| |
| |||||||
Log-Analyse und Auswertung: Ädliche Malware, Backdoor und TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
01.07.2010, 15:04
| #1 |
| |  Ädliche Malware, Backdoor und Trojaner Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:03:54, on 01.07.2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18470) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Windows\PLFSetI.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Apoint2K\HidFind.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Users\MAXSTO~1\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Users\Ma\AppData\Local\Temp\dispdrv.exe C:\Program Files\ICQ7.0\ICQ.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe C:\Windows\system32\wbem\unsecapp.exe C:\Users\Mer\Documents\ICQ\562181267\ReceivedFiles\594409524 Frank Wendel\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1009&m=aspire_7735 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1351351 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1009&m=aspire_7735 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1009&m=aspire_7735 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://de.search.yahoo.com/search?fr=mcafee&p=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: Softonic VLC DE Toolbar - {64577f6f-8a9d-413a-b4c8-d080d6aeaf88} - C:\Program Files\Softonic_VLC_DE\tbSoft.dll R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll R3 - URLSearchHook: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Softonic VLC DE Toolbar - {64577f6f-8a9d-413a-b4c8-d080d6aeaf88} - C:\Program Files\Softonic_VLC_DE\tbSoft.dll O2 - BHO: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: Softonic VLC DE Toolbar - {64577f6f-8a9d-413a-b4c8-d080d6aeaf88} - C:\Program Files\Softonic_VLC_DE\tbSoft.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKLM\..\RunOnce: [CleanSetup] cmd /C rmdir /S /Q "C:\Users\Max Stoiber\AppData\Local\Temp\nro.tmp\" O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [svchost] C:\Users\Max Stoiber\AppData\Roaming:svchost.exe O4 - HKCU\..\Run: [Display Driver] C:\Users\MAXSTO~1\AppData\Local\Temp\dispdrv.exe O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4 O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Startup: Orion.lnk = C:\Program Files\Convesoft\Orion\Messenger.exe O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: QQ - C:\Program Files\Tencent\QQIntl\Bin\AddEmotion.htm O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- End of file - 12830 bytes OTL Extras logfile created on: 01.07.2010 15:05:54 - Run 1 OTL by OldTimer - Version 3.2.6.1 Folder = C:\Users\Mr\Documents\ICQ\562181267\ReceivedFiles\594409524 Frank Wendel Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,99 Gb Total Space | 288,53 Gb Free Space | 63,27% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MAXSTOIBER-PC Current User Name: Max Stoiber Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03AEC8E8-63BA-4818-A652-AABB80F2840B}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{0619C69C-4CA3-4CE1-9ECB-66C86DC03076}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{0AB39ED3-05CC-41B6-B1CC-FFF4E0C4AC0E}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{111DF0F0-8196-41D2-86B7-B74D7F0CF43B}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | "{20681AC6-81C8-47AF-913F-B3323FEECB76}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | "{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{56D8337B-B3CF-4916-A06B-598597283E64}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{69D3D790-EC68-4F70-B9EA-F8F5D1266E26}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | "{6E3A109D-AC1A-485F-800A-32582D09EFA8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{7C991EA6-E962-47E9-AC00-044EA29F179A}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | "{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{8EEC2F4A-7ACF-4B34-BC2F-022CA365AA9F}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{972D0B0B-A8CE-4F04-87D8-6D055421AB5A}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | "{9C48FAC4-4957-4B0C-8FA2-AF5C18D1C0D4}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{9EE3FB8C-45EA-4C7B-8102-7ACE4913BEB2}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | "{A84E7203-6E90-462F-A71B-31BCAA39DB42}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{B2E0647C-99CA-4179-8883-7BCB77770287}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | "{BEA626B6-140C-4DC4-AD06-572D004D03BF}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{C43596D4-29FD-49CA-A145-63C6E39030BA}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | "{D22D7F9F-F7D7-4B97-88FF-FBC53E22E1F6}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{F75D7E87-9A1C-4ABD-A054-78B5E5BC50F0}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{056B935A-A03D-D0D8-4CE0-B4B337753156}" = CCC Help Chinese Standard "{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51 "{0C362375-1FE0-98C0-2C57-F4D772B8A759}" = Catalyst Control Center Graphics Full New "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20 "{2C973B8B-1BB3-358B-250C-336C81A1926E}" = CCC