Spyhunter 4 wegen "System care Antivirus" runtergeladen wie werde ich es wieder los
Hallo erstmal :) also ich bin eins von den doofen die sich spyhunter 4 runtergelden hat um "System care Antivirus" los zu werden....was natürlich ein riesen fehler war :( Nun brauche ich hilfe um es zu deinstallieren und meinen Lap Top wieder sauber zu bekommen! Ich habe meinen Laptop mit OTL.exe gescant und poste hier nun die beiden logfieles: Code:
OTL logfile created on: 10.05.2013 01:21:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\DLOAD
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,98 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 47,94% Memory free
3,97 Gb Paging File | 2,46 Gb Available in Paging File | 62,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,69 Gb Total Space | 73,96 Gb Free Space | 66,22% Space Free | Partition Type: NTFS
Computer Name: BARBARA-PC | User Name: Barabara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\DLOAD\OTL.exe (OldTimer Tools)
PRC - C:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Guard-ICQ\GuardICQ.exe ()
PRC - C:\Programme\Broadcom\Broadcom 802.11\WLTRAY.EXE (Broadcom Corporation)
PRC - C:\Programme\Broadcom\Broadcom 802.11\BCMWLTRY.EXE (Broadcom Corporation)
PRC - C:\Programme\Broadcom\Broadcom 802.11\WLTRYSVC.EXE ()
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Programme\Guard-ICQ\GuardICQ.exe ()
MOD - C:\OpenOffice.org 3\program\libxml2.dll ()
========== Services (SafeList) ==========
SRV - (MBAMService) -- C:\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (Guard.Mail.ru) -- C:\Programme\Guard-ICQ\GuardICQ.exe ()
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (wltrysvc) -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE ()
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
========== Driver Services (SafeList) ==========
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (SSHDRV86) -- C:\Windows\System32\drivers\SSHDRV86.sys ()
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={471E3FD2-4EBB-11E2-96D0-001E3705ADBB}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-911559959-953966608-761051852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={471E3FD2-4EBB-11E2-96D0-001E3705ADBB}
IE - HKU\S-1-5-21-911559959-953966608-761051852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-911559959-953966608-761051852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-911559959-953966608-761051852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 43 5A 90 3C 0D 94 CC 01 [binary data]
IE - HKU\S-1-5-21-911559959-953966608-761051852-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-911559959-953966608-761051852-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-911559959-953966608-761051852-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-911559959-953966608-761051852-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-911559959-953966608-761051852-1000\..\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3}: "URL" = hxxp://search.yahoo.com/search?ei=utf-8&fr=chr-vmn&type=photopos2_0yach&q={searchTerms}
IE - HKU\S-1-5-21-911559959-953966608-761051852-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-911559959-953966608-761051852-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={471E3FD2-4EBB-11E2-96D0-001E3705ADBB}
IE - HKU\S-1-5-21-911559959-953966608-761051852-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7BEEE6C361-6118-11DC-9C72-001320C79847%7D:1.9.0.0
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Barabara\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.11.06 12:38:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.11.06 12:38:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Mozilla Firefox\components [2013.04.12 22:29:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Mozilla Firefox\components [2013.04.12 22:29:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Mozilla Firefox\plugins
[2011.10.26 20:33:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barabara\AppData\Roaming\mozilla\Extensions
[2013.04.22 13:15:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barabara\AppData\Roaming\mozilla\Firefox\Profiles\45awupuh.default\extensions
