Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Problem... System Care Antivirus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.06.2013, 12:22   #1
Fuselchen
 
Problem... System Care Antivirus - Standard

Problem... System Care Antivirus



Liebe Helfer,
ich habe mir den Virus "System Care Antivirus" eingefangen.
Mein Virenprogramm (Avira Free) hat es nicht als Virus erkannt, ich habe es dann aber mit Rechtsklick gelöscht. Danach war mein Internet aber immer noch gesperrt und mein Virenprogramm erkennt es nicht. Ich habe mir auf Ratschläge SpyHunter runtergeladen. Das hat mir dann ca 400 Bedrohungen angezeigt, da ich mich aber Registrieren musste um sie zu entfernen, habe ich es wieder deinstalliert.
Wie werde ich das Ding nun wieder los? Versteh nicht wirklich viel von Pc`s, bitte Helft mir.
Danke schonmal.

Alt 11.06.2013, 12:26   #2
aharonov
/// TB-Ausbilder
 
Problem... System Care Antivirus - Standard

Problem... System Care Antivirus



Hi,

mach bitte einen OTL-Scan.
(Wenn der nicht läuft, dann versuch ihn im abgesicherten Modus.)


Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
  • Doppelklick auf die OTL.exe.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Setze den Haken bei Scan all Users.
  • Klicke nun auf Run Scan.
  • Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
  • Poste den Inhalt dieser Logfiles hier in den Thread.
__________________

__________________

Alt 11.06.2013, 12:31   #3
Fuselchen
 
Problem... System Care Antivirus - Standard

Problem... System Care Antivirus



Hallo Leo,

im normalen Modus läuft nichts mehr. Kann Browser nicht aufmachen, etc... Bin jetzt im abgesicherten Modus und der Scan läuft.

Ach da fällt mir noch ein. Ich hatte den Pfad verfolgt und die Datei unter C/ProgramData/ ... gelöscht..

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.06.2013 13:26:46 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Schwarzkopf\Downloads
 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,09 Mb Total Physical Memory | 260,47 Mb Available Physical Memory | 25,71% Memory free
1,99 Gb Paging File | 0,87 Gb Available in Paging File | 43,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 150,36 Gb Total Space | 100,83 Gb Free Space | 67,06% Space Free | Partition Type: NTFS
Drive D: | 4,00 Gb Total Space | 0,00 Gb Free Space | 0,07% Space Free | Partition Type: FAT32
Drive E: | 58,59 Gb Total Space | 24,20 Gb Free Space | 41,29% Space Free | Partition Type: NTFS
Drive F: | 6,83 Gb Total Space | 6,74 Gb Free Space | 98,61% Space Free | Partition Type: NTFS
 
Computer Name: **** | User Name: **** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2013.05.29 07:27:40 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe
PRC - [2013.04.15 20:23:10 | 000,636,984 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avscan.exe
PRC - [2013.04.04 11:22:39 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.04.04 11:22:07 | 000,330,976 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avcenter.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.29 07:27:38 | 000,393,168 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\ppgooglenaclpluginchrome.dll
MOD - [2013.05.29 07:27:37 | 013,136,336 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
MOD - [2013.05.29 07:27:35 | 004,051,408 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\pdf.dll
MOD - [2013.05.29 07:26:36 | 001,597,392 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll
MOD - [2013.01.25 10:25:19 | 000,397,704 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.29 22:54:47 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.15 00:11:29 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.25 22:08:37 | 004,561,152 | ---- | M] () [Auto | Stopped] -- c:\program files\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Stopped] -- C:\Programme\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.06.11 15:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.06.08 19:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Programme\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Stopped] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.05.31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\Drivers\vmm.sys -- (vmm)
DRV - [2013.03.06 16:13:37 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.02.27 13:22:36 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.02.27 13:22:36 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011.10.01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011.10.01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011.10.01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011.10.01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011.05.06 14:30:00 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2011.05.06 14:29:50 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2010.08.24 11:55:52 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010.06.17 08:50:38 | 000,082,768 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2010.05.31 06:04:30 | 006,766,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2010.04.29 05:58:18 | 000,026,112 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\androidusb.sys -- (androidusb)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009.06.03 04:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2009.06.03 04:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009.06.03 04:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\..\SearchScopes\{66C5836D-DEFF-45BA-AFBB-707984009DAF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcphp?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentBar_DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.12 23:12:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.12 23:12:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.29 22:54:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.29 22:54:35 | 000,000,000 | ---D | M]
 
[2011.01.12 23:19:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schwarzkopf\AppData\Roaming\mozilla\Extensions
[2012.10.23 22:03:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schwarzkopf\AppData\Roaming\mozilla\Firefox\Profiles\hemm06rf.default\extensions
[2011.02.18 23:29:49 | 000,000,931 | ---- | M] () -- C:\Users\Schwarzkopf\AppData\Roaming\mozilla\firefox\profiles\hemm06rf.default\searchplugins\conduit.xml
[2013.06.06 21:41:08 | 000,001,056 | ---- | M] () -- C:\Users\Schwarzkopf\AppData\Roaming\mozilla\firefox\profiles\hemm06rf.default\searchplugins\icqplugin.xml
[2013.05.29 22:54:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.29 22:54:49 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Users\Schwarzkopf\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Schwarzkopf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AndroidManager] C:\Programme\Acer\Android Manager\AML.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [iPatchData] C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.)
O4 - HKLM..\Run: [iSyncData] C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Windows Phone Device Manager] %SystemRoot%\WPDeviceManager\WPDeviceManager.exe /Minimized File not found
O4 - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000..\Run: [AdobeBridge]  File not found
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000..\RunOnce: [EAE861358C144B7C0000EAE7765855BC] C:\ProgramData\EAE861358C144B7C0000EAE7765855BC\EAE861358C144B7C0000EAE7765855BC.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A632C51-5B6F-4B06-9A89-072FBC954228}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B698268-35D3-4D38-987D-C9E625510D77}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.11 13:24:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Schwarzkopf\Desktop\OTL.exe
[2013.06.11 12:40:30 | 000,000,000 | ---D | C] -- C:\Users\Schwarzkopf\AppData\Roaming\Avira
[2013.06.11 12:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.06.11 12:39:36 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.06.11 12:39:33 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.06.11 12:39:33 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.06.11 12:39:33 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.06.11 12:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.06.11 12:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.06.11 12:37:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.06.11 12:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.06.11 12:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.06.11 11:43:54 | 000,000,000 | ---D | C] -- C:\Users\Schwarzkopf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus
[2013.06.11 11:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\EAE861358C144B7C0000EAE7765855BC
[2013.06.11 00:41:53 | 000,000,000 | ---D | C] -- C:\628e1ae67b04584f994b3f
[2013.06.05 12:46:47 | 000,000,000 | ---D | C] -- C:\0efff197f899bed11d9c39ee99907b
[2013.05.29 22:54:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.11 13:24:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Schwarzkopf\Desktop\OTL.exe
[2013.06.11 12:39:51 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.06.11 12:24:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.11 12:24:08 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.11 12:11:09 | 000,001,417 | ---- | M] () -- C:\Users\Schwarzkopf\Desktop\Internet Explorer.lnk
[2013.06.11 12:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.11 12:09:42 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.11 12:09:42 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.11 12:02:19 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.11 11:51:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.11 00:19:42 | 000,000,486 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Schwarzkopf.job
[2013.06.03 21:16:18 | 000,088,066 | ---- | M] () -- C:\Users\Schwarzkopf\Desktop\417259_244746778936699_269408118_n.jpg
[2013.05.22 23:19:57 | 001,557,764 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.22 23:19:57 | 000,913,726 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.22 23:19:57 | 000,424,502 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.22 23:19:57 | 000,370,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.17 00:01:17 | 000,750,566 | ---- | M] () -- C:\Users\Schwarzkopf\Desktop\rezepte.odt
[2013.05.16 23:48:41 | 000,030,310 | ---- | M] () -- C:\Users\Schwarzkopf\Desktop\wERaJr9IGkA.jpg
[2013.05.15 00:11:28 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.15 00:11:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.11 12:39:51 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.06.11 12:11:09 | 000,001,417 | ---- | C] () -- C:\Users\Schwarzkopf\Desktop\Internet Explorer.lnk
[2013.06.03 21:16:18 | 000,088,066 | ---- | C] () -- C:\Users\Schwarzkopf\Desktop\417259_244746778936699_269408118_n.jpg
[2013.05.16 23:48:33 | 000,030,310 | ---- | C] () -- C:\Users\Schwarzkopf\Desktop\wERaJr9IGkA.jpg
[2012.09.18 20:47:38 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2011.08.03 20:34:29 | 000,747,592 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011.08.03 20:34:29 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011.08.03 20:34:23 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011.04.05 09:46:34 | 000,000,017 | ---- | C] () -- C:\Users\Schwarzkopf\AppData\Local\resmon.resmoncfg
[2010.09.17 09:19:26 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:5D7E5A8F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:CDFF58FE
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:93EB7685
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:798A3728
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:0B9176C0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E3C56885

