013,169,742 | ---- | C] () -- C:\Users\Sebastian\Desktop\mbar-1.06.0.1003.zip
[2013.06.12 23:42:21 | 000,377,856 | ---- | C] () -- C:\Users\Sebastian\Desktop\f2z70jfj.exe
[2013.06.12 18:17:17 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.06.12 14:12:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.12 14:12:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.12 14:12:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.12 14:12:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.12 14:12:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.12 13:01:06 | 000,593,896 | ---- | C] () -- C:\Users\Sebastian\Desktop\983784_10151456235356139_488713995_n.png
[2013.06.11 21:51:27 | 000,151,575 | ---- | C] () -- C:\Users\Sebastian\Desktop\IsaacTod.jpg
[2013.06.10 08:57:20 | 000,731,701 | ---- | C] () -- C:\Users\Sebastian\Desktop\Unbenannt.png
[2013.06.10 08:50:31 | 004,658,683 | ---- | C] () -- C:\Users\Sebastian\Desktop\Kurs_1_Gruppe_4.pdf
[2013.06.10 08:46:31 | 001,829,655 | ---- | C] () -- C:\Users\Sebastian\Desktop\UR2_Digitalisierungsgebiete 2013.jpg
[2013.06.08 19:59:19 | 000,001,793 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2013.06.08 19:59:19 | 000,001,781 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2013.06.06 20:13:12 | 000,063,248 | ---- | C] () -- C:\Users\Sebastian\Desktop\Anmeldeformular_Methoden_Geomatik_WS_2013_2014_AUSFUELLBAR_SebastianRunge.pdf
[2013.06.06 19:56:00 | 000,068,742 | ---- | C] () -- C:\Users\Sebastian\Desktop\Anmeldeformular_Methoden_Geomatik_WS_2013_2014_AUSFUELLBAR
[2013.06.05 21:17:01 | 000,015,967 | ---- | C] () -- C:\Users\Sebastian\Desktop\messages-36.zip
[2013.06.05 00:02:47 | 001,839,109 | ---- | C] () -- C:\Users\Sebastian\Desktop\rub-2009.zip
[2013.06.04 20:53:51 | 001,024,780 | ---- | C] () -- C:\Users\Sebastian\Desktop\2013_EC_Qualified_Players.pdf
[2013.06.02 15:19:46 | 000,548,925 | ---- | C] () -- C:\Users\Sebastian\Desktop\HfNc71Y.jpg
[2013.05.24 19:02:07 | 002,115,087 | ---- | C] () -- C:\Users\Sebastian\Desktop\icq_contact_revealer.zip
[2013.05.14 16:09:47 | 000,000,407 | ---- | C] () -- C:\Windows\ArcView9x.INI
[2012.09.28 03:23:00 | 000,000,840 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\EasyToolz.ini
[2012.08.27 13:45:38 | 001,145,382 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\Tempmusic.ogg
[2011.01.06 00:32:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 15.06.2013 17:05:05 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sebastian\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 50,81% Memory free
5,93 Gb Paging File | 4,37 Gb Available in Paging File | 73,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,56 Gb Total Space | 140,08 Gb Free Space | 63,51% Space Free | Partition Type: NTFS
 