[2012.12.13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Barabara\AppData\Roaming\mozilla\firefox\profiles\45awupuh.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2013.04.22 13:15:42 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\Barabara\AppData\Roaming\mozilla\firefox\profiles\45awupuh.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.01.07 12:53:00 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\Barabara\AppData\Roaming\mozilla\firefox\profiles\45awupuh.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2012.12.25 19:48:34 | 000,003,915 | ---- | M] () -- C:\Users\Barabara\AppData\Roaming\mozilla\firefox\profiles\45awupuh.default\searchplugins\sweetim.xml
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Programme\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (PhotoPos Toolbar) - {5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8} - C:\Program Files\PhotoposComTbr\PhotoposComTbrLib.dll File not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (PhotoPos Toolbar) - {5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8} - C:\Program Files\PhotoposComTbr\PhotoposComTbrLib.dll File not found
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-911559959-953966608-761051852-1000\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Broadcom\Broadcom 802.11\WLTRAY.EXE (Broadcom Corporation)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files\Guard-ICQ\GuardICQ.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKU\S-1-5-21-911559959-953966608-761051852-1000..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-911559959-953966608-761051852-1000..\Run: [Facebook Update] C:\Users\Barabara\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-911559959-953966608-761051852-1000..\Run: [Poqexec] C:\Users\Barabara\AppData\Local\Facebook\poqexec.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Barabara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\ICQ7.7\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DE2E367-DDC8-42BF-BF78-2939B6C9DF02}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.10 00:28:27 | 000,000,000 | ---D | C] -- C:\Users\Barabara\AppData\Local\Programs
[2013.05.10 00:27:30 | 000,000,000 | ---D | C] -- C:\Users\Barabara\AppData\Roaming\Malwarebytes
[2013.05.10 00:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.10 00:27:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.10 00:27:24 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.05.10 00:27:24 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2013.05.10 00:11:48 | 000,000,000 | ---D | C] -- C:\Users\Barabara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.05.09 23:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.05.09 23:29:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.05.09 22:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\DCE3077C58783AC50000DCE22AA040D8
[2013.05.08 18:43:08 | 000,000,000 | ---D | C] -- C:\Users\Barabara\Desktop\Vatertag
[2013.05.01 20:41:54 | 000,000,000 | ---D | C] -- C:\Users\Barabara\Desktop\101MSDCF
[2013.04.11 00:53:28 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.11 00:53:26 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.04.11 00:53:26 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.11 00:53:26 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.04.11 00:53:26 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.11 00:53:25 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.11 00:53:25 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.04.11 00:53:25 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.04.11 00:53:25 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.04.11 00:53:25 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.04.10 11:28:58 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.04.10 11:28:56 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.10 11:28:56 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.10 11:28:56 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.10 11:28:51 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013.04.10 11:28:51 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
========== Files - Modified Within 30 Days ==========
