mystart incredibar bei einem Softtonic Download eingefangen

Leari · 8. Juli 2012

Auch ich habe mir mystart incredibar bei einem softtonic Download eingefangen. hab malwarebytes drüberlaufen lassen, hier die logfile :

Malwarebytes Anti-Malware 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.07.08.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
User :: M1330 [Administrator]

08.07.2012 13:28:19
mbam-log-2012-07-08 (13-28-19).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 328428
Laufzeit: 2 Stunde(n), 52 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_026870 (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\Downloads\SoftonicDownloader_fuer_nasa-world-wind.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

kann mir jemand helfen? ich weiß wirklich nicht wie ich das loswerden soll!

Unregistriert · 8. Juli 2012

1. Schritt

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
- Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
- Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
- Unter Extra Registry, wähle bitte Use SafeList
- Klicke nun auf Run Scan links oben
- Wenn der Scan beendet wurde werden 2 Logfiles erstellt
- Poste die Logfiles hier in den Thread.

Poste bitte die Logfiles

Leari · 8. Juli 2012

OTL logfile created on: 08.07.2012 19:34:10 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\User\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 36,57% Memory free
6,19 Gb Paging File | 4,09 Gb Available in Paging File | 66,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 167,85 Gb Total Space | 92,62 Gb Free Space | 55,18% Space Free | Partition Type: NTFS
Drive D: | 65,03 Gb Total Space | 64,33 Gb Free Space | 98,93% Space Free | Partition Type: NTFS

Computer Name: M1330 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\User\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Guard-ICQ\GuardICQ.exe ()
PRC - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
PRC - C:\Programme\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Programme\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Programme\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
PRC - C:\Windows\OEM04Mon.exe (Creative Technology Ltd.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)

========== Modules (No Company Name) ==========

MOD - C:\Programme\Guard-ICQ\GuardICQ.exe ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Users\User\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\User\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll ()
MOD - C:\Users\User\AppData\Local\Google\Chrome\Application\17.0.963.56\avutil-51.dll ()
MOD - C:\Users\User\AppData\Local\Google\Chrome\Application\17.0.963.56\avformat-53.dll ()
MOD - C:\Users\User\AppData\Local\Google\Chrome\Application\17.0.963.56\avcodec-53.dll ()
MOD - C:\Users\User\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll ()
MOD - C:\Users\User\AppData\Local\Google\Chrome\APPLIC~1\170963~1.56\gcswf32.dll ()
MOD - C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Windows\System32\btwhidcs.dll ()

========== Win32 Services (SafeList) ==========

SRV - (Guard.Mail.ru) -- C:\Programme\Guard-ICQ\GuardICQ.exe ()
SRV - (Web Assistant Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe (Symantec Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (DFUBTUSB) -- System32\Drivers\frmupgr.sys File not found
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120706.036\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120706.036\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120705.001\IDSvix86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120619.001\BHDrvx86.sys (Symantec Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (ccSet_NIS) -- C:\Windows\System32\drivers\NIS\1301000.01C\ccSetx86.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1301000.01C\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\System32\drivers\NIS\1301000.01C\srtspx.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1301000.01C\SymEFA.sys (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\drivers\NIS\1301000.01C\symtdiv.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1301000.01C\SymDS.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1301000.01C\Ironx86.sys (Symantec Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (OEM04Vid) -- C:\Windows\System32\drivers\OEM04Vid.sys (Creative Technology Ltd.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (OEM04Vfx) -- C:\Windows\System32\drivers\OEM04Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MyStart by IncrediBar.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 66 13 45 30 55 A4 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MOOI_de
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyHj8JI19&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012.07.08 17:26:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012.07.08 17:26:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.07.08 12:33:48 | 000,000,000 | ---D | M]

[2012.07.08 12:34:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: ICQ Search (Enabled)
CHR - default_search_provider: search_url = http://search.icq.com/search/results.php?ch_id=osd&q={searchTerms}&icid=chrome
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.458_0\npbrowserext.dll
CHR - plugin: Perion plugin (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Wetter (Erweiterung) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\beapnbfmjmjhhfpaoajfhjbbfnnlfpnc\0.8.0.4_0\
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google-Suche = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Web Assistant = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.458_0\
CHR - Extension: TimelineRemove = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0\
CHR - Extension: YouTube Unblocker = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebdgjhfdnlgdgldfkdmfjdnajbedlfnl\0.1.3_0\
CHR - Extension: Picnik -\\u003E WordPress = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eedlhlajecabildcmkdhbgbpgmjfjiab\1.1.1_0\
CHR - Extension: Amateur Surgeon 2 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\elpjhecodbnljgpmfffepfbbihbbkjom\2.3.1_0\
CHR - Extension: SciLor's Grooveshark(tm) Unlocker = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\feegenemlbjkbnfpgdmjddbeiecdbpob\0.3.3_0\
CHR - Extension: Gorillaz = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgcooogealdlcdagkkbfcgmkjejaekhg\13.3344.4621_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Happy Wheels = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljdngafdeknonigdklkdlolkefpigejp\13.2334.9140_0\
CHR - Extension: The Fancy Pants Adventure: World 2 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\loamdenijebhollnjgehcfbnpeelfhlk\14_0\
CHR - Extension: Uhr = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg\1.16_0\
CHR - Extension: ICQ Sparberater = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpllndkedbnmonoomepeeglghdelffo\1.3.678_1\
CHR - Extension: Google Mail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Programme\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files\Guard-ICQ\GuardICQ.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM04Mon.exe] C:\Windows\OEM04Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F7F7071-3940-491C-BB3D-F5834B817BF4}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7E5EAA3-9992-48BB-A85A-5BD045A01987}: DhcpNameServer = 192.168.222.1 192.168.222.254
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) - C:\Programme\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) - C:\Programme\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.08 13:18:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2012.07.08 13:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.08 13:18:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.08 13:18:19 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.08 13:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.08 12:34:26 | 000,000,000 | ---D | C] -- C:\Program Files\Perion
[2012.07.08 12:34:20 | 000,000,000 | ---D | C] -- C:\Program Files\Incredibar.com
[2012.07.08 12:34:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\NASA
[2012.07.08 12:34:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.07.08 12:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
[2012.07.08 12:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NASA
[2012.07.08 12:11:06 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2012.07.08 12:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\NASA
[2012.07.08 12:09:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\CrashDumps
[2012.07.05 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Neuer Ordner
[2012.07.02 15:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2012.07.02 15:40:40 | 000,127,096 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012.07.02 15:40:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012.07.02 15:40:40 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012.07.02 15:40:07 | 000,897,656 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301000.01C\SymEFA.sys
[2012.07.02 15:40:07 | 000,566,904 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301000.01C\srtsp.sys
[2012.07.02 15:40:07 | 000,344,184 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301000.01C\symtdiv.sys
[2012.07.02 15:40:07 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301000.01C\SymDS.sys
[2012.07.02 15:40:07 | 000,314,488 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301000.01C\symnets.sys
[2012.07.02 15:40:07 | 000,031,864 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301000.01C\srtspx.sys
[2012.07.02 15:40:06 | 000,149,624 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301000.01C\Ironx86.sys
[2012.07.02 15:40:06 | 000,132,744 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1301000.01C\ccSetx86.sys
[2012.07.02 15:39:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2012.07.02 15:39:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1301000.01C
[2012.07.02 15:39:18 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012.07.02 15:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2012.07.02 15:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012.07.02 15:38:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012.07.02 15:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012.06.21 13:12:18 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.21 13:12:17 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.21 13:11:48 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.21 13:11:48 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.21 13:11:48 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.21 13:11:37 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.21 13:11:37 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.14 21:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7M
[2012.06.14 21:02:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ICQ Search
[2012.06.14 21:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\icq
[2012.06.14 21:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\Guard-ICQ
[2012.06.14 21:01:06 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7M
[2012.06.13 23:14:11 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.06.13 23:14:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.06.13 23:14:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.06.13 23:14:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.06.13 23:14:08 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.06.13 23:14:08 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.06.13 23:14:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.06.13 17:51:22 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