Help Polish "{2F2B002A-8BF5-DF1E-6D36-7900B6F868DE}" = ATI Catalyst Install Manager "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode "{360872CE-7A87-A4EE-AF69-EF73E5695D40}" = ccc-utility "{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3CCB314A-B67C-82D0-1CC6-6BC4AE6D053E}" = Catalyst Control Center InstallProxy "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager "{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision "{45416928-B205-9812-2065-5794D5AC7338}" = CCC Help French "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{53E12B77-A8AC-1A15-7690-FAA711AA0B50}" = CCC Help Portuguese "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{5A64A288-025C-F952-E4E3-12FA6596922F}" = CCC Help Chinese Traditional "{5D3A59B1-2BBF-66AF-3B5F-FC5BAA42F817}" = CCC Help Italian "{5F19F78E-274D-8E5C-C49E-2ED722ACF70A}" = CCC Help German "{6078A803-C98F-1F95-CEF7-0132621E6072}" = CCC Help Japanese "{6234F3C6-F8EF-39FB-AE15-0B88E88B79F0}" = CCC Help Greek "{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A0D64D0-CDF4-9C65-A053-6EC86AEB43CC}" = ccc-core-static "{6A905715-6991-3517-5F04-4392FC18DB76}" = Catalyst Control Center Graphics Previews Vista "{6EAA466F-6F35-F3B7-60B9-3D6DCA97EE02}" = Catalyst Control Center Localization All "{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{742A17A1-8AA4-4DCE-C881-557AC4EB793D}" = CCC Help Spanish "{75212523-6E47-BF0F-20FF-B65E940A5DDD}" = CCC Help English "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}" = Cradle of Rome "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112270203}" = Dream Day Wedding "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113056167}" = Dream Day Honeymoon "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115443300}" = Cooking Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977}" = Parking Dash "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7 "{940F9DF4-A790-EAE9-A4B1-B9F96D3C8CC9}" = CCC Help Finnish "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{979FCA90-1FA4-482F-0001-393419DB8F1B}" = MyTube HD 4.0 "{97BA7028-6FE4-58B5-F254-48C12AA3FBBD}" = CCC Help Swedish "{987381F2-AA18-EF9C-9DDA-4D403FD7F3E2}" = CCC Help Turkish "{99C85B2D-DFA4-5704-9A4C-396DDB5C6F1F}" = CCC Help Thai "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller "{9E6B5AEA-C8EC-916B-FDFA-91F1274CD695}" = Skins "{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{A025CFB8-64E7-4432-824F-11E7C5ED2ECE}_is1" = Artweaver 1.0 "{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor "{A75C2F92-28EC-FE11-3818-81578F3E9596}" = CCC Help Norwegian "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA9732EB-64DD-DBA5-DFC1-705E64D3FB18}" = CCC Help Russian "{AAE19E03-87A5-6937-F7D7-6806C5FD1D89}" = Catalyst Control Center Graphics Light "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{B15E1629-4B8C-FC02-1118-35034C235F0D}" = CCC Help Korean "{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{BE0EC61A-02BF-E3E1-D7A8-3DDB7B58FBDF}" = PX Profile Update "{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun "{C10DD83A-CB15-DD3A-FE29-89433A68F55D}" = CCC Help Dutch "{c18746ef-6ebc-4b8b-ad14-d39e0d1dc7af}" = Nero 9 Trial "{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM "{D0F3E75D-6BE1-E974-2A8E-A449D3374FDB}" = Catalyst Control Center Graphics Full Existing "{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration "{E24DBA75-5452-C0A1-4FF3-CB38F8245919}" = CCC Help Czech "{E430067C-7254-40B6-A8F8-5EEF57A68F1A}" = Catalyst Control Center - Branding "{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit "{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin (NO23 Edition) 2.0 "{E86CA8CF-F42D-9569-B2ED-5E6A0F591EA5}" = CCC Help Hungarian "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget "{F557AF38-AB37-84A8-0148-C53B5F870373}" = CCC Help Danish "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "{FF7027C7-B001-A144-C83B-03618745E975}" = Catalyst Control Center Core Implementation "Acer Screensaver" = Acer ScreenSaver "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Agere Systems Soft Modem" = Agere Systems HDA Modem "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode) "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar "Google Desktop" = Google Desktop "GridVista" = Acer GridVista "ICQToolbar" = ICQ Toolbar "Icy Tower v1.4_is1" = Icy Tower v1.4 "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6) "MWSnap 3" = MWSnap 3 "Picasa 3" = Picasa 3 "Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar "Softonic_VLC_DE Toolbar" = Softonic_VLC_DE Toolbar "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.0.5 ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > OTL Extras logfile created on: 01.07.2010 15:05:54 - Run 1 OTL by OldTimer - Version 3.2.6.1 Folder = C:\Users\Mr\Documents\ICQ\562181267\ReceivedFiles\594409524 Frank Wendel Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,99 Gb Total Space | 288,53 Gb Free Space | 63,27% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MAXSTOIBER-PC Current User Name: Max