[2013.05.10 00:55:01 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2013.05.10 00:46:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.10 00:41:25 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2013.05.10 00:41:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.10 00:40:52 | 1597,480,960 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.10 00:40:02 | 000,024,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.10 00:40:01 | 000,024,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.10 00:38:04 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-911559959-953966608-761051852-1000UA.job
[2013.05.10 00:28:45 | 000,000,708 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.05.09 23:30:17 | 000,002,244 | ---- | M] () -- C:\Users\Barabara\Desktop\SpyHunter.lnk
[2013.05.09 18:38:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-911559959-953966608-761051852-1000Core.job
[2013.05.09 10:53:58 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.09 10:53:58 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.09 10:53:58 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.09 10:53:58 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.06 13:37:36 | 000,195,771 | ---- | M] () -- C:\Users\Barabara\Desktop\MinaWurfbeschriftete.JPG
[2013.05.06 01:11:16 | 000,187,367 | ---- | M] () -- C:\Users\Barabara\Desktop\katzewillmichtöten.jpg
[2013.05.05 18:01:58 | 000,200,826 | ---- | M] () -- C:\Users\Barabara\Desktop\MinaWurf.JPG
[2013.05.02 20:24:21 | 000,003,938 | ---- | M] () -- C:\Users\Barabara\.recently-used.xbel
[2013.05.02 20:23:48 | 001,924,361 | ---- | M] () -- C:\Users\Barabara\Desktop\DSC03751.JPG
[2013.04.27 10:34:29 | 000,013,061 | ---- | M] () -- C:\Users\Barabara\Desktop\kündigungWohnung.odt
[2013.04.22 14:44:11 | 000,133,139 | ---- | M] () -- C:\Users\Barabara\Desktop\meenew.JPG
[2013.04.15 15:47:08 | 000,186,505 | ---- | M] () -- C:\Users\Barabara\Desktop\LOrammler2.JPG
[2013.04.11 08:02:35 | 000,313,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2013.05.10 00:27:26 | 000,000,708 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.05.09 23:30:17 | 000,002,244 | ---- | C] () -- C:\Users\Barabara\Desktop\SpyHunter.lnk
[2013.05.06 13:37:36 | 000,195,771 | ---- | C] () -- C:\Users\Barabara\Desktop\MinaWurfbeschriftete.JPG
[2013.05.06 01:11:10 | 000,187,367 | ---- | C] () -- C:\Users\Barabara\Desktop\katzewillmichtöten.jpg
[2013.05.05 18:10:16 | 001,924,361 | ---- | C] () -- C:\Users\Barabara\Desktop\DSC03751.JPG
[2013.05.05 18:01:58 | 000,200,826 | ---- | C] () -- C:\Users\Barabara\Desktop\MinaWurf.JPG
[2013.05.02 20:24:21 | 000,003,938 | ---- | C] () -- C:\Users\Barabara\.recently-used.xbel
[2013.04.27 10:34:27 | 000,013,061 | ---- | C] () -- C:\Users\Barabara\Desktop\kündigungWohnung.odt
[2013.04.22 13:56:34 | 000,133,139 | ---- | C] () -- C:\Users\Barabara\Desktop\meenew.JPG
[2013.04.15 15:47:08 | 000,186,505 | ---- | C] () -- C:\Users\Barabara\Desktop\LOrammler2.JPG
[2013.01.12 12:58:40 | 000,076,475 | ---- | C] () -- C:\Users\Barabara\ESt2012_Schuster_Frederik.elfo
[2012.06.22 11:01:32 | 000,019,984 | ---- | C] () -- C:\Windows\System32\ESGScanner.sys
[2012.06.05 14:59:24 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.02.02 11:18:39 | 000,081,408 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV86.sys
[2011.10.26 21:51:18 | 000,000,132 | ---- | C] () -- C:\Windows\KTEL.INI
[2011.10.26 17:42:57 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2011.10.26 17:36:04 | 001,724,416 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll
[2011.10.26 17:36:04 | 001,657,376 | ---- | C] () -- C:\Windows\System32\nwiz.exe
[2011.10.26 17:36:04 | 001,507,328 | ---- | C] () -- C:\Windows\System32\nView.dll
[2011.10.26 17:36:04 | 001,101,824 | ---- | C] () -- C:\Windows\System32\nvwimg.dll
[2011.10.26 17:36:04 | 000,466,944 | ---- | C] () -- C:\Windows\System32\nvShell.dll
[2011.10.26 17:36:04 | 000,449,056 | ---- | C] () -- C:\Windows\System32\nvAppBar.exe
[2011.10.26 17:36:04 | 000,267,296 | ---- | C] () -- C:\Windows\System32\nvTaskbar.exe
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013.03.16 20:17:54 | 000,000,000 | ---D | M] -- C:\Users\Barabara\AppData\Roaming\CCS64
[2012.09.28 11:20:27 | 000,000,000 | ---D | M] -- C:\Users\Barabara\AppData\Roaming\Downloaded Installations
