Spyhunter 4 wegen "System care Antivirus" runtergeladen wie werde ich es wieder los Hallo erstmal
also ich bin eins von den doofen die sich spyhunter 4 runtergelden hat um "System care Antivirus" los zu werden....was natürlich ein riesen fehler war
Nun brauche ich hilfe um es zu deinstallieren und meinen Lap Top wieder sauber zu bekommen! Ich habe meinen Laptop mit
OTL.exe gescant und poste hier nun die beiden logfieles:
Code:
Alles auswählen Aufklappen ATTFilter
OTL logfile created on: 10.05.2013 01:21:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\DLOAD
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,98 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 47,94% Memory free
3,97 Gb Paging File | 2,46 Gb Available in Paging File | 62,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,69 Gb Total Space | 73,96 Gb Free Space | 66,22% Space Free | Partition Type: NTFS
Computer Name: BARBARA-PC | User Name: Barabara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\DLOAD\OTL.exe (OldTimer Tools)
PRC - C:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Guard-ICQ\GuardICQ.exe ()
PRC - C:\Programme\Broadcom\Broadcom 802.11\WLTRAY.EXE (Broadcom Corporation)
PRC - C:\Programme\Broadcom\Broadcom 802.11\BCMWLTRY.EXE (Broadcom Corporation)
PRC - C:\Programme\Broadcom\Broadcom 802.11\WLTRYSVC.EXE ()
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Programme\Guard-ICQ\GuardICQ.exe ()
MOD - C:\OpenOffice.org 3\program\libxml2.dll ()
========== Services (SafeList) ==========
SRV - (MBAMService) -- C:\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (Guard.Mail.ru) -- C:\Programme\Guard-ICQ\GuardICQ.exe ()
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (wltrysvc) -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE ()
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
========== Driver Services (SafeList) ==========
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (SSHDRV86) -- C:\Windows\System32\drivers\SSHDRV86.sys ()
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={471E3FD2-4EBB-11E2-96D0-001E3705ADBB}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-911559959-953966608-761051852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={471E3FD2-4EBB-11E2-96D0-001E3705ADBB}
IE - HKU\S-1-5-21-911559959-953966608-761051852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-911559959-953966608-761051852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-911559959-953966608-761051852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 43 5A 90 3C 0D 94 CC 01 [binary data]
IE - HKU\S-1-5-21-911559959-953966608-761051852-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-911559959-953966608-761051852-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-911559959-953966608-761051852-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-911559959-953966608-761051852-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-911559959-953966608-761051852-1000\..\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3}: "URL" = hxxp://search.yahoo.com/search?ei=utf-8&fr=chr-vmn&type=photopos2_0yach&q={searchTerms}
IE - HKU\S-1-5-21-911559959-953966608-761051852-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-911559959-953966608-761051852-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={471E3FD2-4EBB-11E2-96D0-001E3705ADBB}
IE - HKU\S-1-5-21-911559959-953966608-761051852-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7BEEE6C361-6118-11DC-9C72-001320C79847%7D:1.9.0.0
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Barabara\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.11.06 12:38:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.11.06 12:38:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Mozilla Firefox\components [2013.04.12 22:29:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Mozilla Firefox\components [2013.04.12 22:29:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Mozilla Firefox\plugins
[2011.10.26 20:33:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barabara\AppData\Roaming\mozilla\Extensions
[2013.04.22 13:15:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barabara\AppData\Roaming\mozilla\Firefox\Profiles\45awupuh.default\extensions