< End of report >
         
--- --- ---

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 11.06.2013 13:26:46 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Schwarzkopf\Downloads
 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,09 Mb Total Physical Memory | 260,47 Mb Available Physical Memory | 25,71% Memory free
1,99 Gb Paging File | 0,87 Gb Available in Paging File | 43,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 150,36 Gb Total Space | 100,83 Gb Free Space | 67,06% Space Free | Partition Type: NTFS
Drive D: | 4,00 Gb Total Space | 0,00 Gb Free Space | 0,07% Space Free | Partition Type: FAT32
Drive E: | 58,59 Gb Total Space | 24,20 Gb Free Space | 41,29% Space Free | Partition Type: NTFS
Drive F: | 6,83 Gb Total Space | 6,74 Gb Free Space | 98,61% Space Free | Partition Type: NTFS
 
Computer Name: **** | User Name: **** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-1538815386-1360257484-1440407808-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00EBDE38-EBD2-46A3-A027-1B16CA8B60A4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{08AC6EC2-569E-4EB3-A27E-48F80A32D6FC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1E156DDF-8AD4-47AF-904A-7C399535BAEF}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2153F927-D48D-44CA-B406-B958BC9D8F51}" = rport=445 | protocol=6 | dir=out | app=system | 
"{21C266F6-9C34-43F5-A194-89D722057CAF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3242AB49-7E17-466B-9016-913CD0B79B92}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4D80F127-21E8-4D68-9F5E-59B482208D7A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{560808DF-EF96-475D-B352-39F69811121F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{57F20841-151A-4E7A-A3B2-734AC89F72A1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{602C19D6-BB51-4220-B687-25D38BFF393A}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{6449F8FA-151A-48E9-8837-BE1A21330DAC}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{6853A993-2A1C-42D8-8A0E-DC7071458651}" = rport=137 | protocol=17 | dir=out | app=system | 
"{6E1E87EC-4BE2-4BF8-B404-83A9FA1DE434}" = lport=139 | protocol=6 | dir=in | app=system | 
"{83D79587-D806-4186-9ACC-6FE17CA9E055}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{84BA74E1-20C8-4EB8-8151-800E7AE19D87}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{869A9DA0-9FA2-4F9A-8DE6-0C1B5FA1764C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8BBA2365-6624-4A22-9372-8C54AE8A6B8C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9A882DB4-4032-4E9A-8E3F-455356550C18}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{A17098D7-F932-4F8C-8ADE-C1C7F172A57C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{AEB85A04-78B8-4886-926B-24C376F1204F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C4BC5600-B248-4B74-B9DD-5C97AD8C2D28}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D8A4DAC7-64C5-4FBD-B623-3F9D8661AA23}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E5CE09EB-8308-4E0C-A22E-6E1BAE6C92C3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{E80DC7CE-661A-457C-B723-55DDFAF966BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E8EAB94A-F19E-4FA9-94CF-1AD75F4720B0}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E9BA94E2-F3CA-41D7-838E-B31F8F677B2F}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{EA489DB3-2FC8-43CD-8854-CB5E9D655082}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{ED23EAA6-086B-4B8E-9F2D-38D2B169D2B7}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0296315E-62A0-40D1-B7DF-3E63E15B3F9E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{03072959-3AF2-44C7-AC88-0C7C51096A47}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{0FC57E6D-B5F1-48A8-AA8D-EF897DE761F0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{15FB9C5E-8DFD-4D67-9AFC-CEED7801A62E}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{218700D3-F966-48A2-8ACF-55112CD7579B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{263AE682-67CF-4F23-BBFF-5539A731A57C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2C579BFD-8C52-4E53-934F-E16FE0F8A73D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{34F9B783-3FB5-4843-8D29-62924B8CC405}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{378262F6-1B11-4AD3-83F4-B41BEA3B5078}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3CC9A872-EC23-4B8A-AC42-000B901433C3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{40E8DF96-FE40-42C2-8E31-C1986453D85F}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{4C534AB6-A4F7-4426-8763-1A9BCBB90900}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{517880C9-A4F2-4DED-A056-61AAA0275E7C}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe | 
"{521D256E-D0F2-4990-A918-576C5CBDCCC3}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{5A70DAA3-50D1-4522-B452-4490E6CCABF0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5E610AF6-2BFD-4797-A51A-05176D168F95}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{65DEE09A-334A-409A-A44C-0AE070F3B10F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{67FA9129-0C27-4CBC-B714-3DA2A9E1E4CA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{6ED8C307-BBBB-4CC8-ACE5-0A01A73EA99B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{722F40FF-B618-478C-877E-939DCEE5BB21}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{7B5ED14A-99B3-4DBA-9F80-7A2B4125A397}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{7F0CC4F3-3CCA-4AEA-845E-2FE9C982E52E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8B24EC8D-4E43-46BB-B978-0650A8261543}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8CCE8C30-4078-4939-A34B-39B7B74EE255}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{9605CBF2-9ECA-4BD3-9C7D-7F27E36F988F}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{9E29F4BC-7645-4940-99DF-272F881EC4C3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A861AA3D-9A47-44EE-AA96-764BAD27722F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AF389ED7-CD52-430E-8F01-96142DF82B05}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{B13E3178-F255-4F61-8C5E-77953D54B3AE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{BC6832E0-8A16-456D-8811-CAA1E571C18D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BEC88545-26FC-4DC3-8859-50A7753BE2EB}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{C037A0A2-ABAF-47A5-B953-B20A6398DA80}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C9158238-A973-42C0-BB26-8BF5C2ADDFFD}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D4423A4F-B81D-4442-983D-785F31BD3E97}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D6E06F9A-F336-4301-9876-6F5427F9A701}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E871C08D-696F-43B2-89B7-478A84D737D2}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F284F22E-BE85-474D-807C-1B577AD04718}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F2C37C57-64AB-47FE-AF46-4624379EDDDE}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{F7088C92-4689-4558-B1A7-87D55CBB3CE5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F97692D2-3096-4D66-A91C-5580303F9270}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | 
"{FAFED988-D873-47A0-8F67-0F6F79F3D93A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{F15A67CE-5C55-4E08-91A6-2FA64B24BD73}C:\program files\adobe\adobe flash cs5\flash.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe flash cs5\flash.exe | 
"UDP Query User{62EBE24E-3B5A-4194-812F-7B9C3E445F01}C:\program files\adobe\adobe flash cs5\flash.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe flash cs5\flash.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{067B277E-F94B-4F04-B380-BA967C00377C}_is1" = MiniTool Partition Wizard Home Edition 6.0
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.4 MUI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"3B29FD3CCF1F5B855DA0C521597413EBABE97DFB" = ENE USB Card Reader Driver
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira Free Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"conduitEngine" = Conduit Engine
"CWM Toolkit x86" = CWM Toolkit x86
"DivX Setup" = DivX-Setup
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Identity Card" = Identity Card
"InstallShield_{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"LManager" = Launch Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.3.2
"NSS" = Norton Security Scan
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Picasa 3" = Picasa 3
"PokerStars.net" = PokerStars.net
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.02.2013 15:37:57 | Computer Name = Schwarzkopf-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 14.02.2013 15:37:57 | Computer Name = Schwarzkopf-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "MSDTC Bridge 4.0.0.0" (MSDTC Bridge 4.0.0.0). Der Fehlercode ist das
 erste DWORD im Datenbereich.
 
Error - 17.02.2013 16:59:38 | Computer Name = Schwarzkopf-PC | Source = Desktop Window Manager | ID = 9020
Description = Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x0) 
festgestellt.
 
Error - 17.02.2013 17:14:27 | Computer Name = Schwarzkopf-PC | Source = Windows Backup | ID = 4104
Description = 
 
Error - 19.02.2013 14:09:32 | Computer Name = Schwarzkopf-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Error: Der Server lieferte eine ungültige oder
 unbekannte Rückmeldung.   ErrorCode: 14007(0x36b7). 
 
Error - 20.02.2013 12:10:53 | Computer Name = Schwarzkopf-PC | Source = Application Virtualization Client | ID = 5009
Description = {tid=10E8} Application Virtualization Client konnte keine Verbindung
 mit der Datenstrom-URL 'file://C:\ProgramData\VirtualizedApplications\Patch_ready\{90140011-0066-0407-0000-0000000FF1CE}\01c00e55-2b11-40ee-a550-31da869f2210.dsft'
 herstellen (Rückgabecode 27A02A0A-30007003, ursprünglicher Rückgabecode 27A02A0A-30007003).
 
