JRT-Log als Anhang.
adwCleaner-Log:
AdwCleaner Logfile: Code:
# AdwCleaner v2.303 - Datei am 13/06/2013 um 16:56:16 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium (32 bits)
# Benutzer : Sebastian - PC-22
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Sebastian\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : SearchAnonymizer
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\Program Files\Uncompressor
Ordner Gelöscht : C:\ProgramData\BrowserDefender
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Sebastian\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Ordner Gelöscht : C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uncompressor
Ordner Gelöscht : C:\Users\Sebastian\AppData\Roaming\OCS
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\5c2d6dab76abd12
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\5c2d6dab76abd12
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAnonymizer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Ocs_SM]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Opera v11.50.1074.0
Datei : C:\Users\Sebastian\AppData\Roaming\Opera\Opera\operaprefs.ini
Gelöscht : Home URL=hxxp://start.icq.com/
Gelöscht : application/vnd.unity=6,,C:\Users\Sebastian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll,[...]
Gelöscht : HostName Web Lookup Address=hxxp://search.icq.com/search/afe_results.php?q=%s&ch_id=osd&icid=opera
*************************
AdwCleaner[S1].txt - [9522 octets] - [13/06/2013 16:56:16]
########## EOF - C:\AdwCleaner[S1].txt - [9582 octets] ##########
--- --- ---
OTL-Logs:
OTL Logfile: Code:
OTL logfile created on: 13.06.2013 17:58:09 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sebastian\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,97 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 52,15% Memory free
5,93 Gb Paging File | 4,34 Gb Available in Paging File | 73,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,56 Gb Total Space | 131,13 Gb Free Space | 59,45% Space Free | Partition Type: NTFS
Computer Name: PC-22 | User Name: Sebastian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Sebastian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Opera\opera.exe (Opera Software)
PRC - C:\Users\Sebastian\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC)
PRC - C:\Programme\WebCake\WebCakeDesktop.Updater.exe (WebCake LLC)
PRC - C:\Programme\Steam\Steam.exe (Valve Corporation)
PRC - C:\Programme\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Windows\System32\schtasks.exe (Microsoft Corporation)
PRC - C:\Programme\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
PRC - C:\Programme\Broadcom\BPowMon\BPowMon.exe (Broadcom Corp.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Programme\NETGEAR\WG111v3\WG111v3.exe ()
PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
MOD - C:\Programme\Steam\bin\chromehtml.dll ()
MOD - C:\Programme\Steam\SDL2.dll ()
MOD - C:\Programme\Steam\bin\libcef.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll ()
MOD - C:\Programme\Steam\bin\avcodec-53.dll ()
MOD - C:\Programme\Steam\bin\avformat-53.dll ()
MOD - C:\Programme\Steam\bin\avutil-51.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\Programme\ICQ7.2\MDb.dll ()
MOD - C:\Programme\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - c:\Programme\Common Files\Roxio Shared\DLLShared\SQLite352.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\NETGEAR\WG111v3\WG111v3.exe ()
========== Services (SafeList) ==========
SRV - (WebCake Desktop Updater) -- C:\Program Files\WebCake\WebCakeDesktop.Updater.exe C:\Users\Sebastian\AppData\Roaming\WebCake\WebCakeDesktop.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (RoxWatch12) -- C:\Programme\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Programme\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (NOBU) -- C:\Program Files\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (BPowMon) -- C:\Programme\Broadcom\BPowMon\BPowMon.exe (Broadcom Corp.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (MEMSWEEP2) -- C:\Windows\system32\F09B.tmp File not found