Computer Name: PC-22 | User Name: Sebastian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{019A6D43-F99D-454B-8331-4BF8D4C39533}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0F3AAAFF-7424-4ED7-BE55-F5C8F64C0D0A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1A0D2A0E-2FE6-469B-A4CF-0F96C49035F8}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{1BD511F3-23CD-413C-A0E0-16299ED3DC5E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{241B7AD7-4813-4F43-9E80-267CDCDB0622}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{284DB50B-142A-4C0F-9338-56C470AE7EEC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{36A72CBE-A41B-4033-9027-94D4BAA63F7C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3B1DA2A1-7B8D-4EE8-8729-8C86852E09C0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{549486C8-5816-4EBE-B33F-344EEC516970}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{57EBD810-B3D0-4AF4-92EE-532B947AC308}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5E1E32F7-6260-496A-89CC-215BA7D68192}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{650DEAA5-92ED-4AB9-8BD0-19E72F64F8EC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6ACF7FC4-F3F8-4610-A6CE-0DED9058BE97}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6C41E85D-EA46-4ACF-936E-00B0E53EFBD8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6C9DB0DF-09CB-460F-9534-CE179949C94A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{70A05590-AF43-40F4-97AE-7CE835FEB562}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{87F5400C-340A-4033-8FB9-B670326AFE86}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8C5C2048-138E-41B8-835C-A9F2D6A2ED12}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9FFD4C24-E8A6-4430-A6B8-AE15495BDD22}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A26F3527-1D87-4AFD-8A26-350B860EB7AD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B8FD7117-EE9C-450D-8146-191DA6D30E39}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C7457914-D5CC-42EB-B68A-89422C0C3123}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C96AC0A4-E436-497E-969F-F15D0451D057}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C9CE3F85-B718-43C6-A511-730822EB454B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CA5FE1A2-1287-4C4E-938A-F28A52B97BFF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{DD92557C-C6F1-4D10-9383-C65A3D115AD1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F1689337-899F-4E93-B7A7-33C21A61C516}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F1915D1A-C42E-46AB-95D1-550059316225}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F739D5D3-4689-4985-A38A-CD213FBFD37F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F9266EC4-75C3-4A47-BF5B-8109CE6856B6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{FAF75929-D8C6-44EE-B00B-A40C614C2FB1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{045B6D30-1A73-40C8-9256-703867A78A6F}" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"{053A898C-EEAC-495C-B53F-4880520C474C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{0A381C47-999A-4BA5-948D-4F5DEB6151FE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0DC1C8DC-7A17-4005-9AFD-CBBF9E30D54A}" = protocol=6 | dir=in | app=c:\program files\maniaplanet\maniaplanet.exe | 
"{16E1543D-14A2-4352-A304-57AB30E3A12E}" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"{2D8F6F35-5F01-43F9-9599-E69FB155E78B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3FE155A1-38AE-4B34-AD84-E4CBBA2166E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{400F693C-E17D-4593-8FE2-38E28775C3A3}" = protocol=6 | dir=out | app=system | 
"{40AE51E1-1D82-41DE-A7F7-05B46B363BA4}" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"{487E25BA-506D-4A21-8193-4B491FA9072D}" = protocol=17 | dir=in | app=c:\users\sebastian\desktop\sega-emulator\fusion364\fusion.exe | 
"{533C1375-B409-4A72-95D9-BFD1B8FB655A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{54807130-1892-4FFA-B8F7-E5353B007F01}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{57B3A112-C2A9-4010-A2B9-DEB68D9A0F61}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5B29C73E-BE32-4E3B-9A65-9B8BC7AE66DC}" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"{63801116-62EE-4C4C-B52B-2A70CC2259B3}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{6D7A02DC-A839-4A24-BEC5-F3ACD0F721E0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6E50DB4D-D43F-4F01-B638-F4A1EC9F4EC7}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{6E8C1A23-75C8-4402-9BE1-3BE727D0738F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7AE01593-4314-486F-AC0B-9BE25E2BD1DE}" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"{7D4E92E2-B129-4CD4-A1A4-AF2E3602E5F1}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{87C7D84D-184E-47A7-A197-A2A928EDCCB6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{88432749-23F6-4CE3-B2A4-2881AD567FBA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8F9E991C-93C5-4E60-8F32-1C28388F9E94}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{925D6DD7-3C6A-4961-A933-356FA270ED8D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9ED4C4B4-9984-48F7-963A-2055F73B00A3}" = protocol=17 | dir=in | app=c:\program files\maniaplanet\maniaplanet.exe | 