Error - 21.02.2013 08:35:52 | Computer Name = Schwarzkopf-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Error: Der Server lieferte eine ungültige oder
 unbekannte Rückmeldung.   ErrorCode: 14007(0x36b7). 
 
Error - 25.02.2013 17:02:44 | Computer Name = Schwarzkopf-PC | Source = Windows Backup | ID = 4104
Description = 
 
Error - 02.03.2013 08:21:04 | Computer Name = Schwarzkopf-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 19.0.0.4794,
 Zeitstempel: 0x511ed1c1  Name des fehlerhaften Moduls: xul.dll, Version: 19.0.0.4794,
 Zeitstempel: 0x511ed0fe  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00155858  ID des fehlerhaften
 Prozesses: 0x1014  Startzeit der fehlerhaften Anwendung: 0x01ce173a10f6e971  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Mozilla Firefox\xul.dll  Berichtskennung: a65d7a01-8333-11e2-b0fa-1c75082fa5c8
 
Error - 04.03.2013 06:22:36 | Computer Name = Schwarzkopf-PC | Source = Windows Backup | ID = 4104
Description = 
 
[ System Events ]
Error - 11.06.2013 07:45:01 | Computer Name = Schwarzkopf-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 11.06.2013 07:45:55 | Computer Name = Schwarzkopf-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 11.06.2013 07:45:55 | Computer Name = Schwarzkopf-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 11.06.2013 07:45:55 | Computer Name = Schwarzkopf-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 11.06.2013 07:47:55 | Computer Name = Schwarzkopf-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 11.06.2013 07:47:55 | Computer Name = Schwarzkopf-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 11.06.2013 07:47:55 | Computer Name = Schwarzkopf-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 11.06.2013 07:50:01 | Computer Name = Schwarzkopf-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 11.06.2013 07:50:01 | Computer Name = Schwarzkopf-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 11.06.2013 07:50:01 | Computer Name = Schwarzkopf-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
--- --- ---
__________________

Geändert von Fuselchen (11.06.2013 um 13:05 Uhr)

Alt 11.06.2013, 13:21   #4
aharonov
/// TB-Ausbilder
 
Problem... System Care Antivirus - Standard

Problem... System Care Antivirus



Hallo Fuselchen und

Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten.

Eins vorneweg: Ich kann dir keine Garantien geben, dass ich alles finden werde. Bei schwerwiegenden Infektionen ist ein Formatieren und Neuinstallieren meist der schnellere und immer der sicherere Weg.
Wenn du dich für eine Bereinigung entscheidest, dann sollten wir gründlich vorgehen. Bleib also dran, bis ich dir eindeutig mitteile, dass wir fertig sind.
Auch wenn die auffälligen Symptome schon früh verschwinden, bedeutet das nicht, dass dein Rechner dann schon sauber und sicher ist.

Hinweise zum Ablauf
  • Du bekommst von mir jeweils eine individuell auf dich abgestimmte schrittweise Anleitung.
    • Lese diese Anweisungen immer zuerst vollständig durch und frag bei Unklarheiten nach, bevor du beginnst.
    • Arbeite die Anleitungen dann sorgfältig und in der angegebenen Reihenfolge ab und poste deine Rückmeldungen und Logfiles erst zum Schluss gesammelt in einer Antwort.
    • Füge den Inhalt der Logfiles wenn immer möglich innerhalb von Code-Tags in deine Antwort ein.
    • Sollten Probleme auftauchen, dann brich an dieser Stelle ab und schildere sie so gut wie möglich.
  • Es ist wichtig für mich, dass sich der Zustand deines Systems nicht plötzlich unvorhersehbar ändert:
    • Lasse keine Scanner oder Tools ohne Aufforderung laufen. Lösche nichts auf eigene Faust.
    • Installiere oder deinstalliere während der Bereinigung keine Software.

Los geht's:

Das Ding lebt noch.
Bitte Combofix ebenfalls im abgesicherten Modus mit Netzwerktreibern ausführen:


Schritt 1

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.




Bitte poste in deiner nächsten Antwort:
  • Log von Combofix
__________________
cheers,
Leo

Alt 11.06.2013, 13:56   #5
Fuselchen
 
Problem... System Care Antivirus - Standard

Problem... System Care Antivirus



Leo, ich bin dir echt soooo Dankbar, dass du mir hilfst. Ich wüsst sonst nicht was ich machen soll.... Anbei die Datei

Combofix Logfile:
Code:
ATTFilter
ComboFix 13-06-08.02 - **** 11.06.2013  14:35:57.1.2 - x86 NETWORK
Microsoft Windows 7 Starter   6.1.7600.0.1252.49.1031.18.1013.476 [GMT 2:00]
ausgeführt von:: c:\users\Schwarzkopf\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-11 bis 2013-06-11  ))))))))))))))))))))))))))))))
.
.
2013-06-11 12:47 . 2013-06-11 12:47	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-11 10:40 . 2013-06-11 10:40	--------	d-----w-	c:\users\Schwarzkopf\AppData\Roaming\Avira
2013-06-11 10:39 . 2013-03-06 14:13	37352	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-06-11 10:39 . 2013-02-27 11:22	84744	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-06-11 10:39 . 2013-02-27 11:22	135136	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-06-11 10:39 . 2013-06-11 10:39	--------	d-----w-	c:\programdata\Avira
2013-06-11 10:39 . 2013-06-11 10:39	--------	d-----w-	c:\program files\Avira
2013-06-11 10:27 . 2013-06-11 10:27	--------	d-----w-	c:\program files\Enigma Software Group
2013-06-11 10:27 . 2013-06-11 10:37	--------	d-----w-	c:\windows\E89498D814304A2BA76A4A71326981E9.TMP
2013-06-11 10:26 . 2013-06-11 10:27	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2013-06-10 22:41 . 2013-06-10 22:41	--------	d-----w-	C:\628e1ae67b04584f994b3f
2013-06-09 21:17 . 2013-05-13 06:19	7016152	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{85858210-82BF-46D7-9254-4797D92E6E38}\mpengine.dll
2013-06-05 10:46 . 2013-06-05 10:46	--------	d-----w-	C:\0efff197f899bed11d9c39ee99907b
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-14 22:11 . 2012-04-15 20:40	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-05-14 22:11 . 2011-06-09 15:50	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 00:06 . 2011-01-12 20:42	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-04-12 13:58 . 2013-04-24 07:34	1210728	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-03-25 20:39 . 2013-03-25 20:39	4546560	----a-w-	c:\windows\system32\GPhotos.scr
2013-03-23 07:25 . 2013-03-23 07:26	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-03-23 07:25 . 2012-11-24 10:43	861088	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-03-23 07:25 . 2011-02-11 21:01	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-03-19 05:06 . 2013-04-10 19:37	3958120	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:06 . 2013-04-10 19:37	3902312	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 04:54 . 2013-04-10 19:37	38912	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 02:50 . 2013-04-10 19:37	69632	----a-w-	c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-11-13 3913000]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-13 20:58	3913000	----a-w-	c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2010-11-13 20:58	3913000	----a-w-	c:\program files\softonic-de3\tbsoft.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-11-13 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-11-13 3913000]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40	120176	----a-w-	c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-08-10 975952]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-08-03 9398888]
"SuiteTray"="c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"mwlDaemon"="c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-16 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"iSyncData"="c:\program files\Acer\Android Manager\iSync.exe" [2010-01-08 407416]
"AndroidManager"="c:\program files\Acer\Android Manager\AML.exe" [2010-01-08 508280]
"iPatchData"="c:\program files\Acer\Updater\iUpdate.exe" [2010-07-21 492096]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 715296]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-04-04 345312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-9-17 704032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-06 37352]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 18992]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 16432]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60976]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-02-25 86752]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2010-08-10 321104]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 735776]
R2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-04-29 26112]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2010-06-17 82768]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-05-06 16472]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-05-06 11104]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-08-24 68208]
S3 NETw5s32;Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-05-31 6766080]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
Akamai	REG_MULTI_SZ   	Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-05 08:51	1165776	----a-w-	c:\program files\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 22:11]
.
2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-12 21:07]
.
2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-12 21:07]
.
2013-06-10 c:\windows\Tasks\Norton Security Scan for Schwarzkopf.job
- c:\program files\Norton Security Scan\Engine\2.7.6.13\Nss.exe [2011-04-10 00:27]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://acer.msn.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Schwarzkopf\AppData\Roaming\Mozilla\Firefox\Profiles\hemm06rf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-Windows Phone Device Manager - c:\windows\WPDeviceManager\WPDeviceManager.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ca0e279.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-11  14:52:37
ComboFix-quarantined-files.txt  2013-06-11 12:52
.
Vor Suchlauf: 14 Verzeichnis(se), 109.207.007.232 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 110.309.421.056 Bytes frei
.
- - End Of File - - B22B9CB1B1B007C82C3F10F34CC8E9CC
         