DRV - (catchme) -- C:\Users\SEBAST~1\AppData\Local\Temp\catchme.sys File not found
DRV - (DrvAgent32) -- C:\Windows\System32\drivers\DrvAgent32.sys (Phoenix Technologies)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (SCR3XX2K) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (PCDSRVC{E9D79540-57D5953E-06020101}_0) -- c:\Programme\Dell Support Center\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation )
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{D0B51842-A86C-4630-A4F2-DA6FF2479E55}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119357&babsrc=HP_ss&mntrId=748300223FEE51F4
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119357&babsrc=SP_ss&mntrId=748300223FEE51F4
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{24408C1E-C980-413B-BCA8-79DF804C2358}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=aaf9a38e-ab1c-48ef-a907-48c1b260d8c3&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{28FFCE4B-2F52-456B-8E62-A3228FE0F12D}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=aaf9a38e-ab1c-48ef-a907-48c1b260d8c3&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{7E167E07-56D7-4131-9C99-038CD5BC5175}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=aaf9a38e-ab1c-48ef-a907-48c1b260d8c3&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{A5C7A678-F953-4423-A4E6-72C855C7BBD9}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=aaf9a38e-ab1c-48ef-a907-48c1b260d8c3&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{CE80C947-7D57-4582-9E32-CA04FF756492}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=aaf9a38e-ab1c-48ef-a907-48c1b260d8c3&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{F8924446-037A-4055-976A-F90B1613043E}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=aaf9a38e-ab1c-48ef-a907-48c1b260d8c3&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Sebastian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1035\FirefoxExtension
[2013.05.31 23:14:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
O1 HOSTS File: ([2013.06.12 14:25:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1035\TmIEPlg.dll File not found
O2 - BHO: (WebCake) - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Programme\WebCake\WebCakeIEClient.dll (WebCake LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Programme\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000..\Run: [Device Detector] DevDetect.exe -autorun File not found
O4 - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000..\Run: [WebCake Desktop] C:\Users\Sebastian\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC)
O4 - HKLM..\RunOnce: [Del1636403] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000..\RunOnce: [Del1636403] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40A08364-7561-4EDD-853F-3B34E3A4119D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{969497E6-2214-4FB7-B126-F5280AA8C34E}: DhcpNameServer = 10.72.0.72 10.72.0.73
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1035\TmIEPlg.dll File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.06.13 17:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.06.13 17:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.06.13 17:25:18 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender
[2013.06.13 17:25:10 | 000,000,000 | ---D | C] -- C:\Program Files\Delta
[2013.06.13 17:25:04 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\WebCake
[2013.06.13 17:25:04 | 000,000,000 | ---D | C] -- C:\Program Files\WebCake
[2013.06.13 17:25:01 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\DSite
[2013.06.13 17:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.06.13 17:24:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.06.13 17:24:57 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\Babylon
[2013.06.13 16:52:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.13 16:52:35 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.13 16:52:24 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Sebastian\Desktop\JRT.exe