Stoiber Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03AEC8E8-63BA-4818-A652-AABB80F2840B}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{0619C69C-4CA3-4CE1-9ECB-66C86DC03076}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{0AB39ED3-05CC-41B6-B1CC-FFF4E0C4AC0E}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{111DF0F0-8196-41D2-86B7-B74D7F0CF43B}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | "{20681AC6-81C8-47AF-913F-B3323FEECB76}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | "{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{56D8337B-B3CF-4916-A06B-598597283E64}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{69D3D790-EC68-4F70-B9EA-F8F5D1266E26}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | "{6E3A109D-AC1A-485F-800A-32582D09EFA8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{7C991EA6-E962-47E9-AC00-044EA29F179A}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | "{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{8EEC2F4A-7ACF-4B34-BC2F-022CA365AA9F}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{972D0B0B-A8CE-4F04-87D8-6D055421AB5A}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | "{9C48FAC4-4957-4B0C-8FA2-AF5C18D1C0D4}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{9EE3FB8C-45EA-4C7B-8102-7ACE4913BEB2}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | "{A84E7203-6E90-462F-A71B-31BCAA39DB42}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{B2E0647C-99CA-4179-8883-7BCB77770287}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | "{BEA626B6-140C-4DC4-AD06-572D004D03BF}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{C43596D4-29FD-49CA-A145-63C6E39030BA}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | "{D22D7F9F-F7D7-4B97-88FF-FBC53E22E1F6}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{F75D7E87-9A1C-4ABD-A054-78B5E5BC50F0}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{056B935A-A03D-D0D8-4CE0-B4B337753156}" = CCC Help Chinese Standard "{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51 "{0C362375-1FE0-98C0-2C57-F4D772B8A759}" = Catalyst Control Center Graphics Full New "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20 "{2C973B8B-1BB3-358B-250C-336C81A1926E}" = CCC Help Polish "{2F2B002A-8BF5-DF1E-6D36-7900B6F868DE}" = ATI Catalyst Install Manager "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode "{360872CE-7A87-A4EE-AF69-EF73E5695D40}" = ccc-utility "{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3CCB314A-B67C-82D0-1CC6-6BC4AE6D053E}" = Catalyst Control Center InstallProxy "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager "{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision "{45416928-B205-9812-2065-5794D5AC7338}" = CCC Help French "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{53E12B77-A8AC-1A15-7690-FAA711AA0B50}" = CCC Help Portuguese "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{5A64A288-025C-F952-E4E3-12FA6596922F}" = CCC Help Chinese Traditional "{5D3A59B1-2BBF-66AF-3B5F-FC5BAA42F817}" = CCC Help Italian "{5F19F78E-274D-8E5C-C49E-2ED722ACF70A}" = CCC Help German "{6078A803-C98F-1F95-CEF7-0132621E6072}" = CCC Help Japanese "{6234F3C6-F8EF-39FB-AE15-0B88E88B79F0}" = CCC Help Greek "{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A0D64D0-CDF4-9C65-A053-6EC86AEB43CC}" = ccc-core-static "{6A905715-6991-3517-5F04-4392FC18DB76}" = Catalyst Control Center Graphics Previews Vista "{6EAA466F-6F35-F3B7-60B9-3D6DCA97EE02}" = Catalyst Control Center Localization All "{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{742A17A1-8AA4-4DCE-C881-557AC4EB793D}" = CCC Help Spanish "{75212523-6E47-BF0F-20FF-B65E940A5DDD}" = CCC Help English "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}" = Cradle of Rome "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112270203}" = Dream Day Wedding "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113056167}" = Dream Day Honeymoon "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115443300}" = Cooking Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977}" = Parking Dash "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7 "{940F9DF4-A790-EAE9-A4B1-B9F96D3C8CC9}" = CCC Help Finnish "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{979FCA90-1FA4-482F-0001-393419DB8F1B}" = MyTube HD 4.0 "{97BA7028-6FE4-58B5-F254-48C12AA3FBBD}" = CCC Help Swedish "{987381F2-AA18-EF9C-9DDA-4D403FD7F3E2}" = CCC Help Turkish "{99C85B2D-DFA4-5704-9A4C-396DDB5C6F1F}" = CCC Help Thai "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller "{9E6B5AEA-C8EC-916B-FDFA-91F1274CD695}" = Skins "{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{A025CFB8-64E7-4432-824F-11E7C5ED2ECE}_is1" = Artweaver 1.0 "{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor "{A75C2F92-28EC-FE11-3818-81578F3E9596}" = CCC Help Norwegian "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA9732EB-64DD-DBA5-DFC1-705E64D3FB18}" = CCC Help Russian "{AAE19E03-87A5-6937-F7D7-6806C5FD1D89}" = Catalyst Control Center Graphics Light "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{B15E1629-4B8C-FC02-1118-35034C235F0D}" = CCC