[2012.12.13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Barabara\AppData\Roaming\mozilla\firefox\profiles\45awupuh.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2013.04.22 13:15:42 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\Barabara\AppData\Roaming\mozilla\firefox\profiles\45awupuh.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.01.07 12:53:00 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\Barabara\AppData\Roaming\mozilla\firefox\profiles\45awupuh.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2012.12.25 19:48:34 | 000,003,915 | ---- | M] () -- C:\Users\Barabara\AppData\Roaming\mozilla\firefox\profiles\45awupuh.default\searchplugins\sweetim.xml
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Programme\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (PhotoPos Toolbar) - {5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8} - C:\Program Files\PhotoposComTbr\PhotoposComTbrLib.dll File not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (PhotoPos Toolbar) - {5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8} - C:\Program Files\PhotoposComTbr\PhotoposComTbrLib.dll File not found
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-911559959-953966608-761051852-1000\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Broadcom\Broadcom 802.11\WLTRAY.EXE (Broadcom Corporation)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files\Guard-ICQ\GuardICQ.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKU\S-1-5-21-911559959-953966608-761051852-1000..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-911559959-953966608-761051852-1000..\Run: [Facebook Update] C:\Users\Barabara\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-911559959-953966608-761051852-1000..\Run: [Poqexec] C:\Users\Barabara\AppData\Local\Facebook\poqexec.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Barabara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\ICQ7.7\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DE2E367-DDC8-42BF-BF78-2939B6C9DF02}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.10 00:28:27 | 000,000,000 | ---D | C] -- C:\Users\Barabara\AppData\Local\Programs
[2013.05.10 00:27:30 | 000,000,000 | ---D | C] -- C:\Users\Barabara\AppData\Roaming\Malwarebytes
[2013.05.10 00:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.10 00:27:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.10 00:27:24 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.05.10 00:27:24 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2013.05.10 00:11:48 | 000,000,000 | ---D | C] -- C:\Users\Barabara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.05.09 23:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.05.09 23:29:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.05.09 22:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\DCE3077C58783AC50000DCE22AA040D8
[2013.05.08 18:43:08 | 000,000,000 | ---D | C] -- C:\Users\Barabara\Desktop\Vatertag
[2013.05.01 20:41:54 | 000,000,000 | ---D | C] -- C:\Users\Barabara\Desktop\101MSDCF
[2013.04.11 00:53:28 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.11 00:53:26 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.04.11 00:53:26 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.11 00:53:26 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.04.11 00:53:26 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.11 00:53:25 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.11 00:53:25 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.04.11 00:53:25 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.04.11 00:53:25 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.04.11 00:53:25 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.04.10 11:28:58 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.04.10 11:28:56 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.10 11:28:56 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.10 11:28:56 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.10 11:28:51 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013.04.10 11:28:51 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
========== Files - Modified Within 30 Days ==========