[2013.06.13 00:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.06.13 00:35:28 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\mbar
[2013.06.12 18:17:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.06.12 18:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.06.12 18:17:16 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013.06.12 17:04:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.12 17:04:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.12 17:04:21 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\temp
[2013.06.12 16:49:29 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.06.12 16:45:31 | 005,078,680 | R--- | C] (Swearware) -- C:\Users\Sebastian\Desktop\ComboFix.exe
[2013.06.12 14:12:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.12 14:12:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.12 14:12:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.12 14:10:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.12 14:10:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.12 13:35:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe
[2013.06.11 17:51:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2013.06.05 00:03:33 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\Microsoft Office 2007
[2013.06.03 12:13:03 | 000,000,000 | RHSD | C] -- C:\Users\Sebastian\AppData\Roaming\anklazol
[2013.06.03 12:12:55 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\noc
[2013.05.31 23:14:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions
[2013.05.31 23:14:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins
[2013.05.31 23:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.05.28 11:04:37 | 000,617,312 | ---- | C] (www.download-sponsor.de) -- C:\Users\Sebastian\Desktop\ICQ Ignore Checker 1.4 Setup.exe
[2013.05.25 23:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ Status Checker
[2013.05.25 23:32:57 | 000,512,000 | ---- | C] (www.download-sponsor.de) -- C:\Users\Sebastian\Desktop\ICQ_Status_Checker_1.9_Setup.exe
[2013.05.24 19:02:17 | 002,139,080 | ---- | C] (murb.com ) -- C:\Users\Sebastian\Desktop\ICQ Contact Revealer 1.1 Setup.exe
[2012.03.30 13:58:02 | 007,516,152 | ---- | C] (Wargaming.net ) -- C:\Users\Sebastian\WoT_internet_install_eu.exe
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.06.13 17:29:14 | 000,041,174 | ---- | M] () -- C:\Users\Sebastian\Desktop\JRT.7z
[2013.06.13 17:27:24 | 001,110,476 | ---- | M] () -- C:\Users\Sebastian\Desktop\7z920.exe
[2013.06.13 17:25:02 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\DSite.job
[2013.06.13 17:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.13 17:06:56 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.13 17:06:56 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.13 16:58:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.13 16:57:54 | 2388,238,336 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.13 16:55:45 | 000,648,201 | ---- | M] () -- C:\Users\Sebastian\Desktop\adwcleaner.exe
[2013.06.13 16:52:24 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Sebastian\Desktop\JRT.exe
[2013.06.13 15:35:20 | 000,032,685 | ---- | M] () -- C:\Users\Sebastian\Desktop\2012-Stellenausschreibung.pdf
[2013.06.13 10:04:26 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.06.13 00:34:39 | 013,169,742 | ---- | M] () -- C:\Users\Sebastian\Desktop\mbar-1.06.0.1003.zip
[2013.06.12 23:42:21 | 000,377,856 | ---- | M] () -- C:\Users\Sebastian\Desktop\f2z70jfj.exe
[2013.06.12 18:17:17 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.06.12 16:45:47 | 005,078,680 | R--- | M] (Swearware) -- C:\Users\Sebastian\Desktop\ComboFix.exe
[2013.06.12 14:25:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.06.12 13:35:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe
[2013.06.12 13:01:06 | 000,593,896 | ---- | M] () -- C:\Users\Sebastian\Desktop\983784_10151456235356139_488713995_n.png
[2013.06.11 22:09:17 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.06.11 22:09:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.06.11 21:51:27 | 000,151,575 | ---- | M] () -- C:\Users\Sebastian\Desktop\IsaacTod.jpg