Help Korean "{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{BE0EC61A-02BF-E3E1-D7A8-3DDB7B58FBDF}" = PX Profile Update "{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun "{C10DD83A-CB15-DD3A-FE29-89433A68F55D}" = CCC Help Dutch "{c18746ef-6ebc-4b8b-ad14-d39e0d1dc7af}" = Nero 9 Trial "{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM "{D0F3E75D-6BE1-E974-2A8E-A449D3374FDB}" = Catalyst Control Center Graphics Full Existing "{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration "{E24DBA75-5452-C0A1-4FF3-CB38F8245919}" = CCC Help Czech "{E430067C-7254-40B6-A8F8-5EEF57A68F1A}" = Catalyst Control Center - Branding "{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit "{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin (NO23 Edition) 2.0 "{E86CA8CF-F42D-9569-B2ED-5E6A0F591EA5}" = CCC Help Hungarian "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget "{F557AF38-AB37-84A8-0148-C53B5F870373}" = CCC Help Danish "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "{FF7027C7-B001-A144-C83B-03618745E975}" = Catalyst Control Center Core Implementation "Acer Screensaver" = Acer ScreenSaver "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Agere Systems Soft Modem" = Agere Systems HDA Modem "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode) "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar "Google Desktop" = Google Desktop "GridVista" = Acer GridVista "ICQToolbar" = ICQ Toolbar "Icy Tower v1.4_is1" = Icy Tower v1.4 "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6) "MWSnap 3" = MWSnap 3 "Picasa 3" = Picasa 3 "Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar "Softonic_VLC_DE Toolbar" = Softonic_VLC_DE Toolbar "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.0.5 ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > OTL logfile created on: 01.07.2010 15:53:26 - Run 2 OTL by OldTimer - Version 3.2.6.1 Folder = C:\Users\Max Stoiber\Documents\ICQ\562181267\ReceivedFiles\594409524 Frank Wendel Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,99 Gb Total Space | 288,52 Gb Free Space | 63,27% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MAXSTOIBER-PC Current User Name: Max Stoiber Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\ax Str\Documents\ICQ\562181267\ReceivedFiles\594409524 Frank Wendel\OTL.exe (OldTimer Tools) PRC - C:\Users\Mer\Documents\ICQ\562181267\ReceivedFiles\594409524 Frank Wendel\HiJackThis204.exe (Trend Micro Inc.) PRC - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Users\Max Stoiber\AppData\Local\Temp\dispdrv.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google) PRC - C:\Users\MAXSTO~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Max Stoiber\Documents\ICQ\562181267\ReceivedFiles\594409524 Frank Wendel\OTL.exe (OldTimer Tools) MOD - C:\Programme\Acer\Acer PowerSmart Manager\SysHook.dll (Acer Incorporated) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (GoogleDesktopManager-110309-193829) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.) SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (NSCIRDA) -- C:\Windows\System32\drivers\nscirda.sys (National Semiconductor Corporation) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1009&m=aspire_7735 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1009&m=aspire_7735 IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {64577f6f-8a9d-413a-b4c8-d080d6aeaf88} - C:\Programme\Softonic_VLC_DE\tbSoft.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1009&m=aspire_7735 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1351351 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {64577f6f-8a9d-413a-b4c8-d080d6aeaf88} - C:\Programme\Softonic_VLC_DE\tbSoft.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.4.4.118 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2 FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.0 FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.6.0.15 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220 FF - prefs.js..keyword.URL: "hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=DVSV5&o=15012&locale=de_DE&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.28 16:55:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.28 16:55:51 | 000,000,000 | ---D | M] [2009.11.06 14:00:37 | 000,000,000 | ---D | M] -- C:\Users\Maxer\AppData\Roaming\mozilla\Extensions [2010.06.30 21:25:58 | 000,000,000 | ---D | M] -- C:\Users\Maiber\AppData\Roaming\mozilla\Firefox\Profiles\vw9jvir6.default\extensions [2009.11.10 21:57:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Max Stoiber\AppData\Roaming\mozilla\Firefox\Profiles\vw9jvir6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.17 17:29:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Max Stoiber\AppData\Roaming\mozilla\Firefox\Profiles\vw9jvir6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009.12.17 16:55:28 | 000,000,000 | ---D | M] (Softonic VLC DE Toolbar) -- C:\Users\Max Stoiber\AppData\Roaming\mozilla\Firefox\Profiles\vw9jvir6.default\extensions\{64577f6f-8a9d-413a-b4c8-d080d6aeaf88} [2010.06.13 18:38:56 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Users\Max Stoiber\AppData\Roaming\mozilla\Firefox\Profiles\vw9jvir6.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} [2010.02.19 13:47:22 | 000,000,000 | ---D | M] (kikin plugin (NO23 Edition)) -- C:\Users\Max Stoiber\AppData\Roaming\mozilla\Firefox\Profiles\vw9jvir6.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2010.01.07 23:10:45 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Max Stoiber\AppData\Roaming\mozilla\Firefox\Profiles\vw9jvir6.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2010.06.05 21:05:12 | 000,000,000 | ---D | M] -- C:\Users\Max Stoiber\AppData\Roaming\mozilla\Firefox\Profiles\vw9jvir6.default\extensions\toolbar@ask.com [2010.06.30 21:33:38 | 000,002,385 | ---- | M] () -- C:\Users\Max Stoiber\AppData\Roaming\Mozilla\FireFox\Profiles\vw9jvir6.default\searchplugins\askcom.xml [2010.04.21 12:07:14 | 000,000,935 | ---- | M] () -- C:\Users\Max Stoiber\AppData\Roaming\Mozilla\FireFox\Profiles\vw9jvir6.default\searchplugins\conduit.xml [2010.01.08 16:11:25 | 000,000,694 | ---- | M] () -- C:\Users\Max Stoiber\AppData\Roaming\Mozilla\FireFox\Profiles\vw9jvir6.default\searchplugins\icq-search.xml [2010.03.09 22:57:30 | 000,000,961 | ---- | M] () -- C:\Users\Max Stoiber\AppData\Roaming\Mozilla\FireFox\Profiles\vw9jvir6.default\searchplugins\icqplugin-1.xml [2010.03.31 14:50:01 | 000,000,950 | ---- | M] () -- C:\Users\Max Stoiber\AppData\Roaming\Mozilla\FireFox\Profiles\vw9jvir6.default\searchplugins\icqplugin-2.xml [2010.04.02 23:46:02 | 000,000,950 | ---- | M] () -- C:\Users\Max Stoiber\AppData\Roaming\Mozilla\FireFox\Profiles\vw9jvir6.default\searchplugins\icqplugin-3.xml [2010.06.05 21:59:11 | 000,000,950 | ---- | M] () -- C:\Users\Max Stoiber\AppData\Roaming\Mozilla\FireFox\Profiles\vw9jvir6.default\searchplugins\icqplugin-4.xml [2010.06.28 16:56:08 | 000,000,950 | ---- | M] () -- C:\Users\Max Stoiber\AppData\Roaming\Mozilla\FireFox\Profiles\vw9jvir6.default\searchplugins\icqplugin-5.xml [2008.03.31 13:52:00 | 000,000,168 | ---- | M] () -- C:\Users\Max Stoiber\AppData\Roaming\Mozilla\FireFox\Profiles\vw9jvir6.default\searchplugins\icqplugin.gif [2008.03.31 13:52:00 | 000,000,618 | ---- | M] () -- C:\Users\Max Stoiber\AppData\Roaming\Mozilla\FireFox\Profiles\vw9jvir6.default\searchplugins\icqplugin.src [2008.07.10 14:07:28 | 000,000,944 | ---- | M] () -- C:\Users\Max Stoiber\AppData\Roaming\Mozilla\FireFox\Profiles\vw9jvir6.default\searchplugins\icqplugin.xml [2010.06.17 17:27:50 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.03.09 22:48:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.06.12 23:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.06.17 17:27:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.06.17 17:27:26 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.03.31 14:49:40 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.31 14:49:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.31 14:49:40 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.15 20:13:43 | 000,002,027 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\McSiteAdvisor.xml [2010.03.31 14:49:40 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.31 14:49:40 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Softonic VLC DE Toolbar) - {64577f6f-8a9d-413a-b4c8-d080d6aeaf88} - C:\Programme\Softonic_VLC_DE\tbSoft.dll (Conduit Ltd.) O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Softonic VLC DE Toolbar) - {64577f6f-8a9d-413a-b4c8-d080d6aeaf88} - C:\Programme\Softonic_VLC_DE\tbSoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Softonic VLC DE Toolbar) - {64577F6F-8A9D-413A-B4C8-D080D6AEAF88} - C:\Programme\Softonic_VLC_DE\tbSoft.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe File not found O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Display Driver] C:\Users\MAXSTO~1\AppData\Local\Temp\dispdrv.exe () O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - HKCU..\Run: [svchost] C:\Users\Max Stoiber\AppData\Roaming:svchost.exe File not found O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKLM..\RunOnce: [CleanSetup] File not found O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Max Stoiber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Max Stoiber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk = C:\Program Files\Convesoft\Orion\Messenger.exe File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in ) O15 - HKCU\..Trusted Ranges: GD ([http] in ) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Max Stoiber\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Max Stoiber\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.01 13:38:36 | 000,000,000 | ---D | C] -- C:\Users\Max Stoiber\AppData\Roaming\Malwarebytes [2010.07.01 13:38:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.07.01 13:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.07.01 13:38:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.07.01 13:38:28 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.06.26 11:46:21 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET [2010.06.24 14:05:21 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2010.06.24 14:05:20 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2010.06.24 14:05:16 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2010.06.24 14:05:15 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2010.06.24 14:05:15 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2010.06.24 14:04:27 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2010.06.24 14:04:27 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2010.06.24 14:04:27 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2010.06.23 14:18:50 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2010.06.23 14:18:50 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2010.06.19 21:19:12 | 000,000,000 | ---D | C] -- C:\Programme\MirandaMe [2010.06.19 21:12:53 | 000,000,000 | ---D | C] -- C:\Users\Max Stoiber\AppData\Roaming\Miranda [2010.06.19 21:11:49 | 000,000,000 | ---D | C] -- C:\Programme\Miranda IM [2010.06.17 17:29:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010.06.17 17:29:30 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java [2010.06.17 17:27:48 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.06.17 17:27:48 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.06.17 17:27:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.06.17 17:27:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.06.17 17:27:16 | 000,000,000 | ---D | C] -- C:\Programme\Java [2010.06.15 21:03:25 | 000,000,000 | ---D | C] -- C:\Users\Max Stoiber\AppData\Roaming\Avira [2010.06.15 21:02:28 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010.06.15 21:02:27 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.06.15 21:02:27 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010.06.15 21:02:27 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010.06.15 21:02:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.06.13 18:38:57 | 000,000,000 | ---D | C] -- C:\Programme\Softonic_Deutsch [2010.06.13 18:38:52 | 000,000,000 | ---D | C] -- C:\Users\Max Stoiber\AppData\Roaming\Audacity [2010.06.13 18:34:29 | 000,000,000 | ---D | C] -- C:\Programme\Audacity 1.3 Beta (Unicode) [2010.06.11 14:26:08 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2010.06.11 14:26:06 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.06.11 14:26:06 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.06.11 14:25:51 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.06.11 14:25:51 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.06.11 14:25:51 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010.06.11 14:25:50 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.06.11 14:25:50 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.06.11 14:25:50 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2010.06.11 14:25:50 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.06.11 14:25:50 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2010.06.11 14:25:50 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.06.11 14:25:50 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.06.11 14:25:49 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.06.11 14:25:37 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2010.06.11 14:25:11 | 002,036,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.06.09 17:48:03 | 000,000,000 | ---D | C] -- C:\Users\Max Stoiber\Desktop\STICK [2009.10.29 02:53:23 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2010.07.01 15:54:36 | 002,359,296 | -HS- | M] () -- C:\Users\Mar\NTUSER.DAT [2010.07.01 15:36:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.07.01 14:39:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.07.01 14:04:00 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.01 14:04:00 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.01 13:38:33 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.01 12:04:12 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.07.01 12:04:03 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.07.01 12:03:55 | 3215,908,864 | -HS- | M] () -- C:\hiberfil.sys [2010.06.30 21:45:37 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.06.30 21:45:35 | 000,524,288 | -HS- | M] () -- C:\Users\Maber\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.06.30 21:45:35 | 000,065,536 | -HS- | M] () -- C:\Users\r\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.06.30 21:32:47 | 012,426,597 | ---- | M] () -- C:\Users\Maxiber\Desktop\YouTube- Frauenarzt & Manny Marc mit Evil Hectorr , Major , Smoky , Kid Millenium , Keule Helle - Das Geht Ab (Atzen Musik Remix RMX) Juice CD#92.mp4 [2010.06.29 21:54:50 | 003,196,722 | -H-- | M] () -- C:\Users\Max oiber\AppData\Local\IconCache.db [2010.06.26 22:05:40 | 002,844,819 | ---- | M] () -- C:\Users\Max Siber\Desktop\hallo musik.mp3 [2010.06.26 11:50:34 | 001,463,378 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.06.26 11:50:34 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.06.26 11:50:34 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.06.26 11:50:34 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.06.26 11:50:34 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.06.24 16:44:37 | 000,068,871 | ---- | M] () -- C:\Users\Mtoiber\Desktop\Unbenannt1.jpg [2010.06.24 16:44:21 | 005,621,173 | ---- | M] () -- C:\Users\ax Siber\Desktop\Unbenannt1.awd [2010.06.17 17:27:21 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.06.17 17:27:21 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.06.17 17:27:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.06.17 17:27:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.06.17 14:34:10 | 000,014,197 | ---- | M] () -- C:\Users\Max Stoiber\Desktop\OpenDocument Text (neu).odt [2010.06.15 21:02:37 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.06.15 20:52:04 | 000,006,836 | ---- | M] () -- C:\Users\MStoib\AppData\Local\d3d9caps.dat [2010.06.13 18:34:39 | 000,000,855 | ---- | M] () -- C:\Users\Max Ster\Desktop\Audacity 1.3 Beta (Unicode).lnk [2010.06.12 23:02:00 | 000,310,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.06.06 20:16:55 | 000,005,736 | -HS- | M] () -- C:\Users\Max oiber\Desktop\Folder.jpg [2010.06.06 20:16:55 | 000,002,036 | -HS- | M] () -- C:\Users\Max Siber\Desktop\AlbumArtSmall.jpg [2010.06.03 20:53:35 | 004,814,889 | ---- | M] () -- C:\Users\Matoiber\Desktop\YouTube- Jason Derulo - In My Head.mp3 [2010.06.03 20:43:43 | 000,010,358 | -HS- | M] () -- C:\Users\x Stoibr\Desktop\AlbumArt_{F2B0CF27-809B-42BA-B33A-50980C39C81A}_Large.jpg [2010.06.03 20:43:38 | 000,002,746 | -HS- | M] () -- C:\Users\Ma i\Desktop\AlbumArt_{F2B0CF27-809B-42BA-B33A-50980C39C81A}_Small.jpg [2010.06.03 02:30:12 | 000,007,304 | -HS- | M] () -- C:\Users\ax Stber\Desktop\AlbumArt_{4D621087-E7DA-4A58-9AC3-76378D878C75}_Large.jpg [2010.06.03 02:29:42 | 000,001,893 | -HS- | M] () -- C:\Users\ax oiber\Desktop\AlbumArt_{4D621087-E7DA-4A58-9AC3-76378D878C75}_Small.jpg [2010.06.03 02:29:37 | 000,012,040 | -HS- | M] () -- C:\Users\M oiber\Desktop\AlbumArt_{A2730D23-9538-44BF-B354-EAE69D00E589}_Large.jpg [2010.06.03 02:29:10 | 000,003,207 | -HS- | M] () -- C:\Users\x Str\Desktop\AlbumArt_{A2730D23-9538-44BF-B354-EAE69D00E589}_Small.jpg [2010.06.03 02:28:47 | 000,011,087 | -HS- | M] () -- C:\Users\Mx oiber\Desktop\AlbumArt_{033D1EB7-074A-46D2-BA8A-17D0065BFBF3}_Large.jpg [2010.06.03 02:28:15 | 000,012,118 | -HS- | M] () -- C:\Users\ax Stber\Desktop\AlbumArt_{535EB02F-E699-4682-BA86-17BE261B2227}_Large.jpg [2010.06.03 02:27:40 | 000,002,792 | -HS- | M] () -- C:\Users\Ma oiber\Desktop\AlbumArt_{033D1EB7-074A-46D2-BA8A-17D0065BFBF3}_Small.jpg [2010.06.03 02:27:00 | 000,002,510 | -HS- | M] () -- C:\Users\Matoiber\Desktop\AlbumArt_{535EB02F-E699-4682-BA86-17BE261B2227}_Small.jpg [2010.06.03 02:26:52 | 000,007,707 | -HS- | M] () -- C:\Users\x Stber\Desktop\AlbumArt_{6BA74C58-F81B-451B-AA2E-F472DEC1E918}_Large.jpg [2010.06.03 02:26:24 | 000,001,934 | -HS- | M] () -- C:\Users\Mx Siber\Desktop\AlbumArt_{6BA74C58-F81B-451B-AA2E-F472DEC1E918}_Small.jpg [2010.06.03 02:16:33 | 000,013,868 | -HS- | M] () -- C:\Users\Matoiber\Desktop\AlbumArt_{A2109C89-D317-4E6E-8F3E-B1AF4B70177E}_Large.jpg [2010.06.03 02:16:21 | 000,003,019 | -HS- | M] () -- C:\Users\Maoiber\Desktop\AlbumArt_{A2109C89-D317-4E6E-8F3E-B1AF4B70177E}_Small.jpg [2010.06.03 02:16:20 | 000,008,440 | -HS- | M] () -- C:\Users\Matiber\Desktop\AlbumArt_{9B939490-B9D5-4598-AECD-D6F80D1EB135}_Large.jpg [2010.06.03 02:16:16 | 000,002,160 | -HS- | M] () -- C:\Users\Mar\Desktop\AlbumArt_{9B939490-B9D5-4598-AECD-D6F80D1EB135}_Small.jpg [2010.06.02 17:57:57 | 000,010,868 | -HS- | M] () -- C:\Users\Maer\Desktop\AlbumArt_{EA725ACA-26B1-4712-96DA-67A8F0B0161C}_Large.jpg [2010.06.02 17:57:41 | 000,002,483 | -HS- | M] () -- C:\Users\Mer\Desktop\AlbumArt_{EA725ACA-26B1-4712-96DA-67A8F0B0161C}_Small.jpg [2010.06.02 17:56:46 | 000,008,919 | -HS- | M] () -- C:\Users\Moiber\Desktop\AlbumArt_{3A69D5B7-C459-417D-9014-8E9DF072A390}_Large.jpg [2010.06.02 17:56:44 | 000,002,464 | -HS- | M] () -- C:\Users\Mtoiber\Desktop\AlbumArt_{3A69D5B7-C459-417D-9014-8E9DF072A390}_Small.jpg [2010.06.01 16:29:09 | 000,015,872 | ---- | M] () -- C:\Users\Matoiber\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== Files Created - No Company Name ========== [2010.07.01 13:38:33 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.01 13:20:13 | 002,844,819 | ---- | C] () -- C:\Users\Max Stoiber\Desktop\hallo musik.mp3 [2010.06.30 21:28:06 | 012,426,597 | ---- | C] () -- C:\Users\Max Stoiber\Desktop\YouTube- Frauenarzt & Manny Marc mit Evil Hectorr , Major , Smoky , Kid Millenium , Keule Helle - Das Geht Ab (Atzen Musik Remix RMX) Juice CD#92.mp4 [2010.06.24 14:45:32 | 005,621,173 | ---- | C] () -- C:\Users\Max Stoiber\Desktop\Unbenannt1.awd [2010.06.24 14:45:20 | 000,068,871 | ---- | C] () -- C:\Users\Max Stoiber\Desktop\Unbenannt1.jpg [2010.06.15 21:02:37 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.06.13 18:34:39 | 000,000,855 | ---- | C] () -- C:\Users\Maoiber\Desktop\Audacity 1.3 Beta (Unicode).lnk [2010.06.03 20:53:10 | 004,814,889 | ---- | C] () -- C:\Users\Mx Ster\Desktop\YouTube- Jason Derulo - In My Head.mp3 [2010.06.03 