========== Files - Modified Within 30 Days ==========

[2012.07.08 19:22:41 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.08 19:22:41 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.08 19:13:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.08 18:13:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.08 17:22:42 | 000,054,932 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.07.08 17:22:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.08 17:22:36 | 3219,173,376 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.08 17:21:36 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.07.08 13:18:30 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.08 12:34:23 | 000,000,447 | ---- | M] () -- C:\user.js
[2012.07.03 22:50:32 | 000,041,237 | ---- | M] () -- C:\Users\User\Desktop\4666066_700b.jpg
[2012.07.03 20:22:45 | 000,008,942 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1301000.01C\VT20120410.035
[2012.07.02 17:46:29 | 000,054,932 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.07.02 15:41:36 | 001,693,227 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1301000.01C\Cat.DB
[2012.07.02 15:40:40 | 000,127,096 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012.07.02 15:40:40 | 000,007,510 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012.07.02 15:40:40 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012.06.29 15:02:29 | 000,032,147 | ---- | M] () -- C:\Users\User\Desktop\4619804_700b_v1.jpg
[2012.06.27 22:10:44 | 000,028,160 | ---- | M] () -- C:\Users\User\Desktop\saufen.jpg
[2012.06.24 13:35:31 | 000,201,542 | ---- | M] () -- C:\Users\User\Desktop\4578188_700b.jpg
[2012.06.23 14:22:14 | 000,030,529 | ---- | M] () -- C:\Users\User\Desktop\cereal-willie.jpg
[2012.06.23 00:20:04 | 000,040,735 | ---- | M] () -- C:\Users\User\Desktop\2_robert+pattinson.jpg
[2012.06.21 21:41:20 | 000,093,069 | ---- | M] () -- C:\Users\User\Desktop\601078_378473572205822_1889700763_n.jpg
[2012.06.14 21:02:25 | 000,001,598 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7M.lnk
[2012.06.14 21:02:11 | 000,000,000 | ---- | M] () -- C:\Windows\C
[2012.06.14 18:00:06 | 000,317,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.13 23:21:46 | 000,630,768 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.13 23:21:46 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.13 23:21:46 | 000,127,442 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.13 23:21:46 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.13 22:49:05 | 000,094,720 | ---- | M] () -- C:\Users\User\Desktop\4462630_460s.jpg
[2012.06.11 19:24:23 | 000,073,728 | -H-- | M] () -- C:\Users\User\Documents\photothumb.db

========== Files Created - No Company Name ==========

[2012.07.08 13:18:29 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.08 12:34:23 | 000,000,447 | ---- | C] () -- C:\user.js
[2012.07.03 22:50:36 | 000,041,237 | ---- | C] () -- C:\Users\User\Desktop\4666066_700b.jpg
[2012.07.03 20:24:15 | 000,008,942 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\VT20120410.035
[2012.07.02 15:40:50 | 001,693,227 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\Cat.DB
[2012.07.02 15:40:40 | 000,007,510 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012.07.02 15:40:40 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012.07.02 15:39:30 | 000,003,433 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\SymEFA.inf
[2012.07.02 15:39:30 | 000,002,852 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\SymDS.inf
[2012.07.02 15:39:30 | 000,001,468 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\SymNetV.inf
[2012.07.02 15:39:30 | 000,001,440 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\SymNet.inf
[2012.07.02 15:39:30 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\srtspx.inf
[2012.07.02 15:39:30 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\srtsp.inf
[2012.07.02 15:39:30 | 000,000,828 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\ccSetx86.inf
[2012.07.02 15:39:30 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\Iron.inf
[2012.07.02 15:39:21 | 000,002,801 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\SymVTcer.dat
[2012.07.02 15:39:20 | 000,007,877 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\symnetv.cat
[2012.07.02 15:39:20 | 000,007,510 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\ccSetx86.cat
[2012.07.02 15:39:20 | 000,007,498 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\SymEFA.cat
[2012.07.02 15:39:20 | 000,007,496 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\srtspx.cat
[2012.07.02 15:39:20 | 000,007,492 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\SymDS.cat
[2012.07.02 15:39:20 | 000,007,492 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\srtsp.cat
[2012.07.02 15:39:20 | 000,007,492 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\iron.cat
[2012.07.02 15:39:20 | 000,007,458 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\SymNet.cat
[2012.07.02 15:39:20 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1301000.01C\isolate.ini
[2012.06.29 15:02:33 | 000,032,147 | ---- | C] () -- C:\Users\User\Desktop\4619804_700b_v1.jpg
[2012.06.27 22:10:51 | 000,028,160 | ---- | C] () -- C:\Users\User\Desktop\saufen.jpg
[2012.06.24 13:35:35 | 000,201,542 | ---- | C] () -- C:\Users\User\Desktop\4578188_700b.jpg
[2012.06.23 14:22:17 | 000,030,529 | ---- | C] () -- C:\Users\User\Desktop\cereal-willie.jpg
[2012.06.23 00:20:09 | 000,040,735 | ---- | C] () -- C:\Users\User\Desktop\2_robert+pattinson.jpg
[2012.06.21 21:41:24 | 000,093,069 | ---- | C] () -- C:\Users\User\Desktop\601078_378473572205822_1889700763_n.jpg
[2012.06.14 21:02:25 | 000,001,598 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7M.lnk
[2012.06.14 21:02:11 | 000,000,000 | ---- | C] () -- C:\Windows\C
[2012.06.13 22:49:08 | 000,094,720 | ---- | C] () -- C:\Users\User\Desktop\4462630_460s.jpg
[2012.04.16 21:24:52 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.04.16 21:24:52 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD7320.DAT
[2012.04.12 12:30:30 | 000,004,096 | -H-- | C] () -- C:\Users\User\AppData\Local\keyfile3.drm
[2011.12.24 21:36:10 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2011.12.11 13:19:43 | 000,054,932 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011.12.11 13:19:43 | 000,054,932 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011.11.27 23:14:25 | 000,019,968 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.27 23:12:33 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.10.16 21:19:13 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2011.10.16 18:11:51 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2011.10.16 17:56:00 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011.10.14 15:40:34 | 000,000,680 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat

< End of report >

Leari · 8. Juli 2012

OTL Extras logfile created on: 08.07.2012 19:34:10 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\User\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 36,57% Memory free
6,19 Gb Paging File | 4,09 Gb Available in Paging File | 66,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 167,85 Gb Total Space | 92,62 Gb Free Space | 55,18% Space Free | Partition Type: NTFS
Drive D: | 65,03 Gb Total Space | 64,33 Gb Free Space | 98,93% Space Free | Partition Type: NTFS

Computer Name: M1330 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile
Editiert:
-- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{021D7169-9356-47C5-ABB4-D9258FD4EF46}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{11286DC2-0501-4FC9-A1C9-3461A5E4DAC2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{118B13EC-12ED-4D1D-B2D6-6AEC967764A3}" = rport=445 | protocol=6 | dir=out | app=system |
"{43BF774D-F701-4BF5-9FED-AC9A47C4E8C5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4A7668DE-CFBF-47A9-BD2B-AB3BCAFEED98}" = lport=445 | protocol=6 | dir=in | app=system |
"{4D6D02EC-B80F-4F9A-9E31-042DB9D6F84B}" = rport=139 | protocol=6 | dir=out | app=system |
"{6AA7C46D-BE72-431E-A059-787FE85BB554}" = lport=138 | protocol=17 | dir=in | app=system |
"{8A30D105-30F9-4EFE-97FD-D719D8579D0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8EC17EAE-E299-42FE-B7FB-E73D3FB10F2A}" = lport=137 | protocol=17 | dir=in | app=system |
"{97C12030-813E-4180-9362-DFCA42F298AA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A106DF35-115A-4C14-8F9B-C9924F9673A7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AB299D7D-B87D-401F-9699-84FE5609A980}" = rport=137 | protocol=17 | dir=out | app=system |
"{AED1F746-986A-491D-9E2A-92EC8460C0AF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B0428A38-5773-4DC5-B40D-51E7B11DFA5B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C7C3A52F-8A74-4DD2-8338-398D754DDE5D}" = rport=138 | protocol=17 | dir=out | app=system |
"{ED8EA30F-1F49-416D-9661-BFD9C8A0A236}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FCAB8D00-36D4-4757-98FB-06F328955357}" = lport=139 | protocol=6 | dir=in | app=system |
"{FCBBCEAF-E110-446D-9CAB-5ADF18D0B502}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FFAB6211-C6B9-42C3-8E8D-75E12AB52F29}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0722FB76-5990-4463-B231-090579768355}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{089890C9-4103-4C85-B8CF-DD3D26CFD159}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0E82A185-0225-4A60-ABC3-B3F2B8657B2C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1CA0A235-27D3-4AF0-BFA0-921164663F03}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{37990CB3-D295-4DC0-AEE1-3FD896553FE7}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{3855E9FE-D503-4037-BF27-300067C8C70D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4673C993-7823-487E-91F3-F88A76D3F798}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{51C3A7C7-6B2D-4BDB-9D72-890332805080}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5B591B2D-A7BD-4092-BBE1-9583CB96ED81}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6C89A6E7-04D7-447C-9657-2654E8FC3F6F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{74E73012-AD9B-447E-A3A7-44F978DAB610}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{794121C9-6751-407B-9EDC-6D2DD9C5FDD0}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe |
"{96AC9788-5653-4808-96C2-0B64AFED72B5}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe |
"{9724C23D-2EB1-4BE7-9BFB-5B25DAC69DF2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A7E16263-3750-41B6-84DA-64C84A83CECB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AD4B5BC8-1A47-435E-A594-E91E0C7084C6}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe |
"{AE76693B-7AC5-4C31-8CA7-90F7B203F325}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AF2943D0-4B1E-444B-A5C9-DD5ABA509DCA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B771EA5C-B0B6-4AEC-8A6D-B803C18867B0}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe |
"{BC1C9A77-A10E-43A0-A564-38D475DF24E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C837577D-127E-468D-A419-DCA393CC1F19}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{C8DD25B8-4B3D-4A72-9501-53A72DC8E8E2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D4F27395-FA39-45C0-BD79-BAFE173216E1}" = protocol=6 | dir=out | app=system |
"{E7962977-EA44-495B-AB0C-52B9AC3AC4A6}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{EC9455DD-B8A3-4D96-A80E-5C664B0CD910}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F072D8A6-472C-46B0-B835-E6773172993A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F1D70474-F82E-4989-971E-4D186E32D28D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{F7A1D295-0ECC-42D0-A2BB-F8647A182F2C}C:\program files\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"UDP Query User{EE77DCE7-6005-4C3B-9864-D6F71DC6D9ED}C:\program files\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}" = ICQ Sparberater
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.458
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8E7D7400-4F4F-409D-8F8A-43BF1DAC575A}" = TouchChip USB Driver 2.6
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A945BD16-4774-4A1F-96A7-118BEC004881}" = mCorev32.ism_new
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F32ED8B1-2442-4B0E-8DEC-3F3BFC1C2B7F}" = mCPlug
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Creative OEM004" = Laptop Integrated Webcam Driver (1.03.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Guard.Mail.ru" = Guard.ICQ
"ICQToolbar" = ICQ Toolbar
"iLivid" = iLivid
"incredibar" = Incredibar Toolbar on IE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"NASA World Wind 1.4" = NASA World Wind 1.4
"NIS" = Norton Internet Security
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoScape" = PhotoScape
"ProInst" = Intel(R) PROSet/Wireless Software
"SynTPDeinstKey" = Dell Touchpad
"Windows Searchqu Toolbar" = Windows iLivid Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 07.07.2012 14:15:36 | Computer Name = M1330 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 07.07.2012 14:15:36 | Computer Name = M1330 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 414916

