Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Nichts kann geöffnet werden. Application cannot be executed. This file '... ..exe' is infected...

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 20.08.2010, 17:00   #1
needhelp!
 
Nichts kann geöffnet werden. Application cannot be executed. This file '... ..exe' is infected... - Ausrufezeichen

Nichts kann geöffnet werden. Application cannot be executed. This file '... ..exe' is infected...



hallo!

Also ich habe gerade etwas bei mir rumgesurft un dwirkich nichts runtergeladen oder so! Dann als ich ein programm öffnen wollte kam auf einmal die meldung:

Security warning

Application cannot be executed. this file '..... .exe'nis infected. Do you want to activate your antivirus software now?


Und wenn ich ja drücke, dann öffnet sich explorer mit soner seite 'antispyoem.com' wo die mir anbieten 'security suite' zu downloaden.

Wenn ich eine andere seite öffnen möchte dann geht das auch nicht, weil da steht 'this may harm your computer blah blah...'

Ich bin völlig ratlos und hab totale angst! Absolut nichts geht!!! kein programm nichts! ich musste an einen anderen pc gehen um das hier alles zu schreiben.
Ich dachte ich kann meinen PC vielleicht wiederhertellen, aber wenn ich windows normal öffne und das da versuche dann kommt da kurz das fenster und verschwinden ganz schnell wieder und nichts passiert. Wenn ich die gesicherte version öffne, dann steht da ich muss meinen computerschutz aktivieren. Wenn ich dann aaber auf 'computerschutz' gehe dann kommt da nur so ein fenster wo ich den computernamen ändern kann und so...

Ich hoffe wirklich jemand kann mir helfen! Ich bin übrigens ein mädchen und null ein pc ass, weshalb ich den nötigen fachjargon nicht verstehe. :S

Ich habe übrigens windows vista....

Ich danke schonmal im voraus!

Alt 23.08.2010, 14:15   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nichts kann geöffnet werden. Application cannot be executed. This file '... ..exe' is infected... - Standard

Nichts kann geöffnet werden. Application cannot be executed. This file '... ..exe' is infected...



Hallo und

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lies die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.



Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 23.08.2010, 18:59   #3
needhelp!
 
Nichts kann geöffnet werden. Application cannot be executed. This file '... ..exe' is infected... - Standard

Nichts kann geöffnet werden. Application cannot be executed. This file '... ..exe' is infected...



ok, malwarebytes habe ich zwar, nur das porblem ist, dass ich KEIN programm öffnen kann! ich will das als administrator ausführen,drücke dann auf 'fortsetzen' aber es passiert NICHTS! :S
__________________

Alt 23.08.2010, 19:27   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nichts kann geöffnet werden. Application cannot be executed. This file '... ..exe' is infected... - Standard

Nichts kann geöffnet werden. Application cannot be executed. This file '... ..exe' is infected...



Dann probier mal das => http://www.trojaner-board.de/72647-b...ktivieren.html

Danach kannst Du alles so ausführen, ohne Rechtsklicl als Admin ausführen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.08.2010, 20:15   #5
needhelp!
 
Nichts kann geöffnet werden. Application cannot be executed. This file '... ..exe' is infected... - Standard

Nichts kann geöffnet werden. Application cannot be executed. This file '... ..exe' is infected...



wie lange dauert so ein Malwarebytes vollscan?
der otl scan ist schon fertig. Soll ich den schonmal posten, oder bei zusammen?


Alt 23.08.2010, 20:39   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nichts kann geöffnet werden. Application cannot be executed. This file '... ..exe' is infected... - Standard

Nichts kann geöffnet werden. Application cannot be executed. This file '... ..exe' is infected...



OTL kannste schon posten
__________________
--> Nichts kann geöffnet werden. Application cannot be executed. This file '... ..exe' is infected...

Alt 23.08.2010, 20:40   #7
needhelp!
 
Nichts kann geöffnet werden. Application cannot be executed. This file '... ..exe' is infected... - Standard

Nichts kann geöffnet werden. Application cannot be executed. This file '... ..exe' is infected...



OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 23.08.2010 20:53:16 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = D:\down
Windows Vista Unlicensed product Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80,48 Gb Total Space | 10,67 Gb Free Space | 13,25% Space Free | Partition Type: NTFS
Drive D: | 152,40 Gb Total Space | 62,45 Gb Free Space | 40,98% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: VISTA
Current User Name: User
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" (Mozilla Corporation)
https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 2.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee Pro\2.0\ACDSeeQVPro2.exe" "%1" (ACD Systems)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe File not found
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L File not found
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L File not found
Drive [find] -- %SystemRoot%\Explorer.exe File not found
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07C65A3D-FAEE-43E2-BBD4-A7F44CBDD387}" = rport=139 | protocol=6 | dir=out | app=system | 
"{0F5B8266-B037-4575-A93D-1D40D9B6A915}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{120285B5-0D62-45F7-ADD3-30F46C5E55E3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{24EA7697-31E4-4770-BEF6-03108C6CE9F6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{2B38F6A6-50EE-4A08-895C-C6EFE17ABA46}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4D10F706-0D07-4478-B218-E07EF7EA29F9}" = rport=445 | protocol=6 | dir=out | app=system | 
"{503752DC-D135-4E04-AC13-6175244AAC0B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{535D9F37-21DF-4CD1-9E9D-C1AA94CFAA4E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{885FB48A-DB9A-4E55-91BD-C412A115DD8D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9E0CB375-8148-4F9B-9D96-49A3A79EFBB6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9ECDB446-B098-4A09-954C-70C406EB62EA}" = lport=3389 | protocol=6 | dir=in | app=system | 
"{E9B12C4C-D6E2-4EBD-9D25-3CC83F53EE43}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F3119F03-7F39-4A34-B7D9-50D85F6D27F4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{FEFAB1A0-9FF2-4D5A-94D4-B1331B0F57C5}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1541E1FA-4B75-4842-8F0A-301C8258F75E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{2223E90A-5D13-4FDF-AB8C-9AB9B57BBA74}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{3044C67E-EBF0-4746-AED8-FFFA8ABA67C7}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{42AF922B-01A0-4629-BE84-347E10776D5C}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{4C135D0C-537B-48C7-B978-63A6CBE03DA8}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{5447C74E-F518-4F1B-98F2-42E72809C96F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{68097587-E6BD-4A96-B916-8674EBDB99B7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{72D40B76-7EE3-470F-A14D-C65B837F6E1E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{763D9724-4AF1-4CFB-8FD6-FBFEBE13E12F}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{7E87EADA-C090-4E23-8CFA-C1F4131F02DB}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{84A6B51F-1AA3-427B-BE57-697EEBF5971F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{94AA98A4-492C-4B34-A21B-E2A9E3214808}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{A6ECE925-2DFA-4DE2-BD30-A2F162D4C328}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{BBABA7C1-F3DC-47C5-9849-B916C7511740}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C1DBCBAD-379C-4C0E-8D48-4FF5F9F7D01A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C6465534-E5F6-4BFC-9501-1341344B4C81}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe | 
"{DFF8EBDF-B427-4081-963C-4E1D2E165E38}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{F595877C-6B77-414D-B373-AF1B06FC36B3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{FE2FBEF5-8A5B-435C-8512-52F36935288A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{0AF34BBE-1757-4964-B64D-D59DEF975543}C:\program files\microsoft lifecam\lifecam.exe" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"TCP Query User{49B4D22F-EE0A-4F31-A064-DDDEAEE74D81}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe | 
"TCP Query User{A11E46CF-5E01-41D0-BC5A-428FF46D2B00}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"TCP Query User{BABF8890-7961-4AA9-8E98-F10542685F44}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{D22263CA-6E29-43FE-997C-062B66A60F12}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{E62606CB-AFED-447E-BFEE-C5D58C4BDD58}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{FDFCDB34-68F2-431E-8492-6DAD156B0B80}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{41DCE0D6-51C0-4C8C-B6CF-253125F515A0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{75044F7E-74EB-409E-90B4-46F657DAF5C8}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe | 
"UDP Query User{AA99EAF8-3740-451C-8355-C4EB7A081538}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"UDP Query User{AC3C04D4-DB6F-4C98-92D9-360D3012FB20}C:\program files\microsoft lifecam\lifecam.exe" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"UDP Query User{C70FFC7D-EB5F-41E7-AD4C-B1D7F198D9CA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{E7A9948B-16F0-4A07-BBCB-0F15019EB4F6}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{EF455280-1621-40CF-B6BE-6F63479DF0EA}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07103840-959A-4B0D-8825-2C533F0DDB19}" = Microsoft Mathe
"{08101881-FCA5-44A7-B863-D66037A16AAF}" = Microsoft Encarta 2008 – Lernen und Wissen
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis Disk Director Suite
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3248F0A8-6813-11D6-A77B-00B0D0150170}" = J2SE Runtime Environment 5.0 Update 17
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}" = ACDSee Pro 2
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53480330-E1D1-41CA-B8F8-7F78644F7F50}" = O&O Defrag Professional Edition
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56364334-9530-11D2-BFFC-00C04FA329AA}" = Microsoft Works 2000
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis True Image Home
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{726DBFE3-BE2B-4FFA-9787-D6495765CFD2}" = Microsoft LifeCam
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}" = Werkzeuge und Vorlagen für Microsoft Office
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BE282C23-5484-47FF-B2C1-EBEA5C891031}" = Nero 8
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E78FC917-C21B-11D2-99FE-00105A98B681}" = Microsoft Picture It! 2000
"{EF901A4B-A25A-4962-83C6-C6691D062ED9}" = Nero Mega Plugin Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"abuobc" = Favorit
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"AnyDVD" = AnyDVD
"Ask Toolbar_is1" = Ask Toolbar
"Ask.com Search Assistant" = Ask.com Search Assistant 1.0.1
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Diercke Globus Online" = Diercke Globus Online
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD2one V2" = DVD2one V2.2.1
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Studio_is1" = Free Studio version 4.8
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.1
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 3.1
"Free YouTube Download_is1" = Free YouTube Download 2.2
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Gadu-Gadu" = Gadu-Gadu 7.7
"Google Updater" = Google Updater
"GooglePreviewIE Toolbar" = GooglePreviewIE Toolbar
"IncrediMail" = IncrediMail Xe
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InternetGameBox" = InternetGameBox 
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (2.0)" = Mozilla Firefox (2.0)
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"Streamripper.Plugin" = Streamripper Plugin 1.62.2 (Remove only)
"TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Tattoons)
"Tobit ClipInc Server" = Tobit.Software clipinc.fx
"Totalcmd" = Total Commander (Remove or Repair)
"UltSounds" = Windows-Soundschemas
"Uninstall_is1" = Uninstall 1.0.0.1
"VistaVisualMaster" = Vista Visual Master
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar for Internet Explorer
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinGimp-2.0_is1" = GIMP 2.4.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Works2kSetup" = Microsoft Works 2000-Setup-Start
"Xvid_is1" = Xvid 1.1.3 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.10.2009 05:05:30 | Computer Name = Vista | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 28.10.2009 05:05:31 | Computer Name = Vista | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 28.10.2009 05:05:31 | Computer Name = Vista | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 28.10.2009 05:05:31 | Computer Name = Vista | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 28.10.2009 05:05:31 | Computer Name = Vista | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 28.10.2009 05:05:32 | Computer Name = Vista | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 28.10.2009 05:05:32 | Computer Name = Vista | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 30.10.2009 08:26:39 | Computer Name = Vista | Source = Google Update | ID = 20
Description = 
 