"{A100ABE7-9391-438F-B707-5E1F46C03073}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{AEAFB152-D02E-49CE-901B-A4077FD75354}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B14ACC78-B0AE-47D0-B232-A48BB8E40897}" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"{BC92EDC0-CFEA-475C-B682-ACD4140BABBD}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{C93D30B4-E6E4-4172-A350-B9E03C472FE9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CC3F7A4F-E68D-4015-8447-839ABB8781AC}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{D1B068E2-C376-477E-AC3A-4BB92B19137E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D6F08BC0-58A4-4AE2-9A5E-6976B2CB38FC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{DB78AFC3-D451-498C-A15D-6E56632DF66B}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{E3D5521E-06AE-48A1-81E5-735284FDB7F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E568807D-D27A-49F6-9FB9-2FA75103A415}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{EDE4D1FC-DBB4-44CB-A039-C3778B719831}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{F00970AB-DE81-4AC2-8ADE-EFAB34265C1A}" = protocol=6 | dir=in | app=c:\users\sebastian\desktop\sega-emulator\fusion364\fusion.exe | 
"{F3B95B45-4013-489B-A97B-7A398A732D56}" = protocol=6 | dir=in | app=c:\users\sebastian\desktop\spiele\emulatorsupern\zsnesw.exe | 
"{F4DCD96A-8205-4116-AFD9-D4C7700AD752}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{FCC0D79C-6E79-4F71-B1B5-CE6215F79CD7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FD7B48DE-923F-4231-B5DC-A3BDE0016490}" = protocol=17 | dir=in | app=c:\users\sebastian\desktop\spiele\emulatorsupern\zsnesw.exe | 
"TCP Query User{0836C530-74DB-4993-8001-761922A996B4}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{169B2DB4-0413-4EB8-8EA5-872E434F958F}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{22E03CA3-50CE-4A4C-A3CE-101F7DC8C528}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{237AC5F3-01B5-4D7C-9976-41AE953F860E}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{4F746DCA-E64F-4BF0-B0F4-DA3ED7B5D2B8}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{6E92F75B-D3EE-4712-9558-8756CD957F02}C:\users\sebastian\desktop\spiele\emulatorsupern\zsnesw.exe" = protocol=6 | dir=in | app=c:\users\sebastian\desktop\spiele\emulatorsupern\zsnesw.exe | 
"TCP Query User{7AF21B04-1856-4B8A-BA9C-2F862AEC46B4}C:\users\sebastian\desktop\sega-emulator\fusion364\fusion.exe" = protocol=6 | dir=in | app=c:\users\sebastian\desktop\sega-emulator\fusion364\fusion.exe | 
"TCP Query User{D301CA40-C9C8-4488-98DC-DC7164518C06}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{E1E26224-F9F8-475E-A1CB-1D92FDE904DE}C:\users\sebastian\desktop\ygopro\devpro.dll" = protocol=6 | dir=in | app=c:\users\sebastian\desktop\ygopro\devpro.dll | 
"TCP Query User{E38C5B35-5659-44FF-9BB2-66374FCE0592}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{FD264759-E043-4917-8F84-89D8624AD12A}C:\program files\maniaplanet\maniaplanet.exe" = protocol=6 | dir=in | app=c:\program files\maniaplanet\maniaplanet.exe | 
"UDP Query User{4BBADF7D-65B7-4EEC-B558-028C0F6C6940}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{4DCD7F0C-D25B-4EF7-8C37-503B4038945F}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{62B85E86-91F9-4D78-A1B0-6DE43572F794}C:\users\sebastian\desktop\ygopro\devpro.dll" = protocol=17 | dir=in | app=c:\users\sebastian\desktop\ygopro\devpro.dll | 
"UDP Query User{669FE556-ADE0-42A8-9CE0-C9B48809A9B8}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{72224AA0-A4B5-4A3F-AF35-8B9D7A5AE1F0}C:\program files\maniaplanet\maniaplanet.exe" = protocol=17 | dir=in | app=c:\program files\maniaplanet\maniaplanet.exe | 
"UDP Query User{7A7908B4-6D07-4D0F-93EB-A0066D1E0194}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{7B316A6D-DC6F-4DBE-8279-FAD9BDF38D87}C:\users\sebastian\desktop\spiele\emulatorsupern\zsnesw.exe" = protocol=17 | dir=in | app=c:\users\sebastian\desktop\spiele\emulatorsupern\zsnesw.exe | 
"UDP Query User{9F9BE1C5-F388-4CE5-AE12-1E0DC7E5AEFD}C:\users\sebastian\desktop\sega-emulator\fusion364\fusion.exe" = protocol=17 | dir=in | app=c:\users\sebastian\desktop\sega-emulator\fusion364\fusion.exe | 