Error - 07.07.2012 14:15:36 | Computer Name = M1330 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 414916

Error - 08.07.2012 06:09:13 | Computer Name = M1330 | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung SoftonicDownloader_fuer_nasa-world-wind.exe,
Version 1.32.4.0, Zeitstempel 0x4fec2714, fehlerhaftes Modul unknown, Version 0.0.0.0,
Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0xfee08d8b, Prozess-ID
0x14c4, Anwendungsstartzeit 01cd5cf156e50cf2.

Error - 08.07.2012 06:10:27 | Computer Name = M1330 | Source = VSS | ID = 8194
Description =

Error - 08.07.2012 06:33:27 | Computer Name = M1330 | Source = Perflib | ID = 1010
Description =

Error - 08.07.2012 06:33:27 | Computer Name = M1330 | Source = Perflib | ID = 1005
Description =

Error - 08.07.2012 06:33:27 | Computer Name = M1330 | Source = Perflib | ID = 1017
Description =

Error - 08.07.2012 06:36:11 | Computer Name = M1330 | Source = Application Hang | ID = 1002
Description = Programm WorldWind.exe, Version 1.4.0.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 10e4 Anfangszeit: 01cd5cf530786c72 Zeitpunkt der Beendigung:
137

Error - 08.07.2012 07:27:03 | Computer Name = M1330 | Source = Application Hang | ID = 1002
Description = Programm mbam.exe, Version 1.60.0.80 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 21c Anfangszeit: 01cd5cfb7bed5a22 Zeitpunkt der Beendigung:
5

[ System Events ]
Error - 18.03.2012 06:35:47 | Computer Name = M1330 | Source = Service Control Manager | ID = 7000
Description =

Error - 19.03.2012 15:29:39 | Computer Name = M1330 | Source = Microsoft Antimalware | ID = 3002
Description = Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt

Feature:
%%835 Fehlercode: 0x80004005 Fehlerbeschreibung: Unbekannter Fehler Grund: %%842

Error - 19.03.2012 15:30:17 | Computer Name = M1330 | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 19.03.2012 15:31:01 | Computer Name = M1330 | Source = Service Control Manager | ID = 7000
Description =

Error - 20.03.2012 11:52:37 | Computer Name = M1330 | Source = Service Control Manager | ID = 7000
Description =

Error - 21.03.2012 12:53:52 | Computer Name = M1330 | Source = Service Control Manager | ID = 7000
Description =

Error - 21.03.2012 16:26:32 | Computer Name = M1330 | Source = Service Control Manager | ID = 7011
Description =

Error - 21.03.2012 16:26:33 | Computer Name = M1330 | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.

Error - 22.03.2012 13:03:45 | Computer Name = M1330 | Source = Service Control Manager | ID = 7000
Description =

Error - 23.03.2012 09:47:30 | Computer Name = M1330 | Source = Service Control Manager | ID = 7000
Description =

< End of report >

Unregistriert · 9. Juli 2012

So bitte Fixen:

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

:OTL
SRV - (Guard.Mail.ru) -- C:\Programme\Guard-[URL="http://filepony.de/download-icq/"][COLOR=#0066cc]ICQ[/COLOR][/URL]\GuardICQ.exe ()
SRV - (Web Assistant Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7 
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTe rms} 
IE - HKCU\..\URLSearchHook: - No CLSID value found 
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) 
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.ICQ.com/search/results.php?q={searchTerms}&ch_id=osd 
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7&rlz=1I7MOOI_de 
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTe rms} 
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyHj8JI19&i=26 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) 
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll 
CHR - Extension: Wetter (Erweiterung) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\beapnbfmjmjhhfpaoajfhjbbfn nlfpnc\0.8.0.4_0\ 
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll (Symantec Corporation) 
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files\Guard-ICQ\GuardICQ.exe () 
O32 - HKLM CDRom: AutoRun - 1 
[2011.12.24 21:36:10 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin 
[2012.07.08 19:13:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.07.08 18:13:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2011.12.24 21:36:10 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin 
[2012.07.08 12:34:26 | 000,000,000 | ---D | C] -- C:\Program Files\Perion
[2012.07.08 12:34:20 | 000,000,000 | ---D | C] -- C:\Program Files\Incredibar.com
[2012.07.08 12:34:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\NASA
:Files
C:\Program Files\Guard-ICQ\GuardICQ.exe
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\CT4CET.bin
C:\Programme\Web Assistant\ExtensionUpdaterService.exe 
:Commands
[emptytemp]
[emptyflash]
[resethosts]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Und danach:
Deinstalliere Norton und sage welche Probleme es noch gibt.

Leari · 9. Juli 2012

Habe alle Schritte befolgt,d.h. das Skript in das Textfeld kopiert,alle Programme geschlossen und auf "Fix" geklickt. Einige Sekunden arbeitet OTL dann auch,jedoch dann bleibt es hängen und zeigt "Keine Rückmeldung " an. Ich habe den Laptop jetzt schon 4 mal heruntergefahren und das Ganze von vorne gestartet, immer passiert das Gleiche..

Unregistriert · 9. Juli 2012

OK,

deinstalliere bitte Norton und erstelle ein neues OTL-Logfile.