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31


Alt 11.06.2013, 14:05   #6
aharonov
/// TB-Ausbilder
 
Problem... System Care Antivirus - Standard

Problem... System Care Antivirus



Ok, weiter:


Schritt 1

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 2

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von AdwCleaner
  • Log von OTL
__________________
--> Problem... System Care Antivirus

Alt 11.06.2013, 14:41   #7
Fuselchen
 
Problem... System Care Antivirus - Standard

Problem... System Care Antivirus



Ich bin wieder im normalem Modus, ist das richtig so? Auf jeden Fall ist es mir möglich jetzt ins Internet zu gehen. juhuuu..... Ich danke dir dafür auf jeden Fall schon


Schritt 1AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.303 - Datei am 11/06/2013 um 15:09:08 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Starter  (32 bits)
# Benutzer : ****
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\Schwarzkopf\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Schwarzkopf\AppData\Roaming\Mozilla\Firefox\Profiles\hemm06rf.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\Schwarzkopf\AppData\Roaming\Mozilla\Firefox\Profiles\hemm06rf.default\searchplugins\icqplugin.xml
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\ConduitEngine
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files\softonic-de3
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Schwarzkopf\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Schwarzkopf\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Schwarzkopf\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Schwarzkopf\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Schwarzkopf\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Schwarzkopf\AppData\LocalLow\softonic-de3

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\softonic-de3
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E5A3A1D1-536A-442D-B4DC-4CFA19FACD79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{18741C1F-08E3-4B62-82DD-C931F4306CC1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97AE5974-3B3A-4ACF-AAB5-C7D38594B93F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winrar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winrar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E5A3A1D1-536A-442D-B4DC-4CFA19FACD79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\softonic-de3 Toolbar
Schlüssel Gelöscht : HKLM\Software\softonic-de3
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7600.17267

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.icq.com/ --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Schwarzkopf\AppData\Roaming\Mozilla\Firefox\Profiles\hemm06rf.default\prefs.js

Gelöscht : user_pref("browser.search.defaultthis.engineName", "uTorrentBar_DE Customized Web Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&Sea[...]
Gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", 5);
Gelöscht : user_pref("extensions.BabylonToolbar.cntry", "DE");
Gelöscht : user_pref("extensions.BabylonToolbar.firstRun", false);
Gelöscht : user_pref("extensions.BabylonToolbar.hdrMd5", "AE22A96DC149F03632772B010170364F");
Gelöscht : user_pref("extensions.BabylonToolbar.lastActv", "5");
Gelöscht : user_pref("extensions.BabylonToolbar.lastDP", 5);
Gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Gelöscht : user_pref("icqtoolbar.engineVerified", false);
Gelöscht : user_pref("icqtoolbar.geolastmodified", 1306157801);
Gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Gelöscht : user_pref("icqtoolbar.icqgeo", 86);
Gelöscht : user_pref("icqtoolbar.installTime", "1306157801");
Gelöscht : user_pref("icqtoolbar.newtab_state", "1");
Gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Gelöscht : user_pref("icqtoolbar.previousFFVersion", "3.6.13");
Gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Gelöscht : user_pref("icqtoolbar.suggestions", false);
Gelöscht : user_pref("icqtoolbar.uninstStatSent", true);
Gelöscht : user_pref("icqtoolbar.uniqueID", "129717192012971719651297201206562");
Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1306157806);
Gelöscht : user_pref("icqtoolbar.voucherHideClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherWasShown", 0);
Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
Gelöscht : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=");

-\\ Google Chrome v27.0.1453.110

Datei : C:\Users\Schwarzkopf\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [8724 octets] - [11/06/2013 15:09:08]

########## EOF - C:\AdwCleaner[S1].txt - [8784 octets] ##########
         
--- --- ---



Schritt 2OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.06.2013 15:17:42 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Schwarzkopf\Desktop
 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,09 Mb Total Physical Memory | 154,30 Mb Available Physical Memory | 15,23% Memory free
1,99 Gb Paging File | 0,94 Gb Available in Paging File | 47,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 150,36 Gb Total Space | 102,84 Gb Free Space | 68,40% Space Free | Partition Type: NTFS
Drive D: | 4,00 Gb Total Space | 0,00 Gb Free Space | 0,07% Space Free | Partition Type: FAT32
Drive E: | 58,59 Gb Total Space | 24,20 Gb Free Space | 41,29% Space Free | Partition Type: NTFS
Drive F: | 6,83 Gb Total Space | 6,74 Gb Free Space | 98,61% Space Free | Partition Type: NTFS
 
Computer Name: ***** | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.11 13:24:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Schwarzkopf\Desktop\OTL.exe
PRC - [2013.05.29 07:27:40 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe
PRC - [2013.04.15 20:32:44 | 000,597,560 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\update.exe
PRC - [2013.04.04 11:22:39 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.01.25 10:25:19 | 000,046,960 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\updrgui.exe
PRC - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.08.10 11:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\dsiwmis.exe
PRC - [2010.08.10 11:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LMworker.exe
PRC - [2010.07.21 03:53:50 | 000,492,096 | ---- | M] (Insyde Software Corp.) -- C:\Programme\Acer\Updater\iUpdate.exe
PRC - [2010.06.11 15:28:06 | 000,715,296 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2010.06.11 15:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2010.06.11 15:27:54 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2010.06.08 19:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.06.08 19:49:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.05.27 04:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010.03.11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec IPS\PmmUpdate.exe
PRC - [2010.03.11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec IPS\EgisUpdate.exe
PRC - [2010.02.09 20:57:46 | 000,704,032 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\AcerVCM.exe
PRC - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Registration\GREGsvc.exe
PRC - [2010.01.08 11:53:30 | 000,407,416 | ---- | M] (Insyde Software Corp.) -- C:\Programme\Acer\Android Manager\iSync.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.29 07:27:38 | 000,393,168 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\ppgooglenaclpluginchrome.dll
MOD - [2013.05.29 07:27:35 | 004,051,408 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\pdf.dll
MOD - [2013.05.29 07:26:40 | 000,599,504 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\libglesv2.dll
MOD - [2013.05.29 07:26:39 | 000,124,368 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\libegl.dll
MOD - [2013.05.29 07:26:36 | 001,597,392 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll
MOD - [2013.02.15 16:53:24 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll
MOD - [2013.01.13 17:23:21 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\688a9b0bfdffc236fee58a764d0c4442\IAStorUtil.ni.dll
MOD - [2013.01.12 11:53:36 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll
MOD - [2013.01.12 11:49:47 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
MOD - [2013.01.12 11:48:03 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll
MOD - [2013.01.12 11:47:27 | 005,452,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\0880ac36745e1f01eb7bcccf1638fa7d\System.Xml.ni.dll
MOD - [2013.01.12 11:47:14 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll
MOD - [2013.01.12 11:47:11 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
MOD - [2013.01.12 11:46:47 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.11.09 20:34:34 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.09 20:34:29 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.07.20 14:54:12 | 000,411,136 | ---- | M] () -- C:\Programme\Acer\Android Manager\DEU.dll
MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Programme\Launch Manager\CdDirIo.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.29 22:54:47 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.15 00:11:29 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.25 22:08:37 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Programme\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.06.11 15:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.06.08 19:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Programme\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.05.31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\Drivers\vmm.sys -- (vmm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\SCHWAR~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013.03.06 16:13:37 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.02.27 13:22:36 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.02.27 13:22:36 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011.10.01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011.10.01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011.10.01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011.10.01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011.05.06 14:30:00 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2011.05.06 14:29:50 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2010.08.24 11:55:52 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010.06.17 08:50:38 | 000,082,768 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2010.05.31 06:04:30 | 006,766,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2010.04.29 05:58:18 | 000,026,112 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\androidusb.sys -- (androidusb)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009.06.03 04:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2009.06.03 04:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009.06.03 04:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\..\SearchScopes\{66C5836D-DEFF-45BA-AFBB-707984009DAF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.12 23:12:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.12 23:12:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.29 22:54:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.29 22:54:35 | 000,000,000 | ---D | M]
 
[2011.01.12 23:19:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schwarzkopf\AppData\Roaming\mozilla\Extensions
[2012.10.23 22:03:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schwarzkopf\AppData\Roaming\mozilla\Firefox\Profiles\hemm06rf.default\extensions
[2013.05.29 22:54:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.29 22:54:49 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Users\Schwarzkopf\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Schwarzkopf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
 