[2013.06.10 08:57:20 | 000,731,701 | ---- | M] () -- C:\Users\Sebastian\Desktop\Unbenannt.png
[2013.06.10 08:50:31 | 004,658,683 | ---- | M] () -- C:\Users\Sebastian\Desktop\Kurs_1_Gruppe_4.pdf
[2013.06.10 08:46:31 | 001,829,655 | ---- | M] () -- C:\Users\Sebastian\Desktop\UR2_Digitalisierungsgebiete 2013.jpg
[2013.06.08 19:59:19 | 000,001,781 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2013.06.07 23:14:02 | 001,024,780 | ---- | M] () -- C:\Users\Sebastian\Desktop\2013_EC_Qualified_Players.pdf
[2013.06.06 20:13:13 | 000,063,248 | ---- | M] () -- C:\Users\Sebastian\Desktop\Anmeldeformular_Methoden_Geomatik_WS_2013_2014_AUSFUELLBAR_SebastianRunge.pdf
[2013.06.06 19:56:00 | 000,068,742 | ---- | M] () -- C:\Users\Sebastian\Desktop\Anmeldeformular_Methoden_Geomatik_WS_2013_2014_AUSFUELLBAR
[2013.06.05 21:17:02 | 000,015,967 | ---- | M] () -- C:\Users\Sebastian\Desktop\messages-36.zip
[2013.06.05 00:02:48 | 001,839,109 | ---- | M] () -- C:\Users\Sebastian\Desktop\rub-2009.zip
[2013.06.02 15:19:47 | 000,548,925 | ---- | M] () -- C:\Users\Sebastian\Desktop\HfNc71Y.jpg
[2013.05.28 11:04:37 | 000,617,312 | ---- | M] (www.download-sponsor.de) -- C:\Users\Sebastian\Desktop\ICQ Ignore Checker 1.4 Setup.exe
[2013.05.25 23:32:57 | 000,512,000 | ---- | M] (www.download-sponsor.de) -- C:\Users\Sebastian\Desktop\ICQ_Status_Checker_1.9_Setup.exe
[2013.05.24 19:02:07 | 002,115,087 | ---- | M] () -- C:\Users\Sebastian\Desktop\icq_contact_revealer.zip
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.06.13 17:29:14 | 000,041,174 | ---- | C] () -- C:\Users\Sebastian\Desktop\JRT.7z
[2013.06.13 17:27:24 | 001,110,476 | ---- | C] () -- C:\Users\Sebastian\Desktop\7z920.exe
[2013.06.13 17:25:02 | 000,000,300 | ---- | C] () -- C:\Windows\tasks\DSite.job
[2013.06.13 16:55:45 | 000,648,201 | ---- | C] () -- C:\Users\Sebastian\Desktop\adwcleaner.exe
[2013.06.13 15:35:20 | 000,032,685 | ---- | C] () -- C:\Users\Sebastian\Desktop\2012-Stellenausschreibung.pdf
[2013.06.13 00:34:21 | 013,169,742 | ---- | C] () -- C:\Users\Sebastian\Desktop\mbar-1.06.0.1003.zip
[2013.06.12 23:42:21 | 000,377,856 | ---- | C] () -- C:\Users\Sebastian\Desktop\f2z70jfj.exe
[2013.06.12 18:17:17 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.06.12 14:12:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.12 14:12:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.12 14:12:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.12 14:12:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.12 14:12:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.12 13:01:06 | 000,593,896 | ---- | C] () -- C:\Users\Sebastian\Desktop\983784_10151456235356139_488713995_n.png
[2013.06.11 21:51:27 | 000,151,575 | ---- | C] () -- C:\Users\Sebastian\Desktop\IsaacTod.jpg
[2013.06.10 08:57:20 | 000,731,701 | ---- | C] () -- C:\Users\Sebastian\Desktop\Unbenannt.png
[2013.06.10 08:50:31 | 004,658,683 | ---- | C] () -- C:\Users\Sebastian\Desktop\Kurs_1_Gruppe_4.pdf
[2013.06.10 08:46:31 | 001,829,655 | ---- | C] () -- C:\Users\Sebastian\Desktop\UR2_Digitalisierungsgebiete 2013.jpg
[2013.06.08 19:59:19 | 000,001,793 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2013.06.08 19:59:19 | 000,001,781 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2013.06.06 20:13:12 | 000,063,248 | ---- | C] () -- C:\Users\Sebastian\Desktop\Anmeldeformular_Methoden_Geomatik_WS_2013_2014_AUSFUELLBAR_SebastianRunge.pdf
[2013.06.06 19:56:00 | 000,068,742 | ---- | C] () -- C:\Users\Sebastian\Desktop\Anmeldeformular_Methoden_Geomatik_WS_2013_2014_AUSFUELLBAR
[2013.06.05 21:17:01 | 000,015,967 | ---- | C] () -- C:\Users\Sebastian\Desktop\messages-36.zip
[2013.06.05 00:02:47 | 001,839,109 | ---- | C] () -- C:\Users\Sebastian\Desktop\rub-2009.zip
[2013.06.04 20:53:51 | 001,024,780 | ---- | C] () -- C:\Users\Sebastian\Desktop\2013_EC_Qualified_Players.pdf
[2013.06.02 15:19:46 | 000,548,925 | ---- | C] () -- C:\Users\Sebastian\Desktop\HfNc71Y.jpg
[2013.05.24 19:02:07 | 002,115,087 | ---- | C] () -- C:\Users\Sebastian\Desktop\icq_contact_revealer.zip