"UDP Query User{B6C69EC7-B6CC-47EE-8D7A-6970589772DC}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{F3BF51B3-4C60-43DB-A76F-000FCE6B2B49}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{FD10C0D2-D477-4303-94DE-3E5C47E740DD}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{289338AE-2213-4509-AED2-450414C1260C}_is1" = ICQ Update Patch 1.9
"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Foto-Manager 2009
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4688EB75-28E2-4731-9BCB-55E624F7CD45}" = Dell Backup and Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{5033400B-0977-45AB-94CE-CC135A8E1BBB}" = ArcGIS Desktop
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5A1084A3-79B7-480C-9275-D8AA0CCEFA52}" = RUBICon
"{5DB87A63-9420-48CC-9F9A-B8801D38D6B5}" = Broadcom Management Programs
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_EXCEL_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_POWERPOINT_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{90120000-0019-0000-0000-0000000FF1CE}_PUBLISHER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PUBLISHER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_WORD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_EXCEL_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_POWERPOINT_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PUBLISHER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_WORD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_EXCEL_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_POWERPOINT_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_EXCEL_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_POWERPOINT_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_EXCEL_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_POWERPOINT_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PUBLISHER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_WORD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_EXCEL_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_POWERPOINT_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PUBLISHER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_WORD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9569E6BC-326A-432F-97AB-35263A327BF1}" = Roxio Burn
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C411EF9-6EBA-46E3-8132-EDADF1CC0B16}" = SCR3xxx Smart Card Reader
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications (R) Core - English
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}" = Broadcom Gigabit NetLink Controller
"{AC76BA86-1033-F400-BA7E-100000000002}" = Adobe Acrobat 7.0 Standard - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B91B14D5-B817-4C79-BEF6-0A7A23FE6C61}" = NWZ-B170 WALKMAN Guide
"{BFD1742D-FBB1-4DA2-B187-4DFBFF1E8629}" = Mantis
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{DDD9B4E6-EEB7-4030-B141-F0E0C5429851}" = YVD
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{ED67D93D-1676-4615-99F1-CFA54CB9A3A1}_is1" = Fatal Racing,  CD-Rip (DOS, 1995)
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications (R) Core
"7-Zip" = 7-Zip 9.20
"Adobe Acrobat 7.0 Standard - EFG - V" = Adobe Acrobat 7.0 Standard - English, Français, Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v2.60
"All Out Race" = All Out Race
"ArcGIS Desktop" = ArcGIS Desktop
"Avira AntiVir Desktop" = Avira Free Antivirus
"City Racing_is1" = City Racing
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.61.5
"Dell Support Center" = Dell Support Center
"DriverAgent.exe" = DriverAgent by eSupport.com
"EXCEL" = Microsoft Office Excel 2007
"FLV Player" = FLV Player 2.0 (build 25)
"HookAnalyzer_is1" = RootKit Hook Analyzer 3.02
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"ManiaPlanet_is1" = ManiaPlanet
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"numpy-py2.5" = Python 2.5 numpy-1.0.3
"Opera 11.50.1074" = Opera 11.50
"POWERPOINT" = Microsoft Office PowerPoint 2007
"PUBLISHER" = Microsoft Office Publisher 2007
"Python 2.5 numpy-1.0.3" = Python 2.5 numpy-1.0.3
"Python 2.5.1" = Python 2.5.1
"Security Task Manager" = Security Task Manager 1.8d
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Steam App 113200" = The Binding of Isaac
"Steam App 57300" = Amnesia: The Dark Descent
"Takatis - A Tribute To Manfred Trenz" = Takatis - A Tribute To Manfred Trenz
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TmNationsForever_is1" = TmNationsForever
"Tomb Raider: Underworld" = Tomb Raider: Underworld 1.1
"WinRAR archiver" = WinRAR
"WORD" = Microsoft Office Word 2007
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2359546455-2944345457-3885489924-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.06.2013 11:00:04 | Computer Name = PC-22 | Source = PC-Doctor | ID = 1
Description = (1996) Asapi: (17:00:04:4740)(1996) libAsapi.DynamicLoadedPlugin -
 Error -- 64 Unable to load library 'S3LogPusher.dll' 
 