O1 HOSTS File: ([2013.06.11 14:48:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AndroidManager] C:\Programme\Acer\Android Manager\AML.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [iPatchData] C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.)
O4 - HKLM..\Run: [iSyncData] C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A632C51-5B6F-4B06-9A89-072FBC954228}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B698268-35D3-4D38-987D-C9E625510D77}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.11 15:17:26 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.06.11 14:52:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.11 14:52:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.11 14:32:33 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.06.11 14:28:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.11 14:28:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.11 14:28:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.11 14:26:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.11 14:26:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.11 14:23:43 | 005,078,680 | R--- | C] (Swearware) -- C:\Users\Schwarzkopf\Desktop\ComboFix.exe
[2013.06.11 13:24:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Schwarzkopf\Desktop\OTL.exe
[2013.06.11 12:40:30 | 000,000,000 | ---D | C] -- C:\Users\Schwarzkopf\AppData\Roaming\Avira
[2013.06.11 12:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.06.11 12:39:36 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.06.11 12:39:33 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.06.11 12:39:33 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.06.11 12:39:33 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.06.11 12:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.06.11 12:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.06.11 12:37:44 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013.06.11 12:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.06.11 12:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.06.11 11:43:54 | 000,000,000 | ---D | C] -- C:\Users\Schwarzkopf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus
[2013.06.11 00:41:53 | 000,000,000 | ---D | C] -- C:\628e1ae67b04584f994b3f
[2013.06.05 12:46:47 | 000,000,000 | ---D | C] -- C:\0efff197f899bed11d9c39ee99907b
[2013.05.29 22:54:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.11 15:19:09 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.11 15:19:09 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.11 15:17:08 | 001,601,640 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.11 15:17:08 | 000,926,692 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.11 15:17:08 | 000,438,274 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.11 15:17:08 | 000,382,658 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.11 15:16:17 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.06.11 15:11:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.11 15:10:44 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.11 15:10:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.11 15:10:16 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.11 15:08:12 | 000,648,201 | ---- | M] () -- C:\Users\Schwarzkopf\Desktop\adwcleaner.exe
[2013.06.11 14:24:03 | 005,078,680 | R--- | M] (Swearware) -- C:\Users\Schwarzkopf\Desktop\ComboFix.exe
[2013.06.11 13:24:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Schwarzkopf\Desktop\OTL.exe
[2013.06.11 12:39:51 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.06.11 12:11:09 | 000,001,417 | ---- | M] () -- C:\Users\Schwarzkopf\Desktop\Internet Explorer.lnk
[2013.06.11 11:51:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.11 00:19:42 | 000,000,486 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Schwarzkopf.job
[2013.06.03 21:16:18 | 000,088,066 | ---- | M] () -- C:\Users\Schwarzkopf\Desktop\417259_244746778936699_269408118_n.jpg
[2013.05.17 00:01:17 | 000,750,566 | ---- | M] () -- C:\Users\Schwarzkopf\Desktop\rezepte.odt
[2013.05.16 23:48:41 | 000,030,310 | ---- | M] () -- C:\Users\Schwarzkopf\Desktop\wERaJr9IGkA.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.11 15:08:10 | 000,648,201 | ---- | C] () -- C:\Users\Schwarzkopf\Desktop\adwcleaner.exe
[2013.06.11 14:28:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.11 14:28:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.11 14:28:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.11 14:28:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.11 14:28:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.11 12:39:51 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.06.11 12:11:09 | 000,001,417 | ---- | C] () -- C:\Users\Schwarzkopf\Desktop\Internet Explorer.lnk
[2013.06.03 21:16:18 | 000,088,066 | ---- | C] () -- C:\Users\Schwarzkopf\Desktop\417259_244746778936699_269408118_n.jpg
[2013.05.16 23:48:33 | 000,030,310 | ---- | C] () -- C:\Users\Schwarzkopf\Desktop\wERaJr9IGkA.jpg
[2012.09.18 20:47:38 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2011.08.03 20:34:29 | 000,747,592 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011.08.03 20:34:29 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011.08.03 20:34:23 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011.04.05 09:46:34 | 000,000,017 | ---- | C] () -- C:\Users\Schwarzkopf\AppData\Local\resmon.resmoncfg
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.01.26 20:51:14 | 000,000,000 | ---D | M] -- C:\Users\Schwarzkopf\AppData\Roaming\ICQ
[2011.01.12 22:23:29 | 000,000,000 | ---D | M] -- C:\Users\Schwarzkopf\AppData\Roaming\Liteon
[2013.05.17 00:02:13 | 000,000,000 | ---D | M] -- C:\Users\Schwarzkopf\AppData\Roaming\SoftGrid Client
[2011.08.03 20:10:38 | 000,000,000 | ---D | M] -- C:\Users\Schwarzkopf\AppData\Roaming\TeamViewer
[2011.01.12 22:37:27 | 000,000,000 | ---D | M] -- C:\Users\Schwarzkopf\AppData\Roaming\TP
[2011.02.24 20:20:19 | 000,000,000 | ---D | M] -- C:\Users\Schwarzkopf\AppData\Roaming\uTorrent
[2011.11.16 04:06:26 | 000,000,000 | ---D | M] -- C:\Users\Schwarzkopf\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE}
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:5D7E5A8F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:CDFF58FE
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:93EB7685
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:798A3728
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:0B9176C0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E3C56885

< End of report >
         
--- --- ---

Alt 11.06.2013, 14:49   #8
aharonov
/// TB-Ausbilder
 
Problem... System Care Antivirus - Standard

Problem... System Care Antivirus



Hi,

ja wieder im normalen Modus arbeiten. Hab das vergessen dazuzuschreiben.
Wie läuft der Rechner? Alles ok?


Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:5D7E5A8F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:CDFF58FE
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:93EB7685
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:798A3728
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:0B9176C0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E3C56885
[2013.06.11 12:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.06.11 12:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.06.11 11:43:54 | 000,000,000 | ---D | C] -- C:\Users\Schwarzkopf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus

:commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread



Schritt 2

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




Schritt 3


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Schritt 4

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.



Schritt 5

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von MBAM
  • Log von ESET
  • Log von SecurityCheck
  • Log von OTL
__________________
cheers,
Leo

Alt 11.06.2013, 14:54   #9
Fuselchen
 
Problem... System Care Antivirus - Standard

Problem... System Care Antivirus



der Rechner läuft wieder gut, al ob nix passiert wär...

Werde die Schritte nachher ausführen, muss jetzt zur Arbeit. Ich danke dir schon mal für deine Zeit. Statt in der Sonne zu sitzen, musst du dich mit mir rumplagen vielen vielen Dank lg Olga

Alt 11.06.2013, 14:56   #10
aharonov
/// TB-Ausbilder
 
Problem... System Care Antivirus - Standard

Problem... System Care Antivirus



Ok, alles klar.
Sobald diese Logs da sind, schliessen wir die Sache ab.
__________________
cheers,
Leo

Alt 11.06.2013, 18:52   #11
Fuselchen
 
Problem... System Care Antivirus - Standard

Problem... System Care Antivirus



schritt 1

All processes killed
========== OTL ==========
ADS C:\ProgramData\TEMP:5D7E5A8F deleted successfully.
ADS C:\ProgramData\TEMP:CDFF58FE deleted successfully.
ADS C:\ProgramData\TEMP:93EB7685 deleted successfully.
ADS C:\ProgramData\TEMP:E36F5B57 deleted successfully.
ADS C:\ProgramData\TEMP:E1F04E8D deleted successfully.
ADS C:\ProgramData\TEMP:4D066AD2 deleted successfully.
ADS C:\ProgramData\TEMP:798A3728 deleted successfully.
ADS C:\ProgramData\TEMP:0B9176C0 deleted successfully.
ADS C:\ProgramData\TEMP:E3C56885 deleted successfully.
C:\Program Files\Enigma Software Group\SpyHunter\Log folder moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter folder moved successfully.
C:\Program Files\Enigma Software Group folder moved successfully.
C:\Program Files\Common Files\Wise Installation Wizard folder moved successfully.
C:\Users\Schwarzkopf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Schwarzkopf
->Temp folder emptied: 5861279 bytes
->Temporary Internet Files folder emptied: 157854679 bytes
->Java cache emptied: 2607786 bytes
->FireFox cache emptied: 122068596 bytes
->Google Chrome cache emptied: 10286308 bytes
->Flash cache emptied: 204840 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1500693 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 287,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06112013_194325

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.06.2013 15:17:42 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Schwarzkopf\Desktop
 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,09 Mb Total Physical Memory | 154,30 Mb Available Physical Memory | 15,23% Memory free
1,99 Gb Paging File | 0,94 Gb Available in Paging File | 47,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 150,36 Gb Total Space | 102,84 Gb Free Space | 68,40% Space Free | Partition Type: NTFS
Drive D: | 4,00 Gb Total Space | 0,00 Gb Free Space | 0,07% Space Free | Partition Type: FAT32
Drive E: | 58,59 Gb Total Space | 24,20 Gb Free Space | 41,29% Space Free | Partition Type: NTFS
Drive F: | 6,83 Gb Total Space | 6,74 Gb Free Space | 98,61% Space Free | Partition Type: NTFS
 