[2013.05.14 16:09:47 | 000,000,407 | ---- | C] () -- C:\Windows\ArcView9x.INI
[2012.09.28 03:23:00 | 000,000,840 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\EasyToolz.ini
[2012.08.27 13:45:38 | 001,145,382 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\Tempmusic.ogg
[2012.08.18 21:48:28 | 000,000,051 | ---- | C] () -- C:\ProgramData\qefueqpygehfged
[2012.06.28 17:12:48 | 000,000,052 | ---- | C] () -- C:\ProgramData\aidlraxsofxebza
[2011.01.06 00:32:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
--- --- ---
OTL Logfile: Code:
OTL logfile created on: 13.06.2013 17:58:09 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sebastian\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,97 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 52,15% Memory free
5,93 Gb Paging File | 4,34 Gb Available in Paging File | 73,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,56 Gb Total Space | 131,13 Gb Free Space | 59,45% Space Free | Partition Type: NTFS
Computer Name: PC-22 | User Name: Sebastian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Sebastian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Opera\opera.exe (Opera Software)
PRC - C:\Users\Sebastian\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC)
PRC - C:\Programme\WebCake\WebCakeDesktop.Updater.exe (WebCake LLC)
PRC - C:\Programme\Steam\Steam.exe (Valve Corporation)
PRC - C:\Programme\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Windows\System32\schtasks.exe (Microsoft Corporation)
PRC - C:\Programme\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
PRC - C:\Programme\Broadcom\BPowMon\BPowMon.exe (Broadcom Corp.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Programme\NETGEAR\WG111v3\WG111v3.exe ()
PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
MOD - C:\Programme\Steam\bin\chromehtml.dll ()
MOD - C:\Programme\Steam\SDL2.dll ()
MOD - C:\Programme\Steam\bin\libcef.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll ()
MOD - C:\Programme\Steam\bin\avcodec-53.dll ()
MOD - C:\Programme\Steam\bin\avformat-53.dll ()
MOD - C:\Programme\Steam\bin\avutil-51.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\Programme\ICQ7.2\MDb.dll ()
MOD - C:\Programme\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - c:\Programme\Common Files\Roxio Shared\DLLShared\SQLite352.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\NETGEAR\WG111v3\WG111v3.exe ()
========== Services (SafeList) ==========
SRV - (WebCake Desktop Updater) -- C:\Program Files\WebCake\WebCakeDesktop.Updater.exe C:\Users\Sebastian\AppData\Roaming\WebCake\WebCakeDesktop.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (RoxWatch12) -- C:\Programme\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Programme\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (NOBU) -- C:\Program Files\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (BPowMon) -- C:\Programme\Broadcom\BPowMon\BPowMon.exe (Broadcom Corp.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (MEMSWEEP2) -- C:\Windows\system32\F09B.tmp File not found
DRV - (catchme) -- C:\Users\SEBAST~1\AppData\Local\Temp\catchme.sys File not found
DRV - (DrvAgent32) -- C:\Windows\System32\drivers\DrvAgent32.sys (Phoenix Technologies)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (SCR3XX2K) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (PCDSRVC{E9D79540-57D5953E-06020101}_0) -- c:\Programme\Dell Support Center\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation )
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{D0B51842-A86C-4630-A4F2-DA6FF2479E55}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119357&babsrc=HP_ss&mntrId=748300223FEE51F4
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119357&babsrc=SP_ss&mntrId=748300223FEE51F4