02:30:32 | 000,007,304 | -HS- | C] () -- C:\Users\Mber\Desktop\AlbumArt_{4D621087-E7DA-4A58-9AC3-76378D878C75}_Large.jpg [2010.06.03 02:30:32 | 000,001,893 | -HS- | C] () -- C:\Users\Mx Stoir\Desktop\AlbumArt_{4D621087-E7DA-4A58-9AC3-76378D878C75}_Small.jpg [2010.06.03 02:29:56 | 000,012,040 | -HS- | C] () -- C:\Users\Maber\Desktop\AlbumArt_{A2730D23-9538-44BF-B354-EAE69D00E589}_Large.jpg [2010.06.03 02:29:56 | 000,003,207 | -HS- | C] () -- C:\Users\Miber\Desktop\AlbumArt_{A2730D23-9538-44BF-B354-EAE69D00E589}_Small.jpg [2010.06.03 02:29:23 | 000,011,087 | -HS- | C] () -- C:\Users\ax Stber\Desktop\AlbumArt_{033D1EB7-074A-46D2-BA8A-17D0065BFBF3}_Large.jpg [2010.06.03 02:29:23 | 000,002,792 | -HS- | C] () -- C:\Users\Matoiber\Desktop\AlbumArt_{033D1EB7-074A-46D2-BA8A-17D0065BFBF3}_Small.jpg [2010.06.03 02:29:05 | 000,012,118 | -HS- | C] () -- C:\Users\Miber\Desktop\AlbumArt_{535EB02F-E699-4682-BA86-17BE261B2227}_Large.jpg [2010.06.03 02:29:05 | 000,002,510 | -HS- | C] () -- C:\Users\ax Stber\Desktop\AlbumArt_{535EB02F-E699-4682-BA86-17BE261B2227}_Small.jpg [2010.06.03 02:27:31 | 000,007,707 | -HS- | C] () -- C:\Users\Matoiber\Desktop\AlbumArt_{6BA74C58-F81B-451B-AA2E-F472DEC1E918}_Large.jpg [2010.06.03 02:27:31 | 000,001,934 | -HS- | C] () -- C:\Users\Mx Stoer\Desktop\AlbumArt_{6BA74C58-F81B-451B-AA2E-F472DEC1E918}_Small.jpg [2010.06.03 02:16:41 | 000,013,868 | -HS- | C] () -- C:\Users\Mxoiber\Desktop\AlbumArt_{A2109C89-D317-4E6E-8F3E-B1AF4B70177E}_Large.jpg [2010.06.03 02:16:41 | 000,003,019 | -HS- | C] () -- C:\Users\ax Sto\Desktop\AlbumArt_{A2109C89-D317-4E6E-8F3E-B1AF4B70177E}_Small.jpg [2010.06.03 02:16:27 | 000,008,440 | -HS- | C] () -- C:\Users\Maoiber\Desktop\AlbumArt_{9B939490-B9D5-4598-AECD-D6F80D1EB135}_Large.jpg [2010.06.03 02:16:27 | 000,002,160 | -HS- | C] () -- C:\Users\Mx Siber\Desktop\AlbumArt_{9B939490-B9D5-4598-AECD-D6F80D1EB135}_Small.jpg [2010.06.02 17:58:20 | 000,010,868 | -HS- | C] () -- C:\Users\xiber\Desktop\AlbumArt_{EA725ACA-26B1-4712-96DA-67A8F0B0161C}_Large.jpg [2010.06.02 17:58:20 | 000,002,483 | -HS- | C] () -- C:\Users\x oiber\Desktop\AlbumArt_{EA725ACA-26B1-4712-96DA-67A8F0B0161C}_Small.jpg [2010.06.02 17:56:47 | 000,008,919 | -HS- | C] () -- C:\Users\Maoiber\Desktop\AlbumArt_{3A69D5B7-C459-417D-9014-8E9DF072A390}_Large.jpg [2010.06.02 17:56:47 | 000,002,464 | -HS- | C] () -- C:\Users\Moiber\Desktop\AlbumArt_{3A69D5B7-C459-417D-9014-8E9DF072A390}_Small.jpg [2010.04.08 16:30:35 | 000,018,760 | ---- | C] () -- C:\Windows\System32\QQVistaHelper.dll [2010.03.19 14:14:16 | 000,274,432 | ---- | C] () -- C:\Windows\System32\EMRegSys.dll [2010.03.06 15:50:02 | 000,307,200 | ---- | C] () -- C:\Windows\System32\AscSQLite.dll [2009.11.06 13:40:58 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2009.11.06 13:40:58 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2009.10.29 02:41:26 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2009.10.29 02:41:26 | 000,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll [2009.03.12 12:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini [2009.02.11 22:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2009.02.11 22:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2009.02.11 22:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini [2008.09.03 21:35:58 | 000,006,144 | ---- | C] () -- C:\Windows\System32\winssl.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.05.08 18:56:44 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:CE0A077E @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:B623B5B8 < End of report > |
|
01.07.2010, 21:23
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Ädliche Malware, Backdoor und Trojaner Wo ist denn die Problembeschreibung?
__________________Ich mag es echt nicht, wenn hier Logs dem Forum zu Fraß vorgeworfen werden, die dummen Helfer können ja Deine Probleme erraten! 
__________________ |
|
02.07.2010, 12:09
| #3 |
| | Ädliche Malware, Backdoor und Trojaner ich bräuchte hilfe dabei die viren los zu werden
__________________ |
|
02.07.2010, 12:30
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ädliche Malware, Backdoor und Trojaner Dann poste auch alle relevanten Infos!! Dein virenscanner hat dir mit sicherheit verraten was genau wo gefunden wurde!! Vergiss nicht, dass du den NUBs zugestimmt hast!! Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu Ädliche Malware, Backdoor und Trojaner |
| agere systems, alternate, antivir, antivir guard, ask toolbar, ask.com, audacity, avira, backdoor, bho, components, computer, corp./icp, desktop, error, firefox.exe, flash player, google, gupdate, hijack, hijackthis, home premium, iastor.sys, install.exe, intranet, local\temp, location, logfile, malware, malwarebytes' anti-malware, mozilla, national, nvstor.sys, oldtimer, opera.exe, otl.exe, picasa, plug-in, popup, programdata, realtek, registry, saver, searchplugins, security, service pack 1, shell32.dll, softonic, softonic deutsch toolbar, software, start menu, svchost, system, tencent, tower, trojane, trojaner, vista, vlc media player, windows |
Linear-Darstellung