Leari · 9. Juli 2012

OTL Extras logfile created on: 09.07.2012 14:00:18 - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = c:\users\user\downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,52% Memory free
6,19 Gb Paging File | 4,97 Gb Available in Paging File | 80,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 167,85 Gb Total Space | 93,19 Gb Free Space | 55,52% Space Free | Partition Type: NTFS
Drive D: | 65,03 Gb Total Space | 64,33 Gb Free Space | 98,93% Space Free | Partition Type: NTFS

Computer Name: M1330 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile
Editiert:
-- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{021D7169-9356-47C5-ABB4-D9258FD4EF46}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{11286DC2-0501-4FC9-A1C9-3461A5E4DAC2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{118B13EC-12ED-4D1D-B2D6-6AEC967764A3}" = rport=445 | protocol=6 | dir=out | app=system |
"{43BF774D-F701-4BF5-9FED-AC9A47C4E8C5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4A7668DE-CFBF-47A9-BD2B-AB3BCAFEED98}" = lport=445 | protocol=6 | dir=in | app=system |
"{4D6D02EC-B80F-4F9A-9E31-042DB9D6F84B}" = rport=139 | protocol=6 | dir=out | app=system |
"{6AA7C46D-BE72-431E-A059-787FE85BB554}" = lport=138 | protocol=17 | dir=in | app=system |
"{8A30D105-30F9-4EFE-97FD-D719D8579D0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8EC17EAE-E299-42FE-B7FB-E73D3FB10F2A}" = lport=137 | protocol=17 | dir=in | app=system |
"{97C12030-813E-4180-9362-DFCA42F298AA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A106DF35-115A-4C14-8F9B-C9924F9673A7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AB299D7D-B87D-401F-9699-84FE5609A980}" = rport=137 | protocol=17 | dir=out | app=system |
"{AED1F746-986A-491D-9E2A-92EC8460C0AF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B0428A38-5773-4DC5-B40D-51E7B11DFA5B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C7C3A52F-8A74-4DD2-8338-398D754DDE5D}" = rport=138 | protocol=17 | dir=out | app=system |
"{ED8EA30F-1F49-416D-9661-BFD9C8A0A236}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FCAB8D00-36D4-4757-98FB-06F328955357}" = lport=139 | protocol=6 | dir=in | app=system |
"{FCBBCEAF-E110-446D-9CAB-5ADF18D0B502}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FFAB6211-C6B9-42C3-8E8D-75E12AB52F29}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0722FB76-5990-4463-B231-090579768355}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{089890C9-4103-4C85-B8CF-DD3D26CFD159}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0E82A185-0225-4A60-ABC3-B3F2B8657B2C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1CA0A235-27D3-4AF0-BFA0-921164663F03}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{37990CB3-D295-4DC0-AEE1-3FD896553FE7}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{3855E9FE-D503-4037-BF27-300067C8C70D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4673C993-7823-487E-91F3-F88A76D3F798}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{51C3A7C7-6B2D-4BDB-9D72-890332805080}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5B591B2D-A7BD-4092-BBE1-9583CB96ED81}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6C89A6E7-04D7-447C-9657-2654E8FC3F6F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{74E73012-AD9B-447E-A3A7-44F978DAB610}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{794121C9-6751-407B-9EDC-6D2DD9C5FDD0}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe |
"{96AC9788-5653-4808-96C2-0B64AFED72B5}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe |
"{9724C23D-2EB1-4BE7-9BFB-5B25DAC69DF2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A7E16263-3750-41B6-84DA-64C84A83CECB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AD4B5BC8-1A47-435E-A594-E91E0C7084C6}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe |
"{AE76693B-7AC5-4C31-8CA7-90F7B203F325}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AF2943D0-4B1E-444B-A5C9-DD5ABA509DCA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B771EA5C-B0B6-4AEC-8A6D-B803C18867B0}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe |
"{BC1C9A77-A10E-43A0-A564-38D475DF24E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C837577D-127E-468D-A419-DCA393CC1F19}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{C8DD25B8-4B3D-4A72-9501-53A72DC8E8E2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D4F27395-FA39-45C0-BD79-BAFE173216E1}" = protocol=6 | dir=out | app=system |
"{E7962977-EA44-495B-AB0C-52B9AC3AC4A6}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{EC9455DD-B8A3-4D96-A80E-5C664B0CD910}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F072D8A6-472C-46B0-B835-E6773172993A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F1D70474-F82E-4989-971E-4D186E32D28D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{F7A1D295-0ECC-42D0-A2BB-F8647A182F2C}C:\program files\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"UDP Query User{EE77DCE7-6005-4C3B-9864-D6F71DC6D9ED}C:\program files\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}" = ICQ Sparberater
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.458
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8E7D7400-4F4F-409D-8F8A-43BF1DAC575A}" = TouchChip USB Driver 2.6
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A945BD16-4774-4A1F-96A7-118BEC004881}" = mCorev32.ism_new
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F32ED8B1-2442-4B0E-8DEC-3F3BFC1C2B7F}" = mCPlug
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Creative OEM004" = Laptop Integrated Webcam Driver (1.03.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Guard.Mail.ru" = Guard.ICQ
"ICQToolbar" = ICQ Toolbar
"iLivid" = iLivid
"incredibar" = Incredibar Toolbar on IE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"NASA World Wind 1.4" = NASA World Wind 1.4
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoScape" = PhotoScape
"ProInst" = Intel(R) PROSet/Wireless Software
"SynTPDeinstKey" = Dell Touchpad
"Windows Searchqu Toolbar" = Windows iLivid Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 08.07.2012 07:27:03 | Computer Name = M1330 | Source = Application Hang | ID = 1002
Description = Programm mbam.exe, Version 1.60.0.80 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 21c Anfangszeit: 01cd5cfb7bed5a22 Zeitpunkt der Beendigung:
5

Error - 09.07.2012 06:03:58 | Computer Name = M1330 | Source = Application Hang | ID = 1002
Description = Programm OTL (2).exe, Version 3.2.53.1 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: e90 Anfangszeit: 01cd5db983ca1340 Zeitpunkt der Beendigung:
15

Error - 09.07.2012 06:06:35 | Computer Name = M1330 | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung datamngrUI.exe, Version 1.0.0.1, Zeitstempel
0x4eddeb7c, fehlerhaftes Modul datamngrUI.exe, Version 1.0.0.1, Zeitstempel 0x4eddeb7c,
Ausnahmecode 0xc0000417, Fehleroffset 0x000f51dd, Prozess-ID 0xc24, Anwendungsstartzeit
01cd5dba7fc02a9f.