[2013.05.10 00:55:01 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2013.05.10 00:46:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.10 00:41:25 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2013.05.10 00:41:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.10 00:40:52 | 1597,480,960 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.10 00:40:02 | 000,024,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.10 00:40:01 | 000,024,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.10 00:38:04 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-911559959-953966608-761051852-1000UA.job
[2013.05.10 00:28:45 | 000,000,708 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.09 23:30:17 | 000,002,244 | ---- | M] () -- C:\Users\Barabara\Desktop\SpyHunter.lnk
[2013.05.09 18:38:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-911559959-953966608-761051852-1000Core.job
[2013.05.09 10:53:58 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.09 10:53:58 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.09 10:53:58 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.09 10:53:58 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.06 13:37:36 | 000,195,771 | ---- | M] () -- C:\Users\Barabara\Desktop\MinaWurfbeschriftete.JPG
[2013.05.06 01:11:16 | 000,187,367 | ---- | M] () -- C:\Users\Barabara\Desktop\katzewillmichtöten.jpg
[2013.05.05 18:01:58 | 000,200,826 | ---- | M] () -- C:\Users\Barabara\Desktop\MinaWurf.JPG
[2013.05.02 20:24:21 | 000,003,938 | ---- | M] () -- C:\Users\Barabara\.recently-used.xbel
[2013.05.02 20:23:48 | 001,924,361 | ---- | M] () -- C:\Users\Barabara\Desktop\DSC03751.JPG
[2013.04.27 10:34:29 | 000,013,061 | ---- | M] () -- C:\Users\Barabara\Desktop\kündigungWohnung.odt
[2013.04.22 14:44:11 | 000,133,139 | ---- | M] () -- C:\Users\Barabara\Desktop\meenew.JPG
[2013.04.15 15:47:08 | 000,186,505 | ---- | M] () -- C:\Users\Barabara\Desktop\LOrammler2.JPG
[2013.04.11 08:02:35 | 000,313,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2013.05.10 00:27:26 | 000,000,708 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.09 23:30:17 | 000,002,244 | ---- | C] () -- C:\Users\Barabara\Desktop\SpyHunter.lnk
[2013.05.06 13:37:36 | 000,195,771 | ---- | C] () -- C:\Users\Barabara\Desktop\MinaWurfbeschriftete.JPG
[2013.05.06 01:11:10 | 000,187,367 | ---- | C] () -- C:\Users\Barabara\Desktop\katzewillmichtöten.jpg
[2013.05.05 18:10:16 | 001,924,361 | ---- | C] () -- C:\Users\Barabara\Desktop\DSC03751.JPG
[2013.05.05 18:01:58 | 000,200,826 | ---- | C] () -- C:\Users\Barabara\Desktop\MinaWurf.JPG
[2013.05.02 20:24:21 | 000,003,938 | ---- | C] () -- C:\Users\Barabara\.recently-used.xbel
[2013.04.27 10:34:27 | 000,013,061 | ---- | C] () -- C:\Users\Barabara\Desktop\kündigungWohnung.odt
[2013.04.22 13:56:34 | 000,133,139 | ---- | C] () -- C:\Users\Barabara\Desktop\meenew.JPG
[2013.04.15 15:47:08 | 000,186,505 | ---- | C] () -- C:\Users\Barabara\Desktop\LOrammler2.JPG
[2013.01.12 12:58:40 | 000,076,475 | ---- | C] () -- C:\Users\Barabara\ESt2012_Schuster_Frederik.elfo
[2012.06.22 11:01:32 | 000,019,984 | ---- | C] () -- C:\Windows\System32\ESGScanner.sys
[2012.06.05 14:59:24 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.02.02 11:18:39 | 000,081,408 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV86.sys
[2011.10.26 21:51:18 | 000,000,132 | ---- | C] () -- C:\Windows\KTEL.INI
[2011.10.26 17:42:57 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2011.10.26 17:36:04 | 001,724,416 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll
[2011.10.26 17:36:04 | 001,657,376 | ---- | C] () -- C:\Windows\System32\nwiz.exe
[2011.10.26 17:36:04 | 001,507,328 | ---- | C] () -- C:\Windows\System32\nView.dll
[2011.10.26 17:36:04 | 001,101,824 | ---- | C] () -- C:\Windows\System32\nvwimg.dll
[2011.10.26 17:36:04 | 000,466,944 | ---- | C] () -- C:\Windows\System32\nvShell.dll
[2011.10.26 17:36:04 | 000,449,056 | ---- | C] () -- C:\Windows\System32\nvAppBar.exe
[2011.10.26 17:36:04 | 000,267,296 | ---- | C] () -- C:\Windows\System32\nvTaskbar.exe
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013.03.16 20:17:54 | 000,000,000 | ---D | M] -- C:\Users\Barabara\AppData\Roaming\CCS64
[2012.09.28 11:20:27 | 000,000,000 | ---D | M] -- C:\Users\Barabara\AppData\Roaming\Downloaded Installations
[2013.01.10 16:38:22 | 000,000,000 | ---D | M] -- C:\Users\Barabara\AppData\Roaming\elsterformular
[2011.10.26 17:31:57 | 000,000,000 | ---D | M] -- C:\Users\Barabara\AppData\Roaming\GHISLER