Computer Name: SCHWARZKOPF-PC | User Name: Schwarzkopf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.11 13:24:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Schwarzkopf\Desktop\OTL.exe
PRC - [2013.05.29 07:27:40 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe
PRC - [2013.04.15 20:32:44 | 000,597,560 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\update.exe
PRC - [2013.04.04 11:22:39 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.01.25 10:25:19 | 000,046,960 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\updrgui.exe
PRC - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.08.10 11:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\dsiwmis.exe
PRC - [2010.08.10 11:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LMworker.exe
PRC - [2010.07.21 03:53:50 | 000,492,096 | ---- | M] (Insyde Software Corp.) -- C:\Programme\Acer\Updater\iUpdate.exe
PRC - [2010.06.11 15:28:06 | 000,715,296 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2010.06.11 15:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2010.06.11 15:27:54 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2010.06.08 19:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.06.08 19:49:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.05.27 04:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010.03.11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec IPS\PmmUpdate.exe
PRC - [2010.03.11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec IPS\EgisUpdate.exe
PRC - [2010.02.09 20:57:46 | 000,704,032 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\AcerVCM.exe
PRC - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Registration\GREGsvc.exe
PRC - [2010.01.08 11:53:30 | 000,407,416 | ---- | M] (Insyde Software Corp.) -- C:\Programme\Acer\Android Manager\iSync.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.29 07:27:38 | 000,393,168 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\ppgooglenaclpluginchrome.dll
MOD - [2013.05.29 07:27:35 | 004,051,408 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\pdf.dll
MOD - [2013.05.29 07:26:40 | 000,599,504 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\libglesv2.dll
MOD - [2013.05.29 07:26:39 | 000,124,368 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\libegl.dll
MOD - [2013.05.29 07:26:36 | 001,597,392 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll
MOD - [2013.02.15 16:53:24 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll
MOD - [2013.01.13 17:23:21 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\688a9b0bfdffc236fee58a764d0c4442\IAStorUtil.ni.dll
MOD - [2013.01.12 11:53:36 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll
MOD - [2013.01.12 11:49:47 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
MOD - [2013.01.12 11:48:03 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll
MOD - [2013.01.12 11:47:27 | 005,452,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\0880ac36745e1f01eb7bcccf1638fa7d\System.Xml.ni.dll
MOD - [2013.01.12 11:47:14 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll
MOD - [2013.01.12 11:47:11 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
MOD - [2013.01.12 11:46:47 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.11.09 20:34:34 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.09 20:34:29 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.07.20 14:54:12 | 000,411,136 | ---- | M] () -- C:\Programme\Acer\Android Manager\DEU.dll
MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Programme\Launch Manager\CdDirIo.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.29 22:54:47 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.15 00:11:29 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.25 22:08:37 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Programme\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.06.11 15:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.06.08 19:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Programme\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.05.31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\Drivers\vmm.sys -- (vmm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\SCHWAR~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013.03.06 16:13:37 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.02.27 13:22:36 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.02.27 13:22:36 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011.10.01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011.10.01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011.10.01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011.10.01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011.05.06 14:30:00 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2011.05.06 14:29:50 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2010.08.24 11:55:52 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010.06.17 08:50:38 | 000,082,768 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2010.05.31 06:04:30 | 006,766,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2010.04.29 05:58:18 | 000,026,112 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\androidusb.sys -- (androidusb)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009.06.03 04:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2009.06.03 04:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009.06.03 04:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\..\SearchScopes\{66C5836D-DEFF-45BA-AFBB-707984009DAF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.12 23:12:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.12 23:12:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.29 22:54:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.29 22:54:35 | 000,000,000 | ---D | M]
 
[2011.01.12 23:19:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schwarzkopf\AppData\Roaming\mozilla\Extensions
[2012.10.23 22:03:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schwarzkopf\AppData\Roaming\mozilla\Firefox\Profiles\hemm06rf.default\extensions
[2013.05.29 22:54:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.29 22:54:49 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Users\Schwarzkopf\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Schwarzkopf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
 
O1 HOSTS File: ([2013.06.11 14:48:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AndroidManager] C:\Programme\Acer\Android Manager\AML.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [iPatchData] C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.)
O4 - HKLM..\Run: [iSyncData] C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A632C51-5B6F-4B06-9A89-072FBC954228}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B698268-35D3-4D38-987D-C9E625510D77}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.11 15:17:26 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.06.11 14:52:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.11 14:52:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.11 14:32:33 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.06.11 14:28:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.11 14:28:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.11 14:28:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.11 14:26:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.11 14:26:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.11 14:23:43 | 005,078,680 | R--- | C] (Swearware) -- C:\Users\Schwarzkopf\Desktop\ComboFix.exe
[2013.06.11 13:24:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Schwarzkopf\Desktop\OTL.exe
[2013.06.11 12:40:30 | 000,000,000 | ---D | C] -- C:\Users\Schwarzkopf\AppData\Roaming\Avira
[2013.06.11 12:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.06.11 12:39:36 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.06.11 12:39:33 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.06.11 12:39:33 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.06.11 12:39:33 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.06.11 12:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.06.11 12:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.06.11 12:37:44 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013.06.11 12:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.06.11 12:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.06.11 11:43:54 | 000,000,000 | ---D | C] -- C:\Users\Schwarzkopf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus
[2013.06.11 00:41:53 | 000,000,000 | ---D | C] -- C:\628e1ae67b04584f994b3f
[2013.06.05 12:46:47 | 000,000,000 | ---D | C] -- C:\0efff197f899bed11d9c39ee99907b
[2013.05.29 22:54:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.11 15:19:09 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.11 15:19:09 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.11 15:17:08 | 001,601,640 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.11 15:17:08 | 000,926,692 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.11 15:17:08 | 000,438,274 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.11 15:17:08 | 000,382,658 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.11 15:16:17 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.06.11 15:11:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.11 15:10:44 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.11 15:10:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.11 15:10:16 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.11 15:08:12 | 000,648,201 | ---- | M] () -- C:\Users\Schwarzkopf\Desktop\adwcleaner.exe
[2013.06.11 14:24:03 | 005,078,680 | R--- | M] (Swearware) -- C:\Users\Schwarzkopf\Desktop\ComboFix.exe
[2013.06.11 13:24:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Schwarzkopf\Desktop\OTL.exe
[2013.06.11 12:39:51 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.06.11 12:11:09 | 000,001,417 | ---- | M] () -- C:\Users\Schwarzkopf\Desktop\Internet Explorer.lnk
[2013.06.11 11:51:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.11 00:19:42 | 000,000,486 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Schwarzkopf.job
[2013.06.03 21:16:18 | 000,088,066 | ---- | M] () -- C:\Users\Schwarzkopf\Desktop\417259_244746778936699_269408118_n.jpg
[2013.05.17 00:01:17 | 000,750,566 | ---- | M] () -- C:\Users\Schwarzkopf\Desktop\rezepte.odt
[2013.05.16 23:48:41 | 000,030,310 | ---- | M] () -- C:\Users\Schwarzkopf\Desktop\wERaJr9IGkA.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.11 15:08:10 | 000,648,201 | ---- | C] () -- C:\Users\Schwarzkopf\Desktop\adwcleaner.exe
[2013.06.11 14:28:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.11 14:28:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.11 14:28:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.11 14:28:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.11 14:28:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.11 12:39:51 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.06.11 12:11:09 | 000,001,417 | ---- | C] () -- C:\Users\Schwarzkopf\Desktop\Internet Explorer.lnk
[2013.06.03 21:16:18 | 000,088,066 | ---- | C] () -- C:\Users\Schwarzkopf\Desktop\417259_244746778936699_269408118_n.jpg
[2013.05.16 23:48:33 | 000,030,310 | ---- | C] () -- C:\Users\Schwarzkopf\Desktop\wERaJr9IGkA.jpg
[2012.09.18 20:47:38 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2011.08.03 20:34:29 | 000,747,592 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011.08.03 20:34:29 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011.08.03 20:34:23 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011.04.05 09:46:34 | 000,000,017 | ---- | C] () -- C:\Users\Schwarzkopf\AppData\Local\resmon.resmoncfg
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.01.26 20:51:14 | 000,000,000 | ---D | M] -- C:\Users\Schwarzkopf\AppData\Roaming\ICQ
[2011.01.12 22:23:29 | 000,000,000 | ---D | M] -- C:\Users\Schwarzkopf\AppData\Roaming\Liteon
[2013.05.17 00:02:13 | 000,000,000 | ---D | M] -- C:\Users\Schwarzkopf\AppData\Roaming\SoftGrid Client
[2011.08.03 20:10:38 | 000,000,000 | ---D | M] -- C:\Users\Schwarzkopf\AppData\Roaming\TeamViewer
[2011.01.12 22:37:27 | 000,000,000 | ---D | M] -- C:\Users\Schwarzkopf\AppData\Roaming\TP
[2011.02.24 20:20:19 | 000,000,000 | ---D | M] -- C:\Users\Schwarzkopf\AppData\Roaming\uTorrent
[2011.11.16 04:06:26 | 000,000,000 | ---D | M] -- C:\Users\Schwarzkopf\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE}
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:5D7E5A8F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:CDFF58FE
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:93EB7685
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:798A3728
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:0B9176C0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E3C56885