Error - 31.10.2009 07:17:32 | Computer Name = Vista | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 31.10.2009 15:14:16 | Computer Name = Vista | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ACDSeeQVPro2.exe, Version 1.1.190.0, Zeitstempel
 0x46ccdbf0, fehlerhaftes Modul ACDSeeQVPro2.exe, Version 1.1.190.0, Zeitstempel
 0x46ccdbf0, Ausnahmecode 0xc0000005, Fehleroffset 0x0005f057,  Prozess-ID 0xe78, 
Anwendungsstartzeit 01ca5a5dcf1134e6.
 
[ System Events ]
Error - 23.08.2010 13:49:12 | Computer Name = Vista | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = 
 
Error - 23.08.2010 13:49:34 | Computer Name = Vista | Source = WMPNetworkSvc | ID = 866287
Description = 
 
Error - 23.08.2010 14:32:51 | Computer Name = Vista | Source = WinDefend | ID = 1008
Description = Bei den Maßnahmen gegen Spyware und möglicherweise unerwünschte Software
 wurde von %%827 ein Fehler festgestellt.    Weitere Informationen finden Sie hier:  Encyclopedia entry: Rogue&#58;Win32&#47;FakeSpypro - Learn more about malware - Microsoft Malware Protection Center

	Überprüfungs-ID:
 {9E814F81-CF69-40BC-8B65-F70E0D2933AE}      Überprüfungstyp: %%802     Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Name:
 Rogue:Win32/FakeSpypro     ID: 136370     Schweregrad-ID: 5     Kategorie-ID: 8     Pfad:      Aktion: %%811

	Fehlercode:
 0x80508022     Fehlerbeschreibung: Sie müssen den Computer neu starten, um die Entfernung
 der Spyware oder anderer potenziell unerwünschter Software abzuschließen. 
 