[2013.04.22 14:31:15 | 000,000,000 | ---D | M] -- C:\Users\Barabara\AppData\Roaming\gtk-2.0
[2013.05.04 00:03:23 | 000,000,000 | ---D | M] -- C:\Users\Barabara\AppData\Roaming\ICQ
[2012.03.19 23:42:39 | 000,000,000 | ---D | M] -- C:\Users\Barabara\AppData\Roaming\ICQ Search
[2011.10.26 21:52:53 | 000,000,000 | ---D | M] -- C:\Users\Barabara\AppData\Roaming\klickTel
[2012.09.28 19:17:35 | 000,000,000 | ---D | M] -- C:\Users\Barabara\AppData\Roaming\Nitro PDF
[2011.10.27 11:41:35 | 000,000,000 | ---D | M] -- C:\Users\Barabara\AppData\Roaming\OpenOffice.org
[2011.11.01 18:09:19 | 000,000,000 | ---D | M] -- C:\Users\Barabara\AppData\Roaming\Photopos
[2012.08.31 00:18:18 | 000,000,000 | ---D | M] -- C:\Users\Barabara\AppData\Roaming\PhotoScape
[2011.10.26 21:40:23 | 000,000,000 | ---D | M] -- C:\Users\Barabara\AppData\Roaming\URSoft
[2011.12.10 07:08:02 | 000,000,000 | ---D | M] -- C:\Users\Barabara\AppData\Roaming\Visan
[2013.05.08 18:42:46 | 000,000,000 | ---D | M] -- C:\Users\Barabara\AppData\Roaming\Webocton - Scriptly
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:1CE11B51
< End of report >
Code:
Alles auswählen Aufklappen ATTFilter
OTL Extras logfile created on: 10.05.2013 01:21:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\DLOAD
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,98 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 47,94% Memory free
3,97 Gb Paging File | 2,46 Gb Available in Paging File | 62,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,69 Gb Total Space | 73,96 Gb Free Space | 66,22% Space Free | Partition Type: NTFS
Computer Name: BARBARA-PC | User Name: Barabara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-911559959-953966608-761051852-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000BB7A4-C1FC-483C-BFFB-2AF4D015EA23}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{07CB539E-7A35-45CD-BDC2-C894DB8500B2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{189DD414-1FC9-4088-82AE-30FDE8953809}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3233CAAA-146A-4805-A2F0-3B25D916F2CB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{32C6D1F5-8F73-495A-8B1F-01AF1746C97C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3BF23732-1B51-4D66-A6CA-3F187A3E9585}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{45E53659-BF31-4085-966F-AF7E404EC7A4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{49BD0E4F-8518-40A5-AA5B-CFC854651FFF}" = lport=445 | protocol=6 | dir=in | app=system |
"{4C9CDE31-BA47-4143-89D3-662BBD27E31F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6238C907-B8D4-4969-A122-846F53A2227B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{64A483C3-6AFD-4ABC-B788-668AEBA51990}" = rport=2869 | protocol=6 | dir=out | app=system |
"{6606E270-F21F-4279-8EFF-1F234E1CD1F4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6C70F0AF-AC6F-4BFF-934C-B447AB6F831A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{77B408C3-3719-405F-82B8-D0D1ECCC61A0}" = lport=138 | protocol=17 | dir=in | app=system |
"{7C1F1ECF-EFB9-407C-9B7A-3561D08E2683}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7C5FE83C-B91B-4CE5-8241-24E5086D6CD5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{84AAA9FF-4FC4-49D1-96B0-C837A44010D3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8B061C4A-E517-4818-A653-FC03D04BE48A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{971C0746-5863-4A07-AF47-F4B1CE1A3635}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{98BBFDCD-6B0B-4419-8D56-30D08FE88299}" = rport=445 | protocol=6 | dir=out | app=system |
"{9FF64E66-F6AD-4956-A148-2378E82C59A9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A0DADEEC-093B-46F7-8D2C-9B117DE4A51E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AB4FA859-104C-4FD1-9635-5C36968E6DAB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{ADE3FF9E-CDFB-476F-8078-5EA993C124EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B1924FD8-825D-49B6-894D-69B98F76ABDC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BA83B152-A238-4A1F-B4E9-5AC6A89420A6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BF4A2FD8-9ECA-4A6F-8924-E18E1C37D1F0}" = lport=137 | protocol=17 | dir=in | app=system |
"{C71F4E64-DF1D-4C2E-8B5D-071A029AB295}" = rport=137 | protocol=17 | dir=out | app=system |
"{CE3B55AB-691D-483C-8D19-C74F123A4C2F}" = lport=139 | protocol=6 | dir=in | app=system |
"{D8492970-CF5D-4708-B03D-F25118383565}" = rport=139 | protocol=6 | dir=out | app=system |
"{DAE5D382-52C2-46BC-BA35-3E028C72504C}" = rport=138 | protocol=17 | dir=out | app=system |
"{DF61CF9F-416F-4704-ABB2-F87BC57A73A0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E02E8471-E554-4253-9A52-D30D33261A11}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E32B03FE-A03E-4FC0-B0D9-51013F9F7242}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E6B5382C-F502-4649-BA05-1251CE605B2E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F7A87142-D866-4268-B248-AA069CD53441}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F89D9FBC-FEED-488F-9593-F5184F5B0B31}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FCEC6766-55F8-4CF7-8A39-281E41348898}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FD3AD774-90CD-437C-94A9-E52E52C3F75E}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07EDCD79-9FEA-44B8-8E68-7624BC9E0937}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{08BE35E9-90AE-436B-B0EC-59DD2A1AED13}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0AC6DE00-C1D5-46B5-84EE-3F1409377898}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0DC98C18-7210-4F1F-91CC-DF5F1A5E8150}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{122B7433-DC09-44FC-84E4-8CDDEC21BC62}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1C32088F-53FF-4263-9964-70E468E1F0FB}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{20AD03D2-7858-40AF-960B-A9A991399AC5}" = protocol=6 | dir=in | app=c:\icq7.7\icq.exe |
"{254B27F9-0B98-432E-9ED6-5D72F582EB42}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{40F0F64A-DF90-4D1B-9F27-692CC6937EE0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{428518BC-66DD-4BE0-B408-AEF47CAF0C76}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{48730D9F-2E33-4B2B-A4AC-0694D9640D6E}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{4B0AB78B-CF94-4758-BC18-46B69FAA0BEA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4C19D6E1-5506-4A87-A6C1-7AF921B1128C}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{71BE8F2B-0D7F-48B6-9DFD-1A8CC4F70A44}" = dir=in | app=c:\users\barabara\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{785F940B-B032-4548-92DB-7D93150241CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{87727156-F603-4E9B-9337-A14B9CCE9CCC}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{920ED720-EDFD-4346-9EE1-29613D43AEF6}" = protocol=17 | dir=in | app=c:\icq7.7\icq.exe |
"{9405A739-DCC5-4E94-80BC-6992893532D7}" = protocol=17 | dir=in | app=c:\icq7.7\icq.exe |
"{957E74BD-452D-44B9-A3DD-3FCD3D821DF0}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A4FD273A-E04A-4515-BAAA-9215FE1D557C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B2C31C05-32BE-4A6E-8068-2A79E7095A7C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BACC0D6D-560C-4BA4-99C3-EBAD2260C640}" = protocol=6 | dir=in | app=c:\icq7.7\icq.exe |
"{C57D4A6B-D5C1-4D2F-AA12-C5C204EC844A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C70BB8B0-7EF3-451F-AEE3-4C10ACE74860}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CB9EFBB6-FFF2-44AA-9B47-949C8D7F20B1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D1D131B3-354A-466B-A959-DCFFC26746E7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D24046F9-4D7E-42BC-9A70-06B082349D20}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D428E374-763A-4522-949A-CC13EF1C5467}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{D98C1E22-F9B7-4C1B-B940-69DB933E9AD1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EB8DB8E8-FF43-4DA7-91FF-83447BF5FDF9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ECD03D4A-3F78-4DAC-AFAB-A7E1FE406B34}" = protocol=6 | dir=out | app=system |
"{FA1BD7F5-3B1C-4E49-84EB-A07311B921B1}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"TCP Query User{133CBBDB-EB30-466A-8967-737E9698BA70}C:\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\icq7.7\icq.exe |
"TCP Query User{93EBD5C4-0907-47E3-A3DC-3A61AFECC3F4}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{B54C6CA1-E0E0-4ED3-B357-035AB64C9A22}C:\users\barabara\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=6 | dir=in | app=c:\users\barabara\appdata\local\temp\rarsfx0\bie_kms.exe |