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{24408C1E-C980-413B-BCA8-79DF804C2358}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=aaf9a38e-ab1c-48ef-a907-48c1b260d8c3&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{28FFCE4B-2F52-456B-8E62-A3228FE0F12D}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=aaf9a38e-ab1c-48ef-a907-48c1b260d8c3&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{7E167E07-56D7-4131-9C99-038CD5BC5175}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=aaf9a38e-ab1c-48ef-a907-48c1b260d8c3&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{A5C7A678-F953-4423-A4E6-72C855C7BBD9}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=aaf9a38e-ab1c-48ef-a907-48c1b260d8c3&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{CE80C947-7D57-4582-9E32-CA04FF756492}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=aaf9a38e-ab1c-48ef-a907-48c1b260d8c3&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\SearchScopes\{F8924446-037A-4055-976A-F90B1613043E}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=aaf9a38e-ab1c-48ef-a907-48c1b260d8c3&pid=icqt&mode=bounce&k=0
IE - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Sebastian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1035\FirefoxExtension
[2013.05.31 23:14:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
O1 HOSTS File: ([2013.06.12 14:25:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1035\TmIEPlg.dll File not found
O2 - BHO: (WebCake) - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Programme\WebCake\WebCakeIEClient.dll (WebCake LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Programme\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000..\Run: [Device Detector] DevDetect.exe -autorun File not found
O4 - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000..\Run: [WebCake Desktop] C:\Users\Sebastian\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC)
O4 - HKLM..\RunOnce: [Del1636403] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000..\RunOnce: [Del1636403] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2359546455-2944345457-3885489924-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40A08364-7561-4EDD-853F-3B34E3A4119D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{969497E6-2214-4FB7-B126-F5280AA8C34E}: DhcpNameServer = 10.72.0.72 10.72.0.73
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1035\TmIEPlg.dll File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.06.13 17:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.06.13 17:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.06.13 17:25:18 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender
[2013.06.13 17:25:10 | 000,000,000 | ---D | C] -- C:\Program Files\Delta
[2013.06.13 17:25:04 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\WebCake
[2013.06.13 17:25:04 | 000,000,000 | ---D | C] -- C:\Program Files\WebCake
[2013.06.13 17:25:01 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\DSite
[2013.06.13 17:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.06.13 17:24:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.06.13 17:24:57 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\Babylon
[2013.06.13 16:52:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.13 16:52:35 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.13 16:52:24 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Sebastian\Desktop\JRT.exe
[2013.06.13 00:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.06.13 00:35:28 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\mbar
[2013.06.12 18:17:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.06.12 18:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.06.12 18:17:16 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013.06.12 17:04:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.12 17:04:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.12 17:04:21 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\temp
[2013.06.12 16:49:29 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.06.12 16:45:31 | 005,078,680 | R--- | C] (Swearware) -- C:\Users\Sebastian\Desktop\ComboFix.exe
[2013.06.12 14:12:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.12 14:12:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.12 14:12:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.12 14:10:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.12 14:10:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.12 13:35:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe
[2013.06.11 17:51:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2013.06.05 00:03:33 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\Microsoft Office 2007
[2013.06.03 12:13:03 | 000,000,000 | RHSD | C] -- C:\Users\Sebastian\AppData\Roaming\anklazol
[2013.06.03 12:12:55 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\noc
[2013.05.31 23:14:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions
[2013.05.31 23:14:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins
[2013.05.31 23:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.05.28 11:04:37 | 000,617,312 | ---- | C] (www.download-sponsor.de) -- C:\Users\Sebastian\Desktop\ICQ Ignore Checker 1.4 Setup.exe
[2013.05.25 23:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ Status Checker
[2013.05.25 23:32:57 | 000,512,000 | ---- | C] (www.download-sponsor.de) -- C:\Users\Sebastian\Desktop\ICQ_Status_Checker_1.9_Setup.exe
[2013.05.24 19:02:17 | 002,139,080 | ---- | C] (murb.com ) -- C:\Users\Sebastian\Desktop\ICQ Contact Revealer 1.1 Setup.exe
[2012.03.30 13:58:02 | 007,516,152 | ---- | C] (Wargaming.net ) -- C:\Users\Sebastian\WoT_internet_install_eu.exe
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.06.13 17:29:14 | 000,041,174 | ---- | M] () -- C:\Users\Sebastian\Desktop\JRT.7z
[2013.06.13 17:27:24 | 001,110,476 | ---- | M] () -- C:\Users\Sebastian\Desktop\7z920.exe
[2013.06.13 17:25:02 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\DSite.job
[2013.06.13 17:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.13 17:06:56 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.13 17:06:56 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.13 16:58:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.13 16:57:54 | 2388,238,336 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.13 16:55:45 | 000,648,201 | ---- | M] () -- C:\Users\Sebastian\Desktop\adwcleaner.exe
[2013.06.13 16:52:24 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Sebastian\Desktop\JRT.exe
[2013.06.13 15:35:20 | 000,032,685 | ---- | M] () -- C:\Users\Sebastian\Desktop\2012-Stellenausschreibung.pdf
[2013.06.13 10:04:26 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.06.13 00:34:39 | 013,169,742 | ---- | M] () -- C:\Users\Sebastian\Desktop\mbar-1.06.0.1003.zip
[2013.06.12 23:42:21 | 000,377,856 | ---- | M] () -- C:\Users\Sebastian\Desktop\f2z70jfj.exe
[2013.06.12 18:17:17 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.06.12 16:45:47 | 005,078,680 | R--- | M] (Swearware) -- C:\Users\Sebastian\Desktop\ComboFix.exe
[2013.06.12 14:25:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.06.12 13:35:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe
[2013.06.12 13:01:06 | 000,593,896 | ---- | M] () -- C:\Users\Sebastian\Desktop\983784_10151456235356139_488713995_n.png
[2013.06.11 22:09:17 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.06.11 22:09:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.06.11 21:51:27 | 000,151,575 | ---- | M] () -- C:\Users\Sebastian\Desktop\IsaacTod.jpg
[2013.06.10 08:57:20 | 000,731,701 | ---- | M] () -- C:\Users\Sebastian\Desktop\Unbenannt.png
[2013.06.10 08:50:31 | 004,658,683 | ---- | M] () -- C:\Users\Sebastian\Desktop\Kurs_1_Gruppe_4.pdf
[2013.06.10 08:46:31 | 001,829,655 | ---- | M] () -- C:\Users\Sebastian\Desktop\UR2_Digitalisierungsgebiete 2013.jpg
[2013.06.08 19:59:19 | 000,001,781 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2013.06.07 23:14:02 | 001,024,780 | ---- | M] () -- C:\Users\Sebastian\Desktop\2013_EC_Qualified_Players.pdf
[2013.06.06 20:13:13 | 000,063,248 | ---- | M] () -- C:\Users\Sebastian\Desktop\Anmeldeformular_Methoden_Geomatik_WS_2013_2014_AUSFUELLBAR_SebastianRunge.pdf
[2013.06.06 19:56:00 | 000,068,742 | ---- | M] () -- C:\Users\Sebastian\Desktop\Anmeldeformular_Methoden_Geomatik_WS_2013_2014_AUSFUELLBAR
[2013.06.05 21:17:02 | 000,015,967 | ---- | M] () -- C:\Users\Sebastian\Desktop\messages-36.zip
[2013.06.05 00:02:48 | 001,839,109 | ---- | M] () -- C:\Users\Sebastian\Desktop\rub-2009.zip
[2013.06.02 15:19:47 | 000,548,925 | ---- | M] () -- C:\Users\Sebastian\Desktop\HfNc71Y.jpg
[2013.05.28 11:04:37 | 000,617,312 | ---- | M] (www.download-sponsor.de) -- C:\Users\Sebastian\Desktop\ICQ Ignore Checker 1.4 Setup.exe
[2013.05.25 23:32:57 | 000,512,000 | ---- | M] (www.download-sponsor.de) -- C:\Users\Sebastian\Desktop\ICQ_Status_Checker_1.9_Setup.exe
[2013.05.24 19:02:07 | 002,115,087 | ---- | M] () -- C:\Users\Sebastian\Desktop\icq_contact_revealer.zip
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.06.13 17:29:14 | 000,041,174 | ---- | C] () -- C:\Users\Sebastian\Desktop\JRT.7z
[2013.06.13 17:27:24 | 001,110,476 | ---- | C] () -- C:\Users\Sebastian\Desktop\7z920.exe
[2013.06.13 17:25:02 | 000,000,300 | ---- | C] () -- C:\Windows\tasks\DSite.job
[2013.06.13 16:55:45 | 000,648,201 | ---- | C] () -- C:\Users\Sebastian\Desktop\adwcleaner.exe
[2013.06.13 15:35:20 | 000,032,685 | ---- | C] () -- C:\Users\Sebastian\Desktop\2012-Stellenausschreibung.pdf
[2013.06.13 00:34:21 | 013,169,742 | ---- | C] () -- C:\Users\Sebastian\Desktop\mbar-1.06.0.1003.zip
[2013.06.12 23:42:21 | 000,377,856 | ---- | C] () -- C:\Users\Sebastian\Desktop\f2z70jfj.exe
[2013.06.12 18:17:17 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.06.12 14:12:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.12 14:12:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.12 14:12:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.12 14:12:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.12 14:12:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.12 13:01:06 | 000,593,896 | ---- | C] () -- C:\Users\Sebastian\Desktop\983784_10151456235356139_488713995_n.png
[2013.06.11 21:51:27 | 000,151,575 | ---- | C] () -- C:\Users\Sebastian\Desktop\IsaacTod.jpg
[2013.06.10 08:57:20 | 000,731,701 | ---- | C] () -- C:\Users\Sebastian\Desktop\Unbenannt.png
[2013.06.10 08:50:31 | 004,658,683 | ---- | C] () -- C:\Users\Sebastian\Desktop\Kurs_1_Gruppe_4.pdf
[2013.06.10 08:46:31 | 001,829,655 | ---- | C] () -- C:\Users\Sebastian\Desktop\UR2_Digitalisierungsgebiete 2013.jpg
[2013.06.08 19:59:19 | 000,001,793 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2013.06.08 19:59:19 | 000,001,781 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2013.06.06 20:13:12 | 000,063,248 | ---- | C] () -- C:\Users\Sebastian\Desktop\Anmeldeformular_Methoden_Geomatik_WS_2013_2014_AUSFUELLBAR_SebastianRunge.pdf
[2013.06.06 19:56:00 | 000,068,742 | ---- | C] () -- C:\Users\Sebastian\Desktop\Anmeldeformular_Methoden_Geomatik_WS_2013_2014_AUSFUELLBAR
[2013.06.05 21:17:01 | 000,015,967 | ---- | C] () -- C:\Users\Sebastian\Desktop\messages-36.zip
[2013.06.05 00:02:47 | 001,839,109 | ---- | C] () -- C:\Users\Sebastian\Desktop\rub-2009.zip
[2013.06.04 20:53:51 | 001,024,780 | ---- | C] () -- C:\Users\Sebastian\Desktop\2013_EC_Qualified_Players.pdf
[2013.06.02 15:19:46 | 000,548,925 | ---- | C] () -- C:\Users\Sebastian\Desktop\HfNc71Y.jpg
[2013.05.24 19:02:07 | 002,115,087 | ---- | C] () -- C:\Users\Sebastian\Desktop\icq_contact_revealer.zip
[2013.05.14 16:09:47 | 000,000,407 | ---- | C] () -- C:\Windows\ArcView9x.INI
[2012.09.28 03:23:00 | 000,000,840 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\EasyToolz.ini
[2012.08.27 13:45:38 | 001,145,382 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\Tempmusic.ogg
[2012.08.18 21:48:28 | 000,000,051 | ---- | C] () -- C:\ProgramData\qefueqpygehfged
[2012.06.28 17:12:48 | 000,000,052 | ---- | C] () -- C:\ProgramData\aidlraxsofxebza
[2011.01.06 00:32:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
--- --- ---
Anmerkung: Habe versehentlich diesen ZipOpener runtergeladen von der Seite (wurde mir ebenfalls als Download angeboten, habe mich verguckt)
Zwei Avira-Meldungen danach, eine mit Fehlermeldung, dass irgendein uninstaller nicht entfernt werden konnte.
EDIT: Run 3, weil ich bei Run 2 ein Häkchen vergessen habe zu setzen. |
AdwCleaner auf deinen Desktop.