[2013.01.10 16:38:22 | 000,000,000 | ---D | M] -- C:\Users\Barabara\AppData\Roaming\elsterformular
[2011.10.26 17:31:57 | 000,000,000 | ---D | M] -- C:\Users\Barabara\AppData\Roaming\GHISLER
[2013.04.22 14:31:15 | 000,000,000 | ---D | M] -- C:\Users\Barabara\AppData\Roaming\gtk-2.0
[2013.05.04 00:03:23 | 000,000,000 | ---D | M] -- C:\Users\Barabara\AppData\Roaming\ICQ
[2012.03.19 23:42:39 | 000,000,000 | ---D | M] -- C:\Users\Barabara\AppData\Roaming\ICQ Search
[2011.10.26 21:52:53 | 000,000,000 | ---D | M] -- C:\Users\Barabara\AppData\Roaming\klickTel
[2012.09.28 19:17:35 | 000,000,000 | ---D | M] -- C:\Users\Barabara\AppData\Roaming\Nitro PDF
[2011.10.27 11:41:35 | 000,000,000 | ---D | M] -- C:\Users\Barabara\AppData\Roaming\OpenOffice.org
[2011.11.01 18:09:19 | 000,000,000 | ---D | M] -- C:\Users\Barabara\AppData\Roaming\Photopos
[2012.08.31 00:18:18 | 000,000,000 | ---D | M] -- C:\Users\Barabara\AppData\Roaming\PhotoScape
[2011.10.26 21:40:23 | 000,000,000 | ---D | M] -- C:\Users\Barabara\AppData\Roaming\URSoft
[2011.12.10 07:08:02 | 000,000,000 | ---D | M] -- C:\Users\Barabara\AppData\Roaming\Visan
[2013.05.08 18:42:46 | 000,000,000 | ---D | M] -- C:\Users\Barabara\AppData\Roaming\Webocton - Scriptly
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:1CE11B51
< End of report >
Code:
OTL Extras logfile created on: 10.05.2013 01:21:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\DLOAD
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,98 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 47,94% Memory free
3,97 Gb Paging File | 2,46 Gb Available in Paging File | 62,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,69 Gb Total Space | 73,96 Gb Free Space | 66,22% Space Free | Partition Type: NTFS
Computer Name: BARBARA-PC | User Name: Barabara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-911559959-953966608-761051852-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000BB7A4-C1FC-483C-BFFB-2AF4D015EA23}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{07CB539E-7A35-45CD-BDC2-C894DB8500B2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{189DD414-1FC9-4088-82AE-30FDE8953809}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3233CAAA-146A-4805-A2F0-3B25D916F2CB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{32C6D1F5-8F73-495A-8B1F-01AF1746C97C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3BF23732-1B51-4D66-A6CA-3F187A3E9585}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{45E53659-BF31-4085-966F-AF7E404EC7A4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{49BD0E4F-8518-40A5-AA5B-CFC854651FFF}" = lport=445 | protocol=6 | dir=in | app=system |
"{4C9CDE31-BA47-4143-89D3-662BBD27E31F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6238C907-B8D4-4969-A122-846F53A2227B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{64A483C3-6AFD-4ABC-B788-668AEBA51990}" = rport=2869 | protocol=6 | dir=out | app=system |
"{6606E270-F21F-4279-8EFF-1F234E1CD1F4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6C70F0AF-AC6F-4BFF-934C-B447AB6F831A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{77B408C3-3719-405F-82B8-D0D1ECCC61A0}" = lport=138 | protocol=17 | dir=in | app=system |
"{7C1F1ECF-EFB9-407C-9B7A-3561D08E2683}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7C5FE83C-B91B-4CE5-8241-24E5086D6CD5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{84AAA9FF-4FC4-49D1-96B0-C837A44010D3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8B061C4A-E517-4818-A653-FC03D04BE48A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{971C0746-5863-4A07-AF47-F4B1CE1A3635}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{98BBFDCD-6B0B-4419-8D56-30D08FE88299}" = rport=445 | protocol=6 | dir=out | app=system |
"{9FF64E66-F6AD-4956-A148-2378E82C59A9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A0DADEEC-093B-46F7-8D2C-9B117DE4A51E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AB4FA859-104C-4FD1-9635-5C36968E6DAB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{ADE3FF9E-CDFB-476F-8078-5EA993C124EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B1924FD8-825D-49B6-894D-69B98F76ABDC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BA83B152-A238-4A1F-B4E9-5AC6A89420A6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BF4A2FD8-9ECA-4A6F-8924-E18E1C37D1F0}" = lport=137 | protocol=17 | dir=in | app=system |