Error - 23.08.2010 14:37:05 | Computer Name = Vista | Source = HTTP | ID = 15016
Description = 
 
Error - 23.08.2010 14:37:23 | Computer Name = Vista | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = 
 
Error - 23.08.2010 14:37:23 | Computer Name = Vista | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = 
 
Error - 23.08.2010 14:37:23 | Computer Name = Vista | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = 
 
Error - 23.08.2010 14:37:23 | Computer Name = Vista | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = 
 
Error - 23.08.2010 14:37:37 | Computer Name = Vista | Source = WMPNetworkSvc | ID = 866287
Description = 
 
Error - 23.08.2010 14:37:56 | Computer Name = Vista | Source = Service Control Manager | ID = 7024
Description = 
 
 
< End of report >
         
--- --- ---












OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.08.2010 20:53:16 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = D:\down
Windows Vista Unlicensed product Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80,48 Gb Total Space | 10,67 Gb Free Space | 13,25% Space Free | Partition Type: NTFS
Drive D: | 152,40 Gb Total Space | 62,45 Gb Free Space | 40,98% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: VISTA
Current User Name: User
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - File not found -- C:\Windows\System32\wininit.exe
PRC - File not found -- C:\Windows\Explorer.EXE
PRC - [2010.08.23 20:51:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\down\OTL.exe
PRC - [2010.06.19 11:12:30 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\User\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010.04.29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.02.03 16:37:57 | 000,154,112 | ---- | M] () -- C:\Programme\ImagonShared\DierckeBrowserInterface.exe
PRC - [2009.08.27 11:20:22 | 000,765,824 | ---- | M] () -- C:\Programme\SGPSA\ie3sh.exe
PRC - [2009.07.26 17:44:14 | 003,883,840 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe
PRC - [2009.05.27 10:07:48 | 002,230,024 | ---- | M] () -- C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
PRC - [2009.03.16 10:52:30 | 000,668,424 | ---- | M] (Tobit.Software) -- C:\Programme\Tobit ClipInc\Player\ClipIncTray.exe
PRC - [2008.11.25 20:33:52 | 000,315,649 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avscan.exe
PRC - [2008.10.24 18:09:39 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008.10.24 18:09:36 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2008.07.24 14:22:22 | 000,189,824 | ---- | M] (IncrediMail, Ltd.) -- C:\Programme\IncrediMail\bin\ImApp.exe
PRC - [2008.07.19 20:21:29 | 000,356,609 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avcenter.exe
PRC - [2008.07.19 20:21:29 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2008.03.21 10:21:10 | 000,091,432 | ---- | M] (cyberlink) -- C:\Programme\CyberLink\Shared Files\brs.exe
PRC - [2008.03.20 20:23:22 | 000,083,240 | ---- | M] (Cyberlink Corp.) -- C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008.03.20 12:04:46 | 002,127,296 | ---- | M] (Gadu-Gadu S.A.) -- C:\Programme\Gadu-Gadu\gg.exe
PRC - [2008.01.18 23:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.18 23:38:16 | 000,105,984 | R--- | M] () -- C:\Users\User\AppData\Roaming\sdra64.exe
PRC - [2008.01.18 23:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.18 23:33:32 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2007.12.03 11:26:02 | 000,498,792 | ---- | M] () -- C:\Programme\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2007.12.03 11:09:42 | 000,911,184 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2007.12.03 11:06:38 | 000,140,568 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2007.12.03 11:06:36 | 000,427,288 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007.12.03 11:06:08 | 002,622,104 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2007.05.23 14:00:29 | 000,351,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Lernen und Wissen\Microsoft Encarta 2008 – Lernen und Wissen DVD\EDICT.EXE
PRC - [2007.05.17 14:45:34 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe
PRC - [2007.05.11 02:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) -- C:\Windows\System32\oodag.exe
PRC - [2007.05.11 02:08:54 | 002,512,392 | ---- | M] (O&O Software GmbH) -- C:\Windows\System32\oodtray.exe
PRC - [2007.04.10 14:46:52 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2006.12.01 13:37:50 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe
PRC - [2006.10.11 10:04:59 | 007,604,331 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [1999.08.05 19:53:00 | 000,053,317 | ---- | M] (Microsoft® Corporation) -- C:\Programme\Common Files\microsoft shared\Works Shared\wkcalrem.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.08.23 20:51:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\down\OTL.exe
MOD - [2009.03.16 10:52:52 | 000,060,928 | ---- | M] (Tobit.Software) -- C:\Programme\Tobit ClipInc\Player\ChargedByClipInc.dll
MOD - [2008.05.12 12:17:32 | 000,138,216 | ---- | M] (Babylon Ltd.) -- C:\Programme\IncrediMail\bin\B4ImApp.dll
MOD - [2008.01.18 23:33:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008.01.18 23:26:36 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.05.27 10:07:48 | 002,230,024 | ---- | M] () [Auto | Running] -- C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe -- (ClipInc001)
SRV - [2008.10.24 18:09:39 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008.10.24 18:09:36 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008.04.04 22:10:06 | 000,306,432 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.20 10:41:56 | 000,029,440 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2007.12.03 11:26:02 | 000,498,792 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007.12.03 11:06:36 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007.05.17 14:45:34 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2007.05.11 02:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Windows\System32\oodag.exe -- (O&O Defrag)
SRV - [2007.03.09 16:29:44 | 002,232,296 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe -- (AcronisOSSReinstallSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009.05.27 20:28:45 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.05.27 20:28:38 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009.05.27 20:28:35 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2008.05.04 16:22:31 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.04.17 21:43:20 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.04.11 16:14:32 | 000,097,728 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2008.04.04 22:23:45 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008.04.04 22:23:45 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008.04.04 22:23:39 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008.04.04 22:23:34 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2008.02.01 17:24:04 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2008.01.18 23:41:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.18 21:53:24 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2007.11.06 20:00:00 | 008,230,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.08.07 21:48:33 | 000,025,160 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2007.04.10 14:46:54 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2006.12.06 23:31:10 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.12.06 23:31:10 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.12.01 13:38:58 | 001,655,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Lycos
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Lycos
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar
IE - HKCU\..\URLSearchHook: {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - C:\Programme\SGPSA\mtwb3sh.dll (TODO: <Company name>)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.plusnetwork.com"
FF - prefs.js..keyword.URL: "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={B6431C38-7340-EB6E-17DD-7B5D5D2CC869}&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.17 21:04:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.17 21:04:22 | 000,000,000 | ---D | M]
 
[2010.08.23 20:01:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\z6tsz743.default\extensions
[2008.04.04 22:50:20 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\z6tsz743.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009.09.11 20:08:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\z6tsz743.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.08 17:07:49 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\z6tsz743.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008.04.04 21:33:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\z6tsz743.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2010.07.18 11:22:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\z6tsz743.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2008.04.04 21:34:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\z6tsz743.default\extensions\{B5EDFBB0-9827-11DA-A72B-0800200C9A66}
[2009.11.11 22:05:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\z6tsz743.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2008.04.04 23:39:21 | 000,000,000 | ---D | M] (MediaWrap) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\z6tsz743.default\extensions\{dd68c513-9296-4b63-8d8b-8f1c991c8a48}
[2009.11.11 22:04:53 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\z6tsz743.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009.01.24 19:27:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\z6tsz743.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2008.04.04 21:34:08 | 000,000,000 | ---D | M] (GooglePreview) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\z6tsz743.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2009.04.20 17:30:58 | 000,001,681 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\FireFox\Profiles\z6tsz743.default\searchplugins\ask.uk.xml
[2009.05.30 16:42:18 | 000,001,659 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\FireFox\Profiles\z6tsz743.default\searchplugins\live-search.xml
[2008.08.17 18:53:02 | 000,002,133 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\FireFox\Profiles\z6tsz743.default\searchplugins\MyStart Search.xml
[2008.04.04 23:35:32 | 000,001,360 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\FireFox\Profiles\z6tsz743.default\searchplugins\winampsearch.xml
[2010.02.20 14:15:44 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2008.05.06 16:03:35 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008.12.14 18:51:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}
[2008.05.06 16:03:26 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org
[2006.10.11 10:04:58 | 000,061,036 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jar50.dll
[2006.10.11 10:04:59 | 000,048,742 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jsd3250.dll
[2006.10.11 10:05:03 | 000,029,313 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\myspell.dll
[2006.10.11 10:05:03 | 000,041,082 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\spellchk.dll
[2006.10.11 10:04:58 | 000,166,510 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\xpinstal.dll
[2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.08.23 20:49:02 | 000,001,963 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fast.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (GooglePreviewIE Toolbar Helper) - {D476B977-AF6C-481A-8472-2ABAB5E89F20} - C:\Programme\GooglePreviewIE Toolbar\v3.3.0.1\GooglePreviewIE_Toolbar.dll ()
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Programme\SGPSA\BHO.dll (MTWB)
O2 - BHO: (Fast Browser Search Toolbar Helper) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Programme\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKLM\..\Toolbar: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Programme\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (GooglePreviewIE Toolbar) - {AEC32322-9D72-4C55-A108-33875F07BC03} - C:\Programme\GooglePreviewIE Toolbar\v3.3.0.1\GooglePreviewIE_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Programme\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (GooglePreviewIE Toolbar) - {AEC32322-9D72-4C55-A108-33875F07BC03} - C:\Programme\GooglePreviewIE Toolbar\v3.3.0.1\GooglePreviewIE_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [FBSSA] C:\Programme\SGPSA\ie3sh.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OODefragTray] C:\Windows\System32\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ClipIncSrvTray] C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe (Tobit.Software)
O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\Run: [L08DXLRD_12760281] C:\Program Files\Microsoft Lernen und Wissen\Microsoft Encarta 2008 – Lernen und Wissen DVD\EDICT.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [userinit] C:\Users\User\AppData\Roaming\sdra64.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save YouTube Video - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Encarta Suchleiste - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Common Files\microsoft shared\Encarta Search Bar\ENCSBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} hxxp://www.eska.pl/streamplayers/OggX.ocx (OggX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1215292619 (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab (Java Plug-in 1.5.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\sdra64.exe) - C:\Windows\System32\sdra64.exe ()
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\Pictures\furry apple.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\Pictures\furry apple.jpg
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.23 20:37:25 | 000,000,000 | -HSD | C] -- C:\Windows\System32\lowsec
[2010.08.20 20:48:39 | 000,000,000 | -HSD | C] -- C:\found.000
[2010.08.20 20:41:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2010.08.20 20:41:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.20 20:41:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.20 20:41:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.20 20:41:27 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.20 16:56:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\wyjqjihvh
[2010.08.20 16:56:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Windows
[2010.08.20 16:56:11 | 000,000,000 | -HSD | C] -- C:\Users\User\AppData\Roaming\lowsec
[2010.08.20 16:56:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Windows Server
[2010.08.20 16:55:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\5BAE76BCED17FCF2706DD096BA48E61E
[2010.08.17 10:06:50 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.08.17 10:06:50 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.17 10:06:50 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.17 10:06:50 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.17 10:06:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.08.17 10:06:49 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.17 10:06:49 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.17 10:06:49 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.08.17 10:06:49 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.08.17 10:06:49 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.08.17 10:06:49 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.08.17 10:06:49 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.17 10:06:49 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.17 10:06:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.17 10:06:48 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.17 10:06:47 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.17 10:06:38 | 002,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.17 10:06:36 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.17 10:06:33 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.17 10:06:33 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.07.26 12:32:22 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2008.04.04 19:52:35 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Users\User\AppData\Local\mbr_rest.exe
[2008.04.04 19:52:35 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Users\User\AppData\Local\mbr_inst.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\User\Documents\*.tmp files -> C:\Users\User\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.23 21:00:02 | 004,980,736 | -HS- | M] () -- C:\Users\User\NTUSER.DAT
[2010.08.23 20:56:45 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4F00808B-962C-4297-BDC9-69136F5096F5}.job
[2010.08.23 20:44:40 | 001,441,294 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.23 20:44:40 | 000,626,552 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.23 20:44:40 | 000,594,026 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.23 20:44:40 | 000,125,988 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.23 20:44:40 | 000,103,840 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.23 20:39:45 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.08.23 20:37:11 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.23 20:37:04 | 000,004,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.23 20:37:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.23 20:37:03 | 000,004,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.23 20:37:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.23 20:36:58 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.23 20:36:56 | 001,095,666 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2010.08.23 20:35:47 | 000,524,288 | -HS- | M] () -- C:\Users\User\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010.08.23 20:35:47 | 000,065,536 | -HS- | M] () -- C:\Users\User\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010.08.23 20:35:14 | 003,494,989 | -H-- | M] () -- C:\Users\User\AppData\Local\IconCache.db
[2010.08.23 20:17:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-537305097-3089366844-3800902889-1000UA.job
[2010.08.23 20:11:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.21 17:43:03 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.08.21 11:17:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-537305097-3089366844-3800902889-1000Core.job
[2010.08.20 20:41:35 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.20 19:43:27 | 000,408,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.20 18:15:05 | 000,001,356 | ---- | M] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2010.08.17 09:53:56 | 000,002,039 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2010.07.30 11:05:41 | 000,207,872 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.28 23:43:30 | 000,043,585 | ---- | M] () -- C:\Users\User\Documents\diko tunning(englisch).docx
[2010.07.28 17:57:17 | 000,002,631 | ---- | M] () -- C:\Users\User\Desktop\Microsoft Office Word 2007.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\User\Documents\*.tmp files -> C:\Users\User\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.20 20:41:35 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.20 19:43:07 | 2146,754,560 | -HS- | C] () -- C:\hiberfil.sys
[2010.07.28 17:59:34 | 000,043,585 | ---- | C] () -- C:\Users\User\Documents\diko tunning(englisch).docx
[2010.03.28 08:43:49 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2009.01.20 18:51:13 | 000,283,070 | ---- | C] () -- C:\Users\User\AppData\Local\kgkac_nav.dat
[2009.01.20 18:51:13 | 000,003,271 | ---- | C] () -- C:\Users\User\AppData\Local\kgkac.dat
[2009.01.20 18:51:13 | 000,001,607 | ---- | C] () -- C:\Users\User\AppData\Local\kgkac_navps.dat
[2009.01.10 23:18:50 | 001,802,541 | ---- | C] () -- C:\Users\User\AppData\Local\ekyke_navfx.dat
[2008.09.19 23:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.09.19 23:55:10 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008.09.19 23:55:10 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008.09.19 23:54:18 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.09.14 14:00:57 | 000,000,087 | ---- | C] () -- C:\Users\User\AppData\Local\abuobc.bat
[2008.08.17 12:44:49 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2008.07.20 21:34:15 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.05.04 21:10:47 | 000,207,872 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.17 22:38:18 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.04.17 22:32:49 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2008.04.04 23:18:56 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.04.04 21:42:17 | 000,000,000 | ---- | C] () -- C:\Windows\oodcnt.INI
[2008.04.04 21:21:33 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.04.04 20:04:49 | 000,105,984 | R--- | C] () -- C:\Users\User\AppData\Roaming\sdra64.exe
[2008.04.04 20:04:48 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008.04.04 19:52:35 | 001,474,560 | ---- | C] () -- C:\Users\User\AppData\Local\vstaldr.img
[2008.04.04 19:52:35 | 000,166,876 | ---- | C] () -- C:\Users\User\AppData\Local\vstaldr
[2008.04.04 19:52:35 | 000,002,731 | ---- | C] () -- C:\Users\User\AppData\Local\asus.XRM-MS
[2008.04.04 19:52:35 | 000,000,219 | ---- | C] () -- C:\Users\User\AppData\Local\menu.lst
[2008.03.15 19:07:02 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.01.10 20:16:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.01.10 20:15:30 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007.02.06 02:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 14:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.04.20 01:14:32 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
< End of report >
         
--- --- ---

Alt 23.08.2010, 20:42   #8
needhelp!
 
Nichts kann geöffnet werden. Application cannot be executed. This file '... ..exe' is infected... - Standard

Nichts kann geöffnet werden. Application cannot be executed. This file '... ..exe' is infected...



ach, und du hast mir aber nicht verraten wie lange so ein vollscan nun dauert!?

Geändert von needhelp! (23.08.2010 um 20:47 Uhr)

Alt 24.08.2010, 11:16   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nichts kann geöffnet werden. Application cannot be executed. This file '... ..exe' is infected... - Standard

Nichts kann geöffnet werden. Application cannot be executed. This file '... ..exe' is infected...



Zitat:
ach, und du hast mir aber nicht verraten wie lange so ein vollscan nun dauert!?
Witzig
Wie soll ich das vorhersagen, bin ich Jesus? Bei jedem Rechner dauert das unterschiedlich lange!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 25.08.2010, 21:47   #10
needhelp!
 
Nichts kann geöffnet werden. Application cannot be executed. This file '... ..exe' is infected... - Standard

Nichts kann geöffnet werden. Application cannot be executed. This file '... ..exe' is infected...



Man ich hab doch keine ahnung, hab sowas noch nie gemacht. ich dachte einfach du könntest mir sagen, ob das jetzt 2 stunden dauert oder einen tag... ich bin ein mädchen! ich kenn mich da NULL aus...!^^

naja, wie auch immer, ein neues problem ist aufgetaucht. Ich hab,als malewarebytes noch lief, meien pc ausgeschlatet weil ich vergessen hab dass das noch lief. Da wollt ich den wieder anschalten aber das geht nicht! da kommt erstmal das wo ich aussuchen kann wie ich den ausführen will, aber egal was ich auswehle, es löd sich immer ne kurze zeit iwas und dann kommt wieder die seite.... -.-?!