Error - 14.06.2013 11:00:04 | Computer Name = PC-22 | Source = PC-Doctor | ID = 1
Description = (1996) Asapi: (17:00:04:5050)(1996) Asapi.State - Error -- 123 Plugin
 S3LogPusher.dll failed to load. 
 
Error - 14.06.2013 11:10:00 | Computer Name = PC-22 | Source = PC-Doctor | ID = 1
Description = (2324) Asapi: (17:10:00:3250)(2324) libAsapi.DynamicLoadedPlugin -
 Error -- 64 Unable to load library 'S3LogPusher.dll' 
 
Error - 14.06.2013 11:10:00 | Computer Name = PC-22 | Source = PC-Doctor | ID = 1
Description = (2324) Asapi: (17:10:00:3480)(2324) Asapi.State - Error -- 123 Plugin
 S3LogPusher.dll failed to load. 
 
Error - 15.06.2013 10:51:03 | Computer Name = PC-22 | Source = PC-Doctor | ID = 1
Description = (3728) Asapi: (16:51:03:9770)(3728) libAsapi.DynamicLoadedPlugin -
 Error -- 64 Unable to load library 'S3LogPusher.dll' 
 
Error - 15.06.2013 10:51:04 | Computer Name = PC-22 | Source = PC-Doctor | ID = 1
Description = (3728) Asapi: (16:51:04:1170)(3728) Asapi.State - Error -- 123 Plugin
 S3LogPusher.dll failed to load. 
 
Error - 15.06.2013 11:00:24 | Computer Name = PC-22 | Source = PC-Doctor | ID = 1
Description = (3948) Asapi: (17:00:24:0730)(3948) libAsapi.DynamicLoadedPlugin -
 Error -- 64 Unable to load library 'S3LogPusher.dll' 
 
Error - 15.06.2013 11:00:24 | Computer Name = PC-22 | Source = PC-Doctor | ID = 1
Description = (3948) Asapi: (17:00:24:1280)(3948) Asapi.State - Error -- 123 Plugin
 S3LogPusher.dll failed to load. 
 
Error - 15.06.2013 11:10:56 | Computer Name = PC-22 | Source = PC-Doctor | ID = 1
Description = (2504) Asapi: (17:10:56:1960)(2504) libAsapi.DynamicLoadedPlugin -
 Error -- 64 Unable to load library 'S3LogPusher.dll' 
 
Error - 15.06.2013 11:10:56 | Computer Name = PC-22 | Source = PC-Doctor | ID = 1
Description = (2504) Asapi: (17:10:56:3080)(2504) Asapi.State - Error -- 123 Plugin
 S3LogPusher.dll failed to load. 
 
[ OSession Events ]
Error - 10.01.2011 12:51:44 | Computer Name = PC-22 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 152
 seconds with 120 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 14.06.2013 01:32:52 | Computer Name = PC-22 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht.
 
Error - 14.06.2013 01:32:52 | Computer Name = PC-22 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0"
 wurde aufgrund folgenden Fehlers nicht gestartet:   %%1053
 
Error - 14.06.2013 15:27:36 | Computer Name = PC-22 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst LanmanServer erreicht.
 