Error - 09.07.2012 06:10:19 | Computer Name = M1330 | Source = Application Hang | ID = 1002
Description = Programm OTL (2).exe, Version 3.2.53.1 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: e0c Anfangszeit: 01cd5dbaabb5f35f Zeitpunkt der Beendigung:
16

Error - 09.07.2012 06:12:37 | Computer Name = M1330 | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung datamngrUI.exe, Version 1.0.0.1, Zeitstempel
0x4eddeb7c, fehlerhaftes Modul datamngrUI.exe, Version 1.0.0.1, Zeitstempel 0x4eddeb7c,
Ausnahmecode 0xc0000417, Fehleroffset 0x000f51dd, Prozess-ID 0xf54, Anwendungsstartzeit
01cd5dbb59967ce6.

Error - 09.07.2012 06:22:11 | Computer Name = M1330 | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.53.1 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 1764 Anfangszeit: 01cd5dbbd69ed1b6 Zeitpunkt der Beendigung:
15

Error - 09.07.2012 06:24:04 | Computer Name = M1330 | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung datamngrUI.exe, Version 1.0.0.1, Zeitstempel
0x4eddeb7c, fehlerhaftes Modul datamngrUI.exe, Version 1.0.0.1, Zeitstempel 0x4eddeb7c,
Ausnahmecode 0xc0000417, Fehleroffset 0x000f51dd, Prozess-ID 0xdc4, Anwendungsstartzeit
01cd5dbcf38f187c.

Error - 09.07.2012 07:48:38 | Computer Name = M1330 | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung datamngrUI.exe, Version 1.0.0.1, Zeitstempel
0x4eddeb7c, fehlerhaftes Modul datamngrUI.exe, Version 1.0.0.1, Zeitstempel 0x4eddeb7c,
Ausnahmecode 0xc0000417, Fehleroffset 0x000f51dd, Prozess-ID 0xee8, Anwendungsstartzeit
01cd5dc8c6b9105c.

Error - 09.07.2012 07:57:00 | Computer Name = M1330 | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung datamngrUI.exe, Version 1.0.0.1, Zeitstempel
0x4eddeb7c, fehlerhaftes Modul datamngrUI.exe, Version 1.0.0.1, Zeitstempel 0x4eddeb7c,
Ausnahmecode 0xc0000417, Fehleroffset 0x000f51dd, Prozess-ID 0xe00, Anwendungsstartzeit
01cd5dc9f1d6da2f.

Error - 09.07.2012 07:58:19 | Computer Name = M1330 | Source = Application Hang | ID = 1002
Description = Programm ICQ.exe, Version 7.8.0.6800 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: eac Anfangszeit: 01cd5dc9f25a891f Zeitpunkt der Beendigung:
16

[ System Events ]
Error - 23.03.2012 09:47:30 | Computer Name = M1330 | Source = Service Control Manager | ID = 7000
Description =

Error - 23.03.2012 15:48:22 | Computer Name = M1330 | Source = Service Control Manager | ID = 7011
Description =

Error - 23.03.2012 15:51:57 | Computer Name = M1330 | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.

Error - 23.03.2012 17:44:58 | Computer Name = M1330 | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.

Error - 24.03.2012 03:41:33 | Computer Name = M1330 | Source = Service Control Manager | ID = 7000
Description =

Error - 24.03.2012 12:42:22 | Computer Name = M1330 | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.

Error - 24.03.2012 13:23:56 | Computer Name = M1330 | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.

Error - 24.03.2012 15:14:51 | Computer Name = M1330 | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.

Error - 24.03.2012 16:04:29 | Computer Name = M1330 | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.

Error - 24.03.2012 17:37:50 | Computer Name = M1330 | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.

< End of report >

Leari · 9. Juli 2012

OTL logfile created on: 09.07.2012 14:00:18 - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = c:\users\user\downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,52% Memory free
6,19 Gb Paging File | 4,97 Gb Available in Paging File | 80,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 167,85 Gb Total Space | 93,19 Gb Free Space | 55,52% Space Free | Partition Type: NTFS
Drive D: | 65,03 Gb Total Space | 64,33 Gb Free Space | 98,93% Space Free | Partition Type: NTFS

Computer Name: M1330 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - c:\users\user\downloads\otl.exe (OldTimer Tools)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Programme\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Programme\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
PRC - C:\Windows\OEM04Mon.exe (Creative Technology Ltd.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)

========== Modules (No Company Name) ==========

MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Users\User\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\User\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll ()
MOD - C:\Users\User\AppData\Local\Google\Chrome\Application\17.0.963.56\avutil-51.dll ()
MOD - C:\Users\User\AppData\Local\Google\Chrome\Application\17.0.963.56\avformat-53.dll ()
MOD - C:\Users\User\AppData\Local\Google\Chrome\Application\17.0.963.56\avcodec-53.dll ()
MOD - C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Windows\System32\btwhidcs.dll ()

========== Win32 Services (SafeList) ==========

SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (DFUBTUSB) -- System32\Drivers\frmupgr.sys File not found
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (OEM04Vid) -- C:\Windows\System32\drivers\OEM04Vid.sys (Creative Technology Ltd.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (OEM04Vfx) -- C:\Windows\System32\drivers\OEM04Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MyStart by IncrediBar.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 66 13 45 30 55 A4 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.07.08 12:33:48 | 000,000,000 | ---D | M]

[2012.07.08 12:34:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: ICQ Search (Enabled)
CHR - default_search_provider: search_url = http://search.icq.com/search/results.php?ch_id=osd&q={searchTerms}&icid=chrome
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Wetter (Erweiterung) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\beapnbfmjmjhhfpaoajfhjbbfnnlfpnc\0.8.0.4_0\
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google-Suche = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Web Assistant = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.458_0\
CHR - Extension: TimelineRemove = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0\
CHR - Extension: YouTube Unblocker = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebdgjhfdnlgdgldfkdmfjdnajbedlfnl\0.1.3_0\
CHR - Extension: Picnik -\\u003E WordPress = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eedlhlajecabildcmkdhbgbpgmjfjiab\1.1.1_0\
CHR - Extension: Amateur Surgeon 2 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\elpjhecodbnljgpmfffepfbbihbbkjom\2.3.1_0\
CHR - Extension: SciLor's Grooveshark(tm) Unlocker = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\feegenemlbjkbnfpgdmjddbeiecdbpob\0.3.3_0\
CHR - Extension: Gorillaz = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgcooogealdlcdagkkbfcgmkjejaekhg\13.3344.4621_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Happy Wheels = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljdngafdeknonigdklkdlolkefpigejp\13.2334.9140_0\
CHR - Extension: The Fancy Pants Adventure: World 2 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\loamdenijebhollnjgehcfbnpeelfhlk\14_0\
CHR - Extension: Uhr = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg\1.16_0\
CHR - Extension: ICQ Sparberater = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpllndkedbnmonoomepeeglghdelffo\1.3.678_1\
CHR - Extension: Google Mail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Programme\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] "C:\Program Files\Guard-ICQ\GuardICQ.exe" /gui File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM04Mon.exe] C:\Windows\OEM04Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F7F7071-3940-491C-BB3D-F5834B817BF4}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7E5EAA3-9992-48BB-A85A-5BD045A01987}: DhcpNameServer = 192.168.222.1 192.168.222.254
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) - C:\Programme\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) - C:\Programme\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.09 12:01:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.08 13:18:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2012.07.08 13:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.08 13:18:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.08 13:18:19 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.08 13:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.08 12:34:26 | 000,000,000 | ---D | C] -- C:\Program Files\Perion
[2012.07.08 12:34:20 | 000,000,000 | ---D | C] -- C:\Program Files\Incredibar.com
[2012.07.08 12:34:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\NASA
[2012.07.08 12:34:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.07.08 12:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
[2012.07.08 12:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NASA
[2012.07.08 12:11:06 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2012.07.08 12:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\NASA
[2012.07.08 12:09:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\CrashDumps
[2012.07.05 17:34:03 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Neuer Ordner
[2012.07.02 15:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012.07.02 15:38:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012.06.21 13:12:18 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.21 13:12:17 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.21 13:11:48 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.21 13:11:48 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.21 13:11:48 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.21 13:11:37 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.21 13:11:37 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.14 21:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7M
[2012.06.14 21:02:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ICQ Search
[2012.06.14 21:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\icq
[2012.06.14 21:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\Guard-ICQ
[2012.06.14 21:01:06 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7M
[2012.06.13 23:14:11 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.06.13 23:14:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.06.13 23:14:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.06.13 23:14:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.06.13 23:14:08 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.06.13 23:14:08 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.06.13 23:14:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.06.13 17:51:22 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

========== Files - Modified Within 30 Days ==========

[2012.07.09 13:56:57 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.09 13:56:48 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.09 13:56:48 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.09 13:56:44 | 000,054,932 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.07.09 13:56:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.09 13:56:38 | 3217,113,088 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.09 13:55:37 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.07.09 13:13:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.08 13:18:30 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.08 12:34:23 | 000,000,447 | ---- | M] () -- C:\user.js
[2012.07.03 22:50:32 | 000,041,237 | ---- | M] () -- C:\Users\User\Desktop\4666066_700b.jpg
[2012.07.02 17:46:29 | 000,054,932 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.06.29 15:02:29 | 000,032,147 | ---- | M] () -- C:\Users\User\Desktop\4619804_700b_v1.jpg
[2012.06.27 22:10:44 | 000,028,160 | ---- | M] () -- C:\Users\User\Desktop\saufen.jpg
[2012.06.24 13:35:31 | 000,201,542 | ---- | M] () -- C:\Users\User\Desktop\4578188_700b.jpg
[2012.06.23 14:22:14 | 000,030,529 | ---- | M] () -- C:\Users\User\Desktop\cereal-willie.jpg
[2012.06.23 00:20:04 | 000,040,735 | ---- | M] () -- C:\Users\User\Desktop\2_robert+pattinson.jpg
[2012.06.21 21:41:20 | 000,093,069 | ---- | M] () -- C:\Users\User\Desktop\601078_378473572205822_1889700763_n.jpg
[2012.06.14 21:02:25 | 000,001,598 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7M.lnk
[2012.06.14 21:02:11 | 000,000,000 | ---- | M] () -- C:\Windows\C
[2012.06.14 18:00:06 | 000,317,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.13 23:21:46 | 000,630,768 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.13 23:21:46 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.13 23:21:46 | 000,127,442 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.13 23:21:46 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.13 22:49:05 | 000,094,720 | ---- | M] () -- C:\Users\User\Desktop\4462630_460s.jpg
[2012.06.11 19:24:23 | 000,073,728 | -H-- | M] () -- C:\Users\User\Documents\photothumb.db

========== Files Created - No Company Name ==========

[2012.07.08 13:18:29 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.08 12:34:23 | 000,000,447 | ---- | C] () -- C:\user.js
[2012.07.03 22:50:36 | 000,041,237 | ---- | C] () -- C:\Users\User\Desktop\4666066_700b.jpg
[2012.06.29 15:02:33 | 000,032,147 | ---- | C] () -- C:\Users\User\Desktop\4619804_700b_v1.jpg
[2012.06.27 22:10:51 | 000,028,160 | ---- | C] () -- C:\Users\User\Desktop\saufen.jpg
[2012.06.24 13:35:35 | 000,201,542 | ---- | C] () -- C:\Users\User\Desktop\4578188_700b.jpg
[2012.06.23 14:22:17 | 000,030,529 | ---- | C] () -- C:\Users\User\Desktop\cereal-willie.jpg
[2012.06.23 00:20:09 | 000,040,735 | ---- | C] () -- C:\Users\User\Desktop\2_robert+pattinson.jpg
[2012.06.21 21:41:24 | 000,093,069 | ---- | C] () -- C:\Users\User\Desktop\601078_378473572205822_1889700763_n.jpg
[2012.06.14 21:02:25 | 000,001,598 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7M.lnk
[2012.06.14 21:02:11 | 000,000,000 | ---- | C] () -- C:\Windows\C
[2012.06.13 22:49:08 | 000,094,720 | ---- | C] () -- C:\Users\User\Desktop\4462630_460s.jpg
[2012.04.16 21:24:52 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.04.16 21:24:52 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD7320.DAT
[2012.04.12 12:30:30 | 000,004,096 | -H-- | C] () -- C:\Users\User\AppData\Local\keyfile3.drm
[2011.12.24 21:36:10 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2011.12.11 13:19:43 | 000,054,932 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011.12.11 13:19:43 | 000,054,932 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011.11.27 23:14:25 | 000,019,968 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.27 23:12:33 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.10.16 21:19:13 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2011.10.16 18:11:51 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2011.10.16 17:56:00 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011.10.14 15:40:34 | 000,000,680 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat

< End of report >

Bullet572 · 9. Juli 2012

Und wer soll da bitte durchblicken?

Vor Allem, weil es ein leichtes wäre, dieses Ding zu entfernen, der Herr Google hilft da weiter.

Let me google that for you

Oder hier ein Direktlink.

Kurzum, es ist ansich weder ein Virus, noch sonst etwas schädliches, Mystart ist im Grunde nur eine Website, die sich am Gewinn von Google beteiligen möchte. Das einzige Problem ist, dass die Incredibar meist mit einem Trojaner um die Ecke kommt, diesen zu beseitigen wird in vielen Foren und auf vielen Webseiten eingehend erklärt.

Unregistriert · 9. Juli 2012

@Bullet572

Halte dich bitte mit deinem unsinn zurück.
du scheinst nichtmal zu lesen, was du den leuten hier als tipp empfiehlst! *facepalm*

habe deinen beitrag bereits per PM gemeldet!

@Leari

So bitte Fixen:

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

:OTL
PRC - C:\Programme\Web Assistant\ExtensionUpdaterService.exe () 
SRV - (Web Assistant Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe () 
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} 
IE - HKCU\..\URLSearchHook: - No CLSID value found 
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) 
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} 
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTe rms} 
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyHj8JI19&i=26 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) 
FF - HKEY_LOCAL_MACHINE\software\mozilla\FireFox\Extens ions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\FireFox [2012.07.08 12:33:48 | 000,000,000 | ---D | M] 
CHR - Extension: Wetter (Erweiterung) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\beapnbfmjmjhhfpaoajfhjbbfn nlfpnc\0.8.0.4_0\ 
CHR - Extension: Web Assistant = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhh ajpdfd\2.0.0.458_0\ 
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () 
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll (Symantec Corporation) 
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files\Guard-ICQ\GuardICQ.exe () 
O32 - HKLM CDRom: AutoRun - 1 
[2011.12.24 21:36:10 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin 
[2012.07.08 12:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant 
[2012.07.08 12:34:26 | 000,000,000 | ---D | C] -- C:\Program Files\Perion 
[2012.07.08 12:34:20 | 000,000,000 | ---D | C] -- C:\Program Files\Incredibar.com 
[2012.07.08 12:34:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\NASA 
[2012.07.08 12:34:23 | 000,000,447 | ---- | C] () -- C:\user.js 
[2012.07.08 19:13:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.07.08 18:13:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2011.12.24 21:36:10 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin 
:Files
C:\Program Files\Guard-ICQ\GuardICQ.exe
C:\Program Files\Web Assistant
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\CT4CET.bin
:Commands
[emptytemp] 
[emptyflash] 
[resethosts]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Bullet572 · 9. Juli 2012

Schon seltsam oder? Genau das was du hier geschrieben hast, war auch unter den ersten drei Links bei der Google-Suche.

Der Link bezog sich auch nur auf die Incredibar und nicht auf den möglichen Trojaner. Es ist eben so, dass Mystart nicht zwangsläufig ein Trojaner sein muss. Aber ist wieder typisch, unregistriert, aber meckern was das Zeug hält!

Unregistriert · 9. Juli 2012

von der seite, die du verlinkt hast:

MyStart by IncrediBar ist nur eine weitere faule Webseite, die am Gewinn von Google teilhaben will. Einige Webseiten nützen Google-ähnliche Suchmaschinen Features, um Ihren Usern zu helfen. Doch Seiten wie diese sind echte Gaunerseiten,die sich als nützliche Helfer aufspielen. Falles Sie nicht darauf herein.
Klicke in dieses Feld, um es in vollständiger Größe anzuzeigen.

du schnallst nichtmal, dass das (maschinenübersetzter) SPAM ist und empfiehlst den leuten scareware zu installieren.

begreiffe bitte mal, dass genau wegen leuten wie dir solcher mist überhaupt funktioniert

halt dich einfach raus oder verweis auf ein fachforum wie www.trojaner-board.de damit machst du zumindest nichts falsch. danke.

Bullet572 · 9. Juli 2012

Jetzt reichts aber mal, der Link war vllt falsch gewählt ja, aber das ist noch lange kein Grund sich in so einer Art und Weise hier zu äußern.

Es ist wie ich schon schrieb, unregistriert, aber meckern wie sonst was. Ich mag vllt einen Fehler gemacht haben,w as den Link angeht, allerdings gibt dir das noch lange nicht das Recht, mich hier so anzufahren. Und davon ab, wenn du im RL so mit mir sprechen würdest, hättest du es in dem Moment bereut, wo du damit angefangen hast. Ich kann sowas gar nicht leiden, es ist unhöflich und repsektlos. Zudem gehören solche Anfeindungen hier nicht hin, ein einfaches, die Seite ist nicht wirklich verstrauenswürdig und sollte deshalb nicht beachtet werden, hätte mehr als ausgreicht!

Leari · 9. Juli 2012

Habe das Fixen mit dem Code bei OTL probiert,wieder hat sich mein Laptop aufgehängt...jedoch sieht es auf einmal so aus,dass sich beim Öffnen eines neuen Tabs nicht automatisch die my start incredibar Seite öffnet..bin ich mystart incredibar jetzt los?

mystart incredibar bei einem Softtonic Download eingefangen

mystart incredibar bei einem Softtonic Download eingefangen

Andere User suchten nach Lösung und weiteren Infos nach:

https://www.meditationfrance.com/archive/2011/1002.htm hotmail.es

safelist gmail language:DE

SysProfile Windows Foren

Hardware Foren