"{C71F4E64-DF1D-4C2E-8B5D-071A029AB295}" = rport=137 | protocol=17 | dir=out | app=system |
"{CE3B55AB-691D-483C-8D19-C74F123A4C2F}" = lport=139 | protocol=6 | dir=in | app=system |
"{D8492970-CF5D-4708-B03D-F25118383565}" = rport=139 | protocol=6 | dir=out | app=system |
"{DAE5D382-52C2-46BC-BA35-3E028C72504C}" = rport=138 | protocol=17 | dir=out | app=system |
"{DF61CF9F-416F-4704-ABB2-F87BC57A73A0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E02E8471-E554-4253-9A52-D30D33261A11}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E32B03FE-A03E-4FC0-B0D9-51013F9F7242}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E6B5382C-F502-4649-BA05-1251CE605B2E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F7A87142-D866-4268-B248-AA069CD53441}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F89D9FBC-FEED-488F-9593-F5184F5B0B31}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FCEC6766-55F8-4CF7-8A39-281E41348898}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FD3AD774-90CD-437C-94A9-E52E52C3F75E}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07EDCD79-9FEA-44B8-8E68-7624BC9E0937}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{08BE35E9-90AE-436B-B0EC-59DD2A1AED13}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0AC6DE00-C1D5-46B5-84EE-3F1409377898}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0DC98C18-7210-4F1F-91CC-DF5F1A5E8150}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{122B7433-DC09-44FC-84E4-8CDDEC21BC62}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1C32088F-53FF-4263-9964-70E468E1F0FB}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{20AD03D2-7858-40AF-960B-A9A991399AC5}" = protocol=6 | dir=in | app=c:\icq7.7\icq.exe |
"{254B27F9-0B98-432E-9ED6-5D72F582EB42}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{40F0F64A-DF90-4D1B-9F27-692CC6937EE0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{428518BC-66DD-4BE0-B408-AEF47CAF0C76}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{48730D9F-2E33-4B2B-A4AC-0694D9640D6E}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{4B0AB78B-CF94-4758-BC18-46B69FAA0BEA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4C19D6E1-5506-4A87-A6C1-7AF921B1128C}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{71BE8F2B-0D7F-48B6-9DFD-1A8CC4F70A44}" = dir=in | app=c:\users\barabara\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{785F940B-B032-4548-92DB-7D93150241CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{87727156-F603-4E9B-9337-A14B9CCE9CCC}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{920ED720-EDFD-4346-9EE1-29613D43AEF6}" = protocol=17 | dir=in | app=c:\icq7.7\icq.exe |
"{9405A739-DCC5-4E94-80BC-6992893532D7}" = protocol=17 | dir=in | app=c:\icq7.7\icq.exe |
"{957E74BD-452D-44B9-A3DD-3FCD3D821DF0}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A4FD273A-E04A-4515-BAAA-9215FE1D557C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B2C31C05-32BE-4A6E-8068-2A79E7095A7C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BACC0D6D-560C-4BA4-99C3-EBAD2260C640}" = protocol=6 | dir=in | app=c:\icq7.7\icq.exe |
"{C57D4A6B-D5C1-4D2F-AA12-C5C204EC844A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C70BB8B0-7EF3-451F-AEE3-4C10ACE74860}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CB9EFBB6-FFF2-44AA-9B47-949C8D7F20B1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D1D131B3-354A-466B-A959-DCFFC26746E7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D24046F9-4D7E-42BC-9A70-06B082349D20}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D428E374-763A-4522-949A-CC13EF1C5467}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{D98C1E22-F9B7-4C1B-B940-69DB933E9AD1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EB8DB8E8-FF43-4DA7-91FF-83447BF5FDF9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ECD03D4A-3F78-4DAC-AFAB-A7E1FE406B34}" = protocol=6 | dir=out | app=system |
"{FA1BD7F5-3B1C-4E49-84EB-A07311B921B1}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"TCP Query User{133CBBDB-EB30-466A-8967-737E9698BA70}C:\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\icq7.7\icq.exe |