"UDP Query User{37CD603E-D7E3-419F-9EDC-BCDECFBDD60F}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{A753EA96-CD16-4124-95DF-54FD045DC725}C:\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\icq7.7\icq.exe |
"UDP Query User{F1DBFA2F-1289-4F9F-92F2-3D06ED1E8EB6}C:\users\barabara\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=17 | dir=in | app=c:\users\barabara\appdata\local\temp\rarsfx0\bie_kms.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}" = ICQ Sparberater
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{1061DF04-CF33-40B0-8360-D07C9BBEB122}" = HP Wireless Assistant
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{40AAB711-8EFF-4830-8B39-017D3F66983D}" = Studie zur Verbesserung von HP Deskjet 1050 J410 series Produkten
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Hilfe
"{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7
"{A7C78AC4-C094-4298-9F10-2AA7AC0E8576}" = Windows 7 Manager
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B7B5A370-3DFF-4F0E-AE11-FD267C4938AA}" = CCS64 V3.9
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{FE19B8A3-C79D-4A90-8F7C-1B206DB00CFC}" = HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"ElsterFormular" = ElsterFormular
"Guard.Mail.ru" = Guard.ICQ
"HP Photo Creations" = HP Photo Creations
"ICQToolbar" = ICQ Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"nView Desktop Manager" = NVIDIA nView Desktop Manager
"PhotoScape" = PhotoScape
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.6
"WinGimp-2.0_is1" = GIMP 2.6.11
"YU2010_is1" = Your Uninstaller! 7
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-911559959-953966608-761051852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{20677A52-CEFA-436F-B7EB-F9E95D438A03}" = klickTel Routenplaner Deutschland und Europa 2011
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.02.2013 19:00:01 | Computer Name = Barbara-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.02.2013 09:53:20 | Computer Name = Barbara-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.02.2013 06:30:48 | Computer Name = Barbara-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.02.2013 06:37:53 | Computer Name = Barbara-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.02.2013 05:31:37 | Computer Name = Barbara-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.02.2013 17:19:12 | Computer Name = Barbara-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.02.2013 07:48:57 | Computer Name = Barbara-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.02.2013 03:30:22 | Computer Name = Barbara-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.03.2013 06:44:19 | Computer Name = Barbara-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.03.2013 07:43:33 | Computer Name = Barbara-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 07.05.2013 11:49:11 | Computer Name = Barbara-PC | Source = ipnathlp | ID = 31004
Description =
Error - 07.05.2013 12:01:20 | Computer Name = Barbara-PC | Source = ipnathlp | ID = 31004
Description =
Error - 07.05.2013 12:11:20 | Computer Name = Barbara-PC | Source = ipnathlp | ID = 31004
Description =
Error - 08.05.2013 04:17:02 | Computer Name = Barbara-PC | Source = ipnathlp | ID = 31004
Description =
Error - 08.05.2013 09:17:14 | Computer Name = Barbara-PC | Source = ipnathlp | ID = 31004
Description =
Error - 09.05.2013 10:43:08 | Computer Name = Barbara-PC | Source = ipnathlp | ID = 31004
Description =
Error - 09.05.2013 16:31:11 | Computer Name = Barbara-PC | Source = DCOM | ID = 10010
Description =
Error - 09.05.2013 16:31:14 | Computer Name = Barbara-PC | Source = DCOM | ID = 10010
Description =
Error - 09.05.2013 17:05:48 | Computer Name = Barbara-PC | Source = ipnathlp | ID = 31004
Description =
Error - 09.05.2013 17:06:52 | Computer Name = Barbara-PC | Source = DCOM | ID = 10010
Description =
< End of report >
10.05.2013, 00:43
also ich bin eins von den doofen die sich spyhunter 4 runtergelden hat um "System care Antivirus" los zu werden....was natürlich ein riesen fehler war 
Nun brauche ich hilfe um es zu deinstallieren und meinen Lap Top wieder sauber zu bekommen! Ich habe meinen Laptop mit OTL.exe gescant und poste hier nun die beiden logfieles:
Baum-Darstellung