< End of report >
         
--- --- ---


Schritt 2

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.11.05

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
[Administrator]

11.06.2013 19:59:41
mbam-log-2013-06-11 (19-59-41).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 202861
Laufzeit: 16 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Geändert von Fuselchen (11.06.2013 um 19:19 Uhr)

Alt 11.06.2013, 21:03   #12
aharonov
/// TB-Ausbilder
 
Problem... System Care Antivirus - Standard

Problem... System Care Antivirus



Ok soweit. Der ESET-Scan könnte etwas länger dauern.
__________________
cheers,
Leo

Alt 11.06.2013, 22:16   #13
Fuselchen
 
Problem... System Care Antivirus - Standard

Problem... System Care Antivirus



über 2 Std hats gedauert ... Aber jetzt

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4bbdf838b99bd241a53fc4ae6d69a3d9
# engine=14051
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-11 09:08:16
# local_time=2013-06-11 11:08:16 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1799 16775165 100 97 28319 236408186 21001 0
# compatibility_mode=5893 16776574 100 94 37707 122616087 0 0
# scanned=125714
# found=0
# cleaned=0
# scan_time=9812


schritt 4

Results of screen317's Security Check version 0.99.64
Windows 7 x86 (UAC is enabled)
Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
Java 7 Update 17
Java version out of Date!
Adobe Flash Player 11.7.700.202
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (21.0)
Google Chrome 27.0.1453.110
Google Chrome 27.0.1453.94
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````




schritt 5

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.06.2013 23:26:44 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Schwarzkopf\Desktop
 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,09 Mb Total Physical Memory | 261,54 Mb Available Physical Memory | 25,82% Memory free
1,99 Gb Paging File | 0,84 Gb Available in Paging File | 42,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 150,36 Gb Total Space | 102,94 Gb Free Space | 68,46% Space Free | Partition Type: NTFS
Drive D: | 4,00 Gb Total Space | 0,00 Gb Free Space | 0,07% Space Free | Partition Type: FAT32
Drive E: | 58,59 Gb Total Space | 24,20 Gb Free Space | 41,29% Space Free | Partition Type: NTFS
Drive F: | 6,83 Gb Total Space | 6,74 Gb Free Space | 98,61% Space Free | Partition Type: NTFS
 
Computer Name: SCHWARZKOPF-PC | User Name: Schwarzkopf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.11 13:24:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Schwarzkopf\Desktop\OTL.exe
PRC - [2013.05.29 07:27:40 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe
PRC - [2013.04.04 11:22:39 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.06 16:13:38 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.08.10 11:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\dsiwmis.exe
PRC - [2010.08.10 11:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LMworker.exe
PRC - [2010.07.21 03:53:50 | 000,492,096 | ---- | M] (Insyde Software Corp.) -- C:\Programme\Acer\Updater\iUpdate.exe
PRC - [2010.06.11 15:28:06 | 000,715,296 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2010.06.11 15:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2010.06.11 15:27:54 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2010.06.08 19:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.06.08 19:49:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.05.27 04:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010.03.11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec IPS\PmmUpdate.exe
PRC - [2010.03.11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec IPS\EgisUpdate.exe
PRC - [2010.02.09 20:57:46 | 000,704,032 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\AcerVCM.exe
PRC - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Registration\GREGsvc.exe
PRC - [2010.01.08 11:53:30 | 000,407,416 | ---- | M] (Insyde Software Corp.) -- C:\Programme\Acer\Android Manager\iSync.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.29 07:27:38 | 000,393,168 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\ppgooglenaclpluginchrome.dll
MOD - [2013.05.29 07:27:35 | 004,051,408 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\pdf.dll
MOD - [2013.05.29 07:26:40 | 000,599,504 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\libglesv2.dll
MOD - [2013.05.29 07:26:39 | 000,124,368 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\libegl.dll
MOD - [2013.05.29 07:26:36 | 001,597,392 | ---- | M] () -- C:\Programme\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll
MOD - [2013.02.15 16:53:24 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll
MOD - [2013.01.13 17:23:21 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\688a9b0bfdffc236fee58a764d0c4442\IAStorUtil.ni.dll
MOD - [2013.01.12 11:53:36 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll
MOD - [2013.01.12 11:49:47 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
MOD - [2013.01.12 11:48:03 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll
MOD - [2013.01.12 11:47:27 | 005,452,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\0880ac36745e1f01eb7bcccf1638fa7d\System.Xml.ni.dll
MOD - [2013.01.12 11:47:14 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll
MOD - [2013.01.12 11:47:11 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
MOD - [2013.01.12 11:46:47 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.11.09 20:34:34 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.07.20 14:54:12 | 000,411,136 | ---- | M] () -- C:\Programme\Acer\Android Manager\DEU.dll
MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Programme\Launch Manager\CdDirIo.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.29 22:54:47 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.15 00:11:29 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.25 22:08:37 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Programme\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.06.11 15:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.06.08 19:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Programme\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.05.31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\Drivers\vmm.sys -- (vmm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\SCHWAR~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013.03.06 16:13:37 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.02.27 13:22:36 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.02.27 13:22:36 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011.10.01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011.10.01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011.10.01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011.10.01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011.05.06 14:30:00 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2011.05.06 14:29:50 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2010.08.24 11:55:52 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010.06.17 08:50:38 | 000,082,768 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2010.05.31 06:04:30 | 006,766,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2010.04.29 05:58:18 | 000,026,112 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\androidusb.sys -- (androidusb)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009.06.03 04:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2009.06.03 04:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009.06.03 04:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\..\SearchScopes\{66C5836D-DEFF-45BA-AFBB-707984009DAF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.12 23:12:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.12 23:12:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.29 22:54:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.29 22:54:35 | 000,000,000 | ---D | M]
 
[2011.01.12 23:19:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schwarzkopf\AppData\Roaming\mozilla\Extensions
[2012.10.23 22:03:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schwarzkopf\AppData\Roaming\mozilla\Firefox\Profiles\hemm06rf.default\extensions
[2013.05.29 22:54:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.29 22:54:49 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Users\Schwarzkopf\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Schwarzkopf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
 
O1 HOSTS File: ([2013.06.11 14:48:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AndroidManager] C:\Programme\Acer\Android Manager\AML.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [iPatchData] C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.)
O4 - HKLM..\Run: [iSyncData] C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1538815386-1360257484-1440407808-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A632C51-5B6F-4B06-9A89-072FBC954228}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B698268-35D3-4D38-987D-C9E625510D77}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.11 19:58:06 | 000,000,000 | ---D | C] -- C:\Users\Schwarzkopf\AppData\Roaming\Malwarebytes
[2013.06.11 19:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.11 19:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.11 19:57:46 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.06.11 19:57:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.06.11 19:57:18 | 000,000,000 | ---D | C] -- C:\Users\Schwarzkopf\AppData\Local\Programs
[2013.06.11 19:43:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.06.11 15:57:23 | 000,000,000 | ---D | C] -- C:\9189bb0513c147d1e6de
[2013.06.11 15:17:26 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.06.11 14:52:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.11 14:52:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.11 14:32:33 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.06.11 14:28:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.11 14:28:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.11 14:28:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.11 14:26:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.11 14:26:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.11 14:23:43 | 005,078,680 | R--- | C] (Swearware) -- C:\Users\Schwarzkopf\Desktop\ComboFix.exe
[2013.06.11 13:24:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Schwarzkopf\Desktop\OTL.exe
[2013.06.11 12:40:30 | 000,000,000 | ---D | C] -- C:\Users\Schwarzkopf\AppData\Roaming\Avira
[2013.06.11 12:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.06.11 12:39:36 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.06.11 12:39:33 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.06.11 12:39:33 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.06.11 12:39:33 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.06.11 12:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.06.11 12:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.06.11 12:37:44 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013.06.11 00:41:53 | 000,000,000 | ---D | C] -- C:\628e1ae67b04584f994b3f
[2013.06.05 12:46:47 | 000,000,000 | ---D | C] -- C:\0efff197f899bed11d9c39ee99907b
[2013.05.29 22:54:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.11 23:19:42 | 000,890,839 | ---- | M] () -- C:\Users\Schwarzkopf\Desktop\SecurityCheck.exe
[2013.06.11 23:11:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.11 22:51:04 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.11 21:51:16 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.11 19:57:53 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.11 19:55:06 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.11 19:55:06 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.11 19:47:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.11 19:46:51 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.11 19:40:57 | 001,616,432 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.11 19:40:57 | 000,931,154 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.11 19:40:57 | 000,443,010 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.11 19:40:57 | 000,386,928 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.11 15:16:17 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.06.11 15:08:12 | 000,648,201 | ---- | M] () -- C:\Users\Schwarzkopf\Desktop\adwcleaner.exe
[2013.06.11 14:24:03 | 005,078,680 | R--- | M] (Swearware) -- C:\Users\Schwarzkopf\Desktop\ComboFix.exe
[2013.06.11 13:24:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Schwarzkopf\Desktop\OTL.exe
[2013.06.11 12:39:51 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.06.11 12:11:09 | 000,001,417 | ---- | M] () -- C:\Users\Schwarzkopf\Desktop\Internet Explorer.lnk
[2013.06.11 00:19:42 | 000,000,486 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Schwarzkopf.job
[2013.06.03 21:16:18 | 000,088,066 | ---- | M] () -- C:\Users\Schwarzkopf\Desktop\417259_244746778936699_269408118_n.jpg
[2013.05.17 00:01:17 | 000,750,566 | ---- | M] () -- C:\Users\Schwarzkopf\Desktop\rezepte.odt
[2013.05.16 23:48:41 | 000,030,310 | ---- | M] () -- C:\Users\Schwarzkopf\Desktop\wERaJr9IGkA.jpg
 