Error - 15.06.2013 02:02:04 | Computer Name = PC-22 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 15.06.2013 03:30:09 | Computer Name = PC-22 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x8000ffff fehlgeschlagen: Windows 7 Service Pack 1 (KB976932)
 
 
< End of report >
--- --- ---


Ich mache mal einen Doppelpost. Bitte nicht als Drängeln verstehen, ich habe nur gerade meinen PC wieder hochgefahren und möchte sagen, wie es momentan ausschaut.

Also: Gestern konnte ich ihn einmal hochfahren, ohne, dass er gesperrt ist. Heute morgen habe ich ihn hochgefahren, er war aber gesperrt. Nur nicht mit dem standardmäßigen "Urheberrechtsverletzung, zahle 100 Euro, etc."-Bildschirm, sondern ganz normal mit meinem Hintergrund, nur eben ohne Taskleiste oder Icons drauf.

Wenn ich nun auf den Power-Knopf drücke, will er herunterfahren. Wenn ich dieses Herunterfahren aber abbreche, bin ich ganz normal am PC, so wie jetzt.

Ich wollte das nur erwähnen, falls das irgendwie wichtig ist!

Alt 17.06.2013, 09:07   #44
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Opera schließt sich teilweise/cmd-Fenster bei PC-Start - Standard

Opera schließt sich teilweise/cmd-Fenster bei PC-Start


Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{7E167E07-56D7-4131-9C99-038CD5BC5175}: "URL" = http://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=aaf9a38e-ab1c-48ef-a907-48c1b260d8c3&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{A5C7A678-F953-4423-A4E6-72C855C7BBD9}: "URL" = http://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=aaf9a38e-ab1c-48ef-a907-48c1b260d8c3&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{CE80C947-7D57-4582-9E32-CA04FF756492}: "URL" = http://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=aaf9a38e-ab1c-48ef-a907-48c1b260d8c3&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{F8924446-037A-4055-976A-F90B1613043E}: "URL" = http://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=aaf9a38e-ab1c-48ef-a907-48c1b260d8c3&pid=icqt&mode=bounce&k=0
O4 - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000..\Run: [ctfmon.exe] C:\ProgramData\to2coj.dat ()
O4 - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000..\Run: [Device Detector] DevDetect.exe -autorun File not found
:Files
C:\ProgramData\rundll32.exe
C:\ProgramData\*.js
C:\ProgramData\*.dat
C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
C:\ProgramData\*.pad
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 17.06.2013, 20:54   #45
Rigras
 
Opera schließt sich teilweise/cmd-Fenster bei PC-Start - Standard

Opera schließt sich teilweise/cmd-Fenster bei PC-Start


Hier wäre der Log:

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-2359546455-2944345457-3885489924-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7E167E07-56D7-4131-9C99-038CD5BC5175}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E167E07-56D7-4131-9C99-038CD5BC5175}\ not found.
Registry key HKEY_USERS\S-1-5-21-2359546455-2944345457-3885489924-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A5C7A678-F953-4423-A4E6-72C855C7BBD9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A5C7A678-F953-4423-A4E6-72C855C7BBD9}\ not found.
Registry key HKEY_USERS\S-1-5-21-2359546455-2944345457-3885489924-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CE80C947-7D57-4582-9E32-CA04FF756492}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE80C947-7D57-4582-9E32-CA04FF756492}\ not found.
Registry key HKEY_USERS\S-1-5-21-2359546455-2944345457-3885489924-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F8924446-037A-4055-976A-F90B1613043E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8924446-037A-4055-976A-F90B1613043E}\ not found.
Registry value HKEY_USERS\S-1-5-21-2359546455-2944345457-3885489924-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe deleted successfully.
C:\ProgramData\to2coj.dat moved successfully.
Registry value HKEY_USERS\S-1-5-21-2359546455-2944345457-3885489924-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Device Detector deleted successfully.
========== FILES ==========
C:\ProgramData\rundll32.exe moved successfully.
C:\ProgramData\joc2ot.js moved successfully.
C:\ProgramData\ezsidmv.dat moved successfully.
C:\ProgramData\h3ozd.dat moved successfully.
C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk moved successfully.
C:\ProgramData\joc2ot.pad moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Sebastian\Desktop\cmd.bat deleted successfully.
C:\Users\Sebastian\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Sebastian
->Temp folder emptied: 58159404 bytes
->Temporary Internet Files folder emptied: 6089075 bytes
->Java cache emptied: 354654 bytes
->Opera cache emptied: 15517309 bytes
->Flash cache emptied: 7700 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7758 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 76,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
 