"TCP Query User{93EBD5C4-0907-47E3-A3DC-3A61AFECC3F4}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{B54C6CA1-E0E0-4ED3-B357-035AB64C9A22}C:\users\barabara\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=6 | dir=in | app=c:\users\barabara\appdata\local\temp\rarsfx0\bie_kms.exe |
"UDP Query User{37CD603E-D7E3-419F-9EDC-BCDECFBDD60F}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{A753EA96-CD16-4124-95DF-54FD045DC725}C:\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\icq7.7\icq.exe |
"UDP Query User{F1DBFA2F-1289-4F9F-92F2-3D06ED1E8EB6}C:\users\barabara\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=17 | dir=in | app=c:\users\barabara\appdata\local\temp\rarsfx0\bie_kms.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}" = ICQ Sparberater
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{1061DF04-CF33-40B0-8360-D07C9BBEB122}" = HP Wireless Assistant
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{40AAB711-8EFF-4830-8B39-017D3F66983D}" = Studie zur Verbesserung von HP Deskjet 1050 J410 series Produkten
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Hilfe
"{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7
"{A7C78AC4-C094-4298-9F10-2AA7AC0E8576}" = Windows 7 Manager
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B7B5A370-3DFF-4F0E-AE11-FD267C4938AA}" = CCS64 V3.9
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{FE19B8A3-C79D-4A90-8F7C-1B206DB00CFC}" = HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"ElsterFormular" = ElsterFormular
"Guard.Mail.ru" = Guard.ICQ
"HP Photo Creations" = HP Photo Creations
"ICQToolbar" = ICQ Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"nView Desktop Manager" = NVIDIA nView Desktop Manager
"PhotoScape" = PhotoScape
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.6
"WinGimp-2.0_is1" = GIMP 2.6.11
"YU2010_is1" = Your Uninstaller! 7
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-911559959-953966608-761051852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{20677A52-CEFA-436F-B7EB-F9E95D438A03}" = klickTel Routenplaner Deutschland und Europa 2011
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.02.2013 19:00:01 | Computer Name = Barbara-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.02.2013 09:53:20 | Computer Name = Barbara-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.02.2013 06:30:48 | Computer Name = Barbara-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.02.2013 06:37:53 | Computer Name = Barbara-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.02.2013 05:31:37 | Computer Name = Barbara-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.02.2013 17:19:12 | Computer Name = Barbara-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.02.2013 07:48:57 | Computer Name = Barbara-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.02.2013 03:30:22 | Computer Name = Barbara-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.03.2013 06:44:19 | Computer Name = Barbara-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.03.2013 07:43:33 | Computer Name = Barbara-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 07.05.2013 11:49:11 | Computer Name = Barbara-PC | Source = ipnathlp | ID = 31004
Description =
Error - 07.05.2013 12:01:20 | Computer Name = Barbara-PC | Source = ipnathlp | ID = 31004
Description =
Error - 07.05.2013 12:11:20 | Computer Name = Barbara-PC | Source = ipnathlp | ID = 31004
Description =
Error - 08.05.2013 04:17:02 | Computer Name = Barbara-PC | Source = ipnathlp | ID = 31004
Description =
Error - 08.05.2013 09:17:14 | Computer Name = Barbara-PC | Source = ipnathlp | ID = 31004
Description =
Error - 09.05.2013 10:43:08 | Computer Name = Barbara-PC | Source = ipnathlp | ID = 31004
Description =
Error - 09.05.2013 16:31:11 | Computer Name = Barbara-PC | Source = DCOM | ID = 10010
Description =
Error - 09.05.2013 16:31:14 | Computer Name = Barbara-PC | Source = DCOM | ID = 10010
Description =
Error - 09.05.2013 17:05:48 | Computer Name = Barbara-PC | Source = ipnathlp | ID = 31004
Description =
Error - 09.05.2013 17:06:52 | Computer Name = Barbara-PC | Source = DCOM | ID = 10010
Description =
< End of report >
|
Lesestoff: