| lordnuke | 28.04.2011 13:31 |
TR/Kazy.mekml.1 mich hats auch erwischt
Mich hats leider auch erwischt
- Desktop schwaz
- Verknüpfungen und daten "weg"
- Fakefehlermeldung
Extras.TXT vom OTL
OTL Logfile: Code:
OTL Extras logfile created on: 28.04.2011 14:22:19 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Melanie\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,17 Gb Total Space | 417,76 Gb Free Space | 72,51% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 3,26 Gb Free Space | 16,28% Space Free | Partition Type: FAT32
Drive F: | 931,28 Gb Total Space | 925,00 Gb Free Space | 99,32% Space Free | Partition Type: FAT32
Computer Name: MELANIE-PC | User Name: Melanie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FAF101A8-4D55-49B2-9695-F968C584A431}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17DCF6CB-08D4-4352-B031-59CDC2E39FA7}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{2052B0F6-C320-4A51-A7DC-5F76664D67F7}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{228F83F3-DFDE-48AE-B230-1540D92CCE70}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{2F2BA981-6AB0-437B-82E8-638BD96701C1}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{327491AB-DCE3-4AC6-9FED-1A075460CFCA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{40BC69D8-8FB2-43C8-B822-BC67FCBB931B}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{41A13FD6-1A0D-4611-B670-CA5B33EE7D8F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4A3E4347-2D81-49F4-BD52-8EE1B91FF519}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{4CBDCE48-220A-4AC1-A9DF-08DB8ADC463E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{4F8724F1-9403-47AF-B46C-DA8460B359BB}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{503A5A49-6B51-4EAF-8606-9198C6FECD41}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{5A6DD73B-AE92-436E-9213-94C570BFB29B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6794FD54-A4B2-430F-BE8D-563D1D5DF3A5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{6B7010AC-7729-439F-845A-67B747B80084}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{77735337-3871-4E2A-B5AF-AAB5E766F35D}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{7F3F4A8D-33A9-4ADC-BE32-1BE99419E8EC}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{8293129F-EE95-41FB-8E9D-E28C68B9F1A1}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{888E0D64-B183-4FA5-82BA-0F26D41D1A51}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{937A2086-0A5A-473D-A0F9-1963CADB181B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{9F75EBBE-9CBF-49C0-B3BF-9FD2A3536C25}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{ABCA4D38-212D-4D93-BA02-53EDF5579260}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{AEE3C337-5B4E-4914-BDCA-7B940E4D142B}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{B6D77873-69F2-44E3-9A84-7A3D91C9AF40}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{BA474D20-BF06-4AB8-ADE6-458A83572FA9}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{C12E8AED-4005-49CB-BDA5-07CC4718F807}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{C8E59C92-380E-4246-B473-15A6E83B44C6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CA5B3499-24F4-483E-A282-237379D499AD}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{CD2A2344-7D7B-4088-B396-26D7F2295EFD}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D042162E-93A2-4B69-A856-12E27B949CAA}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{D2CBEF93-F3B9-451F-A39F-73AB909A6C5F}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{D994C188-7C98-439B-87B1-47D0D9A2E011}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DFC64DEB-9876-4E4C-8043-A312A4301870}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{E05363AD-1FA7-4512-B7E9-EBE272C5698F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{E6007301-5CFF-4A9E-B5DE-5C35AC9C27D0}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{E83DDC0B-02F9-4859-9939-5F91CB39A2DF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F9761D22-638F-4754-8700-64B9385B7C8E}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{2A81AC58-693C-4930-BBDB-A73B1E343AA3}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{40B231E8-2855-474D-90BF-415A883A5698}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{77FC0B2C-A904-4A7F-BB27-57459CC5222B}C:\users\melanie\downloads\quake 3 arena\quake 3 arena\quake3.exe" = protocol=6 | dir=in | app=c:\users\melanie\downloads\quake 3 arena\quake 3 arena\quake3.exe |
"UDP Query User{4DEFA010-F93B-4890-8900-9A6727E3D62C}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{6432E4BA-C8BC-4719-AC92-9C497CA9A3A8}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{88DE30F0-F99C-4013-AEE8-86DB9EE29215}C:\users\melanie\downloads\quake 3 arena\quake 3 arena\quake3.exe" = protocol=17 | dir=in | app=c:\users\melanie\downloads\quake 3 arena\quake 3 arena\quake3.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1A2A15C2-6780-49c1-B296-503230E9DE00}" = Die Sims™ 2 Villen- und Garten-Accessoires
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8e584a1b-90d7-4add-93e0-fe4b4ac5f57f}" = Nero 9 Lite
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB938897-211A-4999-9749-236D2E8E464A}" = NETGEAR WPN311 Wireless Adapter
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C69405BB-27AF-4940-B3DA-04910B4DFD23}_is1" = aTube Catcher 1.0
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"Easy-Shutdown" = Easy-Shutdown 1.3
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Furnish Pro" = Furnish Pro
"ICQToolbar" = ICQ Toolbar
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{AB938897-211A-4999-9749-236D2E8E464A}" = NETGEAR WPN311 Wireless Adapter
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"NVIDIA Drivers" = NVIDIA Drivers
"PartyPoker" = PartyPoker
"PhotoScape" = PhotoScape
"Pixie_is1" = Pixie 1.4.1
"PunkBusterSvc" = PunkBuster Services
"TeamViewer 5" = TeamViewer 5
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"CreepSmash.com" = CreepSmash.com
"Winamp Detect" = Winamp Detector Plug-in
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
--- --- ---
OTL.txt vom OTL
OTL Logfile: Code:
OTL logfile created on: 28.04.2011 14:22:18 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Melanie\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,17 Gb Total Space | 417,76 Gb Free Space | 72,51% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 3,26 Gb Free Space | 16,28% Space Free | Partition Type: FAT32
Drive F: | 931,28 Gb Total Space | 925,00 Gb Free Space | 99,32% Space Free | Partition Type: FAT32
Computer Name: MELANIE-PC | User Name: Melanie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Melanie\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\kmQvQcUSBfWiJhv.exe (WinTrust)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\NETGEAR\WPN311\wlancfg5.exe ()
PRC - C:\Windows\System32\attrib.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Users\Melanie\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (athr) -- C:\Windows\System32\drivers\WPN311.sys (Atheros Communications, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "GMX Suche"
FF - prefs.js..browser.search.order.2: "WEB.DE Suche"
FF - prefs.js..browser.search.order.3: "1und1 Suche"
FF - prefs.js..browser.search.order.4: "amazon.de"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.8
FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.7.0190
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.23.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.8&q="
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.24 13:50:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 13:50:34 | 000,000,000 | ---D | M]
[2009.10.03 12:42:09 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Melanie\AppData\Roaming\mozilla\Extensions
[2011.04.28 13:18:32 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\i7r6xtxa.default\extensions
[2010.04.28 13:30:09 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\i7r6xtxa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.28 10:41:12 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\i7r6xtxa.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.03.21 14:13:10 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\i7r6xtxa.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.02.02 13:28:42 | 000,000,000 | -H-D | M] (Update Notifier) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\i7r6xtxa.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010.01.29 15:14:12 | 000,000,000 | -H-D | M] (DVDVideoSoft Toolbar) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\i7r6xtxa.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.07.07 15:50:48 | 000,000,000 | -H-D | M] (Battlefield Heroes Updater) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\i7r6xtxa.default\extensions\battlefieldheroespatcher@ea.com
[2011.04.23 18:24:02 | 000,000,000 | -H-D | M] ("DAEMON Tools Toolbar") -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\i7r6xtxa.default\extensions\DTToolbar@toolbarnet.com
[2011.03.31 09:05:29 | 000,000,000 | -H-D | M] (Nero Toolbar) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\i7r6xtxa.default\extensions\toolbar@ask.com
[2010.01.29 20:15:26 | 000,000,881 | -H-- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\i7r6xtxa.default\searchplugins\conduit.xml
[2010.06.06 12:46:11 | 000,002,059 | -H-- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\i7r6xtxa.default\searchplugins\daemon-search.xml
[2011.04.23 01:18:13 | 000,000,950 | -H-- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\i7r6xtxa.default\searchplugins\icqplugin-1.xml
[2010.11.09 16:48:26 | 000,000,950 | -H-- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\i7r6xtxa.default\searchplugins\icqplugin-10.xml
[2011.01.24 17:50:48 | 000,000,950 | -H-- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\i7r6xtxa.default\searchplugins\icqplugin-11.xml
[2011.03.16 09:11:58 | 000,000,950 | -H-- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\i7r6xtxa.default\searchplugins\icqplugin-12.xml
[2011.03.24 13:50:47 | 000,000,950 | -H-- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\i7r6xtxa.default\searchplugins\icqplugin-13.xml
[2011.04.01 09:28:54 | 000,000,950 | -H-- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\i7r6xtxa.default\searchplugins\icqplugin-14.xml
[2010.01.29 20:16:03 | 000,000,961 | -H-- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\i7r6xtxa.default\searchplugins\icqplugin-2.xml
[2010.02.24 19:59:33 | 000,000,950 | -H-- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\i7r6xtxa.default\searchplugins\icqplugin-3.xml
[2010.04.07 12:45:35 | 000,000,950 | -H-- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\i7r6xtxa.default\searchplugins\icqplugin-4.xml
[2010.06.06 12:55:32 | 000,000,950 | -H-- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\i7r6xtxa.default\searchplugins\icqplugin-5.xml
[2010.07.06 10:14:52 | 000,000,950 | -H-- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\i7r6xtxa.default\searchplugins\icqplugin-6.xml
[2010.08.01 14:47:19 | 000,000,950 | -H-- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\i7r6xtxa.default\searchplugins\icqplugin-7.xml
[2010.10.05 09:30:07 | 000,000,950 | -H-- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\i7r6xtxa.default\searchplugins\icqplugin-8.xml
[2010.10.28 16:23:31 | 000,000,950 | -H-- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\i7r6xtxa.default\searchplugins\icqplugin-9.xml
[2010.05.12 18:40:06 | 000,001,042 | -H-- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\i7r6xtxa.default\searchplugins\icqplugin.xml
[2010.06.21 20:27:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.10.27 22:49:06 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.02.02 13:28:15 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Programme\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010.02.02 13:28:14 | 000,000,000 | ---D | M] (GMX Firefox Addon) -- C:\Programme\Mozilla Firefox\extensions\{C473DC2B-895F-4E11-B8BF-FF28DFD62829}
[2009.10.03 13:59:23 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009.12.02 12:48:00 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.03.23 21:02:50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2011.03.16 09:11:34 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.16 09:11:34 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.16 09:11:34 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.16 09:11:34 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.16 09:11:34 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [kmQvQcUSBfWiJhv] C:\ProgramData\kmQvQcUSBfWiJhv.exe (WinTrust)
O4 - Startup: C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{63b1e644-afb2-11de-9d56-dccde4ff10c9}\Shell\AutoRun\command - "" = rundll32.exe url,FileProtocolHandler library.htm
O33 - MountPoints2\{b31016e5-7159-11df-b5ad-406186022260}\Shell - "" = AutoRun
O33 - MountPoints2\{b31016e5-7159-11df-b5ad-406186022260}\Shell\AutoRun\command - "" = G:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.04.28 14:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.04.28 14:07:31 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.04.28 13:41:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\WindowsSearch
[2011.04.28 13:27:18 | 000,000,000 | -H-D | C] -- C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.04.28 13:20:47 | 000,573,440 | -H-- | C] (WinTrust) -- C:\ProgramData\kmQvQcUSBfWiJhv.exe
[2011.04.28 10:43:34 | 000,000,000 | -H-D | C] -- C:\Users\Melanie\AppData\Local\Yahoo
[2011.04.28 10:41:19 | 000,000,000 | -H-D | C] -- C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserPlus
[2011.04.28 10:41:16 | 000,000,000 | -H-D | C] -- C:\Users\Melanie\AppData\Local\Yahoo!
[2011.04.28 10:40:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\Yahoo! Companion
[2011.04.28 10:40:55 | 000,000,000 | -H-D | C] -- C:\Users\Melanie\AppData\Roaming\Yahoo!
[2011.04.28 10:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2011.04.28 10:40:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\Yahoo!
[2011.04.28 10:35:27 | 000,000,000 | ---D | C] -- C:\Programme\Yahoo!