OTL by OldTimer - Version 3.2.69.0 log created on 06172013_214856

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Antwort
Seite 3 von 4 12 3 4

Themen zu Opera schließt sich teilweise/cmd-Fenster bei PC-Start
anderes, beendet, beim starten, bildschirm, cmd-fenster, exp/cve-2013-2423.dw, infizierte, kein update, malwarebytes, probleme, prozess, sekunden, starten, task manager, trojan.bitcoin, trojan.bitcoinminer, trojan.bitminer, update, version, öffnen


« Komische Weiterleitungen | Googlelinks/Links werden umgeleitet »


Ähnliche Themen: Opera schließt sich teilweise/cmd-Fenster bei PC-Start


  1. Opera: Werbungstabs bei zufälligen Klicks, teilweise als Bedrohung erkannt (Avast)
    Plagegeister aller Art und deren Bekämpfung - 03.09.2015 (5)
  2. Windows 8.1 Start dauert sehr lange. Danach öffnen sich Fenster und der PC ist zu 100% ausgelastet
    Log-Analyse und Auswertung - 28.08.2015 (6)
  3. Windows 7: CMD-Fenster öffnet und schließt sich.
    Log-Analyse und Auswertung - 20.12.2014 (10)
  4. Windows 7 32-Bit: Virus? CD-Laufwerk öffnet sich sporadisch / Cmd-Fenster beim Start
    Log-Analyse und Auswertung - 09.03.2014 (4)
  5. Opera-Update schließt Sicherheitslücken
    Nachrichten - 30.01.2013 (0)
  6. Cmd Fenster öffnet sich nach dem Start, danach ist der PC sehr langsam.
    Plagegeister aller Art und deren Bekämpfung - 11.06.2012 (17)
  7. CMD Fenster öffnet sich nach pc start ganz kurz. Virus?
    Plagegeister aller Art und deren Bekämpfung - 06.03.2012 (18)
  8. Opera schließt SVG-Lücke
    Nachrichten - 19.10.2011 (0)
  9. Beim Start öffnet sich immer kurz ein scwarzes fenster + Opera öffnet immer eine Seite
    Log-Analyse und Auswertung - 06.06.2011 (10)
  10. Opera 11.01 schließt kritische Lücke
    Nachrichten - 27.01.2011 (0)
  11. Opera 10.61 schließt Sicherheitslücken
    Nachrichten - 12.08.2010 (0)
  12. Opera 10.54 schließt kritische Sicherheitslücken
    Nachrichten - 21.06.2010 (0)
  13. Opera 10.51 schließt Sicherheitslücken
    Nachrichten - 22.03.2010 (0)
  14. firefox schließt sich sofort wieder nach den start
    Log-Analyse und Auswertung - 27.04.2009 (0)
  15. Unbekanntes Fenster öffnet sich und schließt sofort wieder
    Log-Analyse und Auswertung - 16.02.2008 (3)
  16. Festplatte arbeitet von alleine + 30-Opera Fenster öffnen sich
    Plagegeister aller Art und deren Bekämpfung - 24.01.2008 (6)
  17. Bei start von icq öffner sich fenster unten rechts mit werbung
    Log-Analyse und Auswertung - 02.08.2005 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Opera schließt sich teilweise/cmd-Fenster bei PC-Start - Hier wäre der Log: OTL Logfile: Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 13.06.2013 23:31:37 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sebastian\Desktop Home - Opera schließt sich teilweise/cmd-Fenster bei PC-Start...
Archiv
Du betrachtest: Opera schließt sich teilweise/cmd-Fenster bei PC-Start auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129