Alt 26.08.2010, 09:55   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nichts kann geöffnet werden. Application cannot be executed. This file '... ..exe' is infected... - Standard

Nichts kann geöffnet werden. Application cannot be executed. This file '... ..exe' is infected...



Zitat:
Da wollt ich den wieder anschalten aber das geht nicht! da kommt erstmal das wo ich aussuchen kann wie ich den ausführen will, aber egal was ich auswehle, es löd sich immer ne kurze zeit iwas und dann kommt wieder die seite....
Das musst du schon genauer beschreiben. Kommst Du in Windows überhaupt noch rein, lässt es sich bedienen?
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Nichts kann geöffnet werden. Application cannot be executed. This file '... ..exe' is infected...
aktiviere, anderen, antivirus, application cannot be executed., biete, computer, computerschutz, explorer, fenster, file, meldung, nichts, not, programm, ratlos, schnell, schonmal, seite, software, suite, this, version, versuche, windows, wirklich, ändern, öffnen, öffnet




Ähnliche Themen: Nichts kann geöffnet werden. Application cannot be executed. This file '... ..exe' is infected...


  1. Fehlermeldung: File corrpted. This application has been manipulated and maybe it is infected by a Virius
    Log-Analyse und Auswertung - 01.04.2015 (3)
  2. TR/Agent.amd.2 in C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED
    Plagegeister aller Art und deren Bekämpfung - 02.11.2012 (7)
  3. Warning! Application cannot be executed. The file .exe is infected. Please activate youre Antivirsoftware.
    Plagegeister aller Art und deren Bekämpfung - 12.10.2012 (7)
  4. Website kann nicht geöffnet werden Trojaner
    Log-Analyse und Auswertung - 08.10.2012 (8)
  5. Warning! Application cannot be executed. The file .exe is infected. Please activate youre Antivirsoftware.
    Log-Analyse und Auswertung - 25.09.2012 (5)
  6. Application cannot be executed. The file avgnt.exe is infected.
    Log-Analyse und Auswertung - 08.04.2011 (13)
  7. Security Warning Fenster: "Application cannot be executed. The file ... is infected.
    Plagegeister aller Art und deren Bekämpfung - 28.08.2010 (1)
  8. Angeblich fehlende odf.dll -> ***.exe kann nicht geöffnet werden
    Plagegeister aller Art und deren Bekämpfung - 14.07.2010 (2)
  9. Recycler\s- ............ kann nicht geöffnet werden
    Log-Analyse und Auswertung - 21.03.2009 (16)
  10. NTI kann nicht geöffnet werden ***HILFE***
    Log-Analyse und Auswertung - 25.01.2009 (1)
  11. Bestimmte Webseite kann nicht geöffnet werden
    Plagegeister aller Art und deren Bekämpfung - 15.12.2008 (8)
  12. ctfmona.exe kann nicht geöffnet werden was ist cfmona.exe?
    Log-Analyse und Auswertung - 20.02.2008 (3)
  13. Dieses Installationspaket kann nicht geöffnet werden
    Alles rund um Windows - 05.01.2008 (3)
  14. Application.Pup.E - kann nicht gelöscht werden
    Plagegeister aller Art und deren Bekämpfung - 28.11.2007 (2)
  15. .exe kann nicht geöffnet werden
    Plagegeister aller Art und deren Bekämpfung - 23.02.2007 (8)
  16. Datei kann von Antivir nicht geöffnet werden
    Plagegeister aller Art und deren Bekämpfung - 14.02.2007 (7)
  17. HILFE HJT kann nicht geöffnet werden!
    Log-Analyse und Auswertung - 20.02.2006 (12)

Zum Thema Nichts kann geöffnet werden. Application cannot be executed. This file '... ..exe' is infected... - hallo! Also ich habe gerade etwas bei mir rumgesurft un dwirkich nichts runtergeladen oder so! Dann als ich ein programm öffnen wollte kam auf einmal die meldung: Security warning Application - Nichts kann geöffnet werden. Application cannot be executed. This file '... ..exe' is infected......
Archiv
Du betrachtest: Nichts kann geöffnet werden. Application cannot be executed. This file '... ..exe' is infected... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.