[2011.04.27 11:47:58 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011.04.27 11:47:58 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011.04.26 12:00:48 | 000,000,000 | ---D | C] -- C:\Programme\Easy-Shutdown
[2011.04.26 12:00:45 | 000,000,000 | ---D | C] -- C:\Windows\uninstall
[2011.04.14 15:37:16 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.14 15:37:16 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.14 15:37:13 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.14 15:37:12 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.14 15:37:09 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.14 15:37:06 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.14 15:37:05 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.14 15:37:05 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.14 15:37:05 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.14 15:37:05 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.14 15:37:05 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.14 15:37:05 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.04.14 15:37:05 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.14 15:37:05 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011.04.14 15:37:05 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.14 15:36:58 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.14 15:36:56 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.14 15:36:55 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.04.28 14:25:43 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.28 14:25:43 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.28 14:25:43 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.28 14:25:42 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.28 14:18:51 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.28 14:18:51 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.28 14:18:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.28 14:18:41 | 3220,463,616 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.28 13:53:59 | 000,000,680 | -H-- | M] () -- C:\Users\Melanie\AppData\Local\d3d9caps.dat
[2011.04.28 13:27:19 | 000,000,184 | -H-- | M] () -- C:\ProgramData\~38592264
[2011.04.28 13:27:19 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~38592264r
[2011.04.28 13:27:11 | 000,000,336 | -H-- | M] () -- C:\ProgramData\38592264
[2011.04.28 13:27:07 | 000,032,061 | -H-- | M] () -- C:\ProgramData\nvModes.dat
[2011.04.28 13:27:07 | 000,032,061 | -H-- | M] () -- C:\ProgramData\nvModes.001
[2011.04.28 13:20:47 | 000,573,440 | -H-- | M] (WinTrust) -- C:\ProgramData\kmQvQcUSBfWiJhv.exe
[2011.04.26 12:00:48 | 000,001,756 | -H-- | M] () -- C:\Users\Melanie\Desktop\Easy-Shutdown.lnk
[2011.04.19 17:50:33 | 000,394,400 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.04.28 13:55:15 | 3220,463,616 | -HS- | C] () -- C:\hiberfil.sys
[2011.04.28 13:27:19 | 000,000,184 | -H-- | C] () -- C:\ProgramData\~38592264
[2011.04.28 13:27:19 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~38592264r
[2011.04.28 13:27:11 | 000,000,336 | -H-- | C] () -- C:\ProgramData\38592264
[2011.04.26 12:00:48 | 000,001,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy-Shutdown.lnk
[2011.04.26 12:00:48 | 000,001,756 | -H-- | C] () -- C:\Users\Melanie\Desktop\Easy-Shutdown.lnk
[2010.07.07 16:18:47 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.07.07 16:18:47 | 000,138,056 | -H-- | C] () -- C:\Users\Melanie\AppData\Roaming\PnkBstrK.sys
[2010.07.07 16:18:25 | 000,215,016 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.07.07 16:18:23 | 002,427,248 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe
[2010.07.07 16:18:23 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009.10.04 15:13:34 | 000,009,216 | -H-- | C] () -- C:\Users\Melanie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.04 15:07:41 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.10.04 15:07:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.10.03 03:01:04 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009.10.03 02:36:56 | 000,032,061 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2009.10.03 02:36:55 | 000,032,061 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2009.10.03 02:22:33 | 000,000,680 | -H-- | C] () -- C:\Users\Melanie\AppData\Local\d3d9caps.dat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.01.21 09:15:58 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,126,248 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,394,400 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
< End of report >
--- --- ---
wie gehts nun weiter ? CCL oder wie das heißt ist schon drüber gelaufen
Bericht nach Scan und löschen von 4 gefundenen Dateien Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
Datenbank Version: 6463
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
28.04.2011 14:55:16
mbam-log-2011-04-28 (14-55-16).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 147733
Laufzeit: 13 Minute(n), 23 Sekunde(n)
Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
c:\programdata\kmqvqcusbfwijhv.exe (Trojan.FakeAlert) -> 4000 -> Unloaded process successfully.
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kmQvQcUSBfWiJhv (Trojan.FakeAlert) -> Value: kmQvQcUSBfWiJhv -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\programdata\kmqvqcusbfwijhv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Melanie\downloads\stressreducer.exe (Joke.Stressreducer) -> Quarantined and deleted successfully.
| hoppla 2x abgeschickt |