========== Files Created - No Company Name ==========
 
[2013.06.11 23:19:40 | 000,890,839 | ---- | C] () -- C:\Users\Schwarzkopf\Desktop\SecurityCheck.exe
[2013.06.11 19:57:53 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.11 15:08:10 | 000,648,201 | ---- | C] () -- C:\Users\Schwarzkopf\Desktop\adwcleaner.exe
[2013.06.11 14:28:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.11 14:28:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.11 14:28:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.11 14:28:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.11 14:28:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.11 12:39:51 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.06.11 12:11:09 | 000,001,417 | ---- | C] () -- C:\Users\Schwarzkopf\Desktop\Internet Explorer.lnk
[2013.06.03 21:16:18 | 000,088,066 | ---- | C] () -- C:\Users\Schwarzkopf\Desktop\417259_244746778936699_269408118_n.jpg
[2013.05.16 23:48:33 | 000,030,310 | ---- | C] () -- C:\Users\Schwarzkopf\Desktop\wERaJr9IGkA.jpg
[2012.09.18 20:47:38 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2011.08.03 20:34:29 | 000,747,592 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011.08.03 20:34:29 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011.08.03 20:34:23 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011.04.05 09:46:34 | 000,000,017 | ---- | C] () -- C:\Users\Schwarzkopf\AppData\Local\resmon.resmoncfg
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.01.26 20:51:14 | 000,000,000 | ---D | M] -- C:\Users\Schwarzkopf\AppData\Roaming\ICQ
[2011.01.12 22:23:29 | 000,000,000 | ---D | M] -- C:\Users\Schwarzkopf\AppData\Roaming\Liteon
[2013.05.17 00:02:13 | 000,000,000 | ---D | M] -- C:\Users\Schwarzkopf\AppData\Roaming\SoftGrid Client
[2011.08.03 20:10:38 | 000,000,000 | ---D | M] -- C:\Users\Schwarzkopf\AppData\Roaming\TeamViewer
[2011.01.12 22:37:27 | 000,000,000 | ---D | M] -- C:\Users\Schwarzkopf\AppData\Roaming\TP
[2011.02.24 20:20:19 | 000,000,000 | ---D | M] -- C:\Users\Schwarzkopf\AppData\Roaming\uTorrent
[2011.11.16 04:06:26 | 000,000,000 | ---D | M] -- C:\Users\Schwarzkopf\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE}
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Geändert von Fuselchen (11.06.2013 um 22:46 Uhr)

Alt 11.06.2013, 22:51   #14
aharonov
/// TB-Ausbilder
 
Problem... System Care Antivirus - Standard

Problem... System Care Antivirus



Sieht schon besser aus.
Aber da fehlt bei dir unter anderem noch das Service Pack. Das ist nicht so gut..


Schritt 1
  • Gehe bitte zu Start --> Alle Programme --> Windows Update.
  • Klicke dann links auf Nach Updates suchen und warte, bis die Suche beendet ist.
  • Drücke dann auf Updates installieren.
  • Starte nach Beendigung der Installation den Rechner neu auf.
  • Wiederhole diese Schritte, bis keine neuen Updates mehr verfügbar sind.



Schritt 2

Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware zur Infizierung per Drive-by Download missbraucht werden können.

Die aktuelle Version ist Java 7 Update 21.
  • Gehe zu
    Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Win 7)
    Start --> Systemsteuerung --> Software (bei Win XP)
    und deinstalliere alle älteren Java-Versionen.
In wenigen Fällen wird Java wirklich benötigt. Auch werden immer wieder neue, noch nicht geschlossene Sicherheitslücken ausgenutzt.
Überleg dir also, ob du eine Java-Installation wirklich brauchst.
Falls du Java weiterhin verwenden möchtest, dann:
  • Lade dir die neueste Java-Version herunter.
  • Schliesse alle laufenden Programme, speziell den Browser.
  • Starte die heruntergeladene jxpiinstall.exe und folge den Anweisungen.
  • Entferne während der Installation den Haken bei "Installieren Sie die Ask-Toolbar ...".



Schritt 3

Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:
  • Deinstalliere bitte deine aktuelle Version von Adobe Reader über
    Start --> Systemsteuerung --> Software (bei Windows XP)
    Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Windows 7)
  • Besuche diese Seite von Adobe.
  • Entferne gegebenenfalls den Haken bei McAfee Security Scan bzw. Google Chrome.
  • Drücke auf Jetzt herunterladen und installiere die neuste Version.

Überprüfe dann mit diesem Plugin-Check (mit dem Firefox hier), ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls.



Schritt 4
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.



Bitte poste in deiner nächsten Antwort:
  • Log von SecurityCheck
__________________
cheers,
Leo

Alt 11.06.2013, 23:48   #15
Fuselchen
 
Problem... System Care Antivirus - Standard

Problem... System Care Antivirus



Schritt 1
Beim Update zeigt es mir immer einen Fehlercode an.

Fehlerdetails: C0000135
Instalationsstatus: fehlgeschlagen

Antwort

Themen zu Problem... System Care Antivirus
angezeigt, antivirus, avira, bedrohungen, entferne, entfernen, erkannt, erkenn, erkennt, free, gesperrt, helfer, helft, inter, interne, internet, liebe, programm, rechtsklick, schonmal, spyhunter, system, system care, virenprogramm, virus, wirklich



Ähnliche Themen: Problem... System Care Antivirus


  1. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 16.12.2013 (22)
  2. System Care Antivirus
    Log-Analyse und Auswertung - 04.09.2013 (5)
  3. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 25.08.2013 (4)
  4. System Care Antivirus was tun?
    Plagegeister aller Art und deren Bekämpfung - 09.08.2013 (3)
  5. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 06.08.2013 (25)
  6. System Care Antivirus auf PC
    Plagegeister aller Art und deren Bekämpfung - 20.07.2013 (10)
  7. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 05.07.2013 (15)
  8. System Care Antivirus
    Log-Analyse und Auswertung - 25.06.2013 (33)
  9. System Care Antivirus
    Log-Analyse und Auswertung - 23.06.2013 (9)
  10. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 23.06.2013 (21)
  11. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (70)
  12. System Care Antivirus-OTL Log
    Log-Analyse und Auswertung - 31.05.2013 (15)
  13. System Care Antivirus Problem
    Log-Analyse und Auswertung - 09.05.2013 (11)
  14. System Care Antivirus Win XP
    Plagegeister aller Art und deren Bekämpfung - 03.05.2013 (11)
  15. System Care Antivirus Win XP
    Mülltonne - 01.05.2013 (1)
  16. System Care Antivirus
    Plagegeister aller Art und deren Bekämpfung - 19.04.2013 (1)

Zum Thema Problem... System Care Antivirus - Liebe Helfer, ich habe mir den Virus "System Care Antivirus" eingefangen. Mein Virenprogramm (Avira Free) hat es nicht als Virus erkannt, ich habe es dann aber mit Rechtsklick gelöscht. Danach - Problem... System Care Antivirus...
Archiv
Du betrachtest: Problem... System Care Antivirus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.