| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Facebook.vbs auf USB-StickWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.05.2013, 23:09
| #1 |
 |  Facebook.vbs auf USB-Stick Hallo, Meine Freundin hat sich auf ihrem Windows 7 Laptop einen Virus eingefangen. Zum ersten Mal hat sie ihn vor ca. drei Wochen bemerkt, als alle Dateien auf ihrem USB Stick plötzlich Verknüpfungen waren. Die Dateien ließen sich dabei durch Anklicken der Verknüpfungen noch öffnen, aber es erscheinte vorher jedesmal kurz ein schwarzes Fenster (ich nehme an, sie meint das cmd.exe Fenster). Sie ignorierte das Problem erstmal. Nun hat sie vor ein paar Tagen einen zweiten Stick gekauft, da sie meinte, der erste wäre schlicht hinüber, auf dem das gleiche Problem sofort ebenfalls auftrat. Die echten Dateien sind dabei auf dem Stick noch verhanden, aber als versteckte Dateien. Sichtbar sind nur die gleichnamigen Verknüpfungen. Die Verknüpfungen verweisen auf folgenden Pfad: C:/Windows/system32/cmd.exe/c start Facebook.vbs&explorer.exe Dateiname & exit Vielen Dank im Voraus für eure Hilfe. |
|
21.05.2013, 13:52
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Facebook.vbs auf USB-Stick Hallo,
__________________Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
21.05.2013, 16:59
| #3 |
| | Facebook.vbs auf USB-Stick Ja, es wurde bereits gescannt. Tut mir leid, dass ich nicht daran gedacht hatte, die Logs zu posten, aber alle Scans waren ohne Fund geblieben, deshalb hatte ich das vergessen.
__________________Zuerst hat meine Freundin in den drei Wochen zweimal mit Antivir gescannt, zuerst am 4. Mai: Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 4. Mai 2013 19:51
Es wird nach 4469675 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : CYBERPORT-PC
Versionsinformationen:
BUILD.DAT : 12.1.9.1236 40872 Bytes 11.10.2012 15:29:00
AVSCAN.EXE : 12.3.0.48 468256 Bytes 20.11.2012 11:26:59
AVSCAN.DLL : 12.3.0.15 66256 Bytes 18.07.2012 16:04:38
LUKE.DLL : 12.3.0.15 68304 Bytes 18.07.2012 16:04:31
AVSCPLR.DLL : 12.3.0.27 97064 Bytes 18.07.2012 16:04:24
AVREG.DLL : 12.3.0.33 232232 Bytes 18.07.2012 16:04:23
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 09:59:24
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 10:14:08
VBASE002.VDF : 7.11.74.227 2048 Bytes 30.04.2013 10:14:09
VBASE003.VDF : 7.11.74.228 2048 Bytes 30.04.2013 10:14:09
VBASE004.VDF : 7.11.74.229 2048 Bytes 30.04.2013 10:14:09
VBASE005.VDF : 7.11.74.230 2048 Bytes 30.04.2013 10:14:09
VBASE006.VDF : 7.11.74.231 2048 Bytes 30.04.2013 10:14:09
VBASE007.VDF : 7.11.74.232 2048 Bytes 30.04.2013 10:14:09
VBASE008.VDF : 7.11.74.233 2048 Bytes 30.04.2013 10:14:09
VBASE009.VDF : 7.11.74.234 2048 Bytes 30.04.2013 10:14:09
VBASE010.VDF : 7.11.74.235 2048 Bytes 30.04.2013 10:14:09
VBASE011.VDF : 7.11.74.236 2048 Bytes 30.04.2013 10:14:09
VBASE012.VDF : 7.11.74.237 2048 Bytes 30.04.2013 10:14:09
VBASE013.VDF : 7.11.74.238 2048 Bytes 30.04.2013 10:14:09
VBASE014.VDF : 7.11.74.239 2048 Bytes 30.04.2013 10:14:09
VBASE015.VDF : 7.11.74.240 2048 Bytes 30.04.2013 10:14:09
VBASE016.VDF : 7.11.74.241 2048 Bytes 30.04.2013 10:14:09
VBASE017.VDF : 7.11.74.242 2048 Bytes 30.04.2013 10:14:09
VBASE018.VDF : 7.11.74.243 2048 Bytes 30.04.2013 10:14:10
VBASE019.VDF : 7.11.74.244 2048 Bytes 30.04.2013 10:14:10
VBASE020.VDF : 7.11.74.245 2048 Bytes 30.04.2013 10:14:10
VBASE021.VDF : 7.11.74.246 2048 Bytes 30.04.2013 10:14:10
VBASE022.VDF : 7.11.74.247 2048 Bytes 30.04.2013 10:14:10
VBASE023.VDF : 7.11.74.248 2048 Bytes 30.04.2013 10:14:10
VBASE024.VDF : 7.11.74.249 2048 Bytes 30.04.2013 10:14:10
VBASE025.VDF : 7.11.74.250 2048 Bytes 30.04.2013 10:14:10
VBASE026.VDF : 7.11.74.251 2048 Bytes 30.04.2013 10:14:10
VBASE027.VDF : 7.11.74.252 2048 Bytes 30.04.2013 10:14:10
VBASE028.VDF : 7.11.74.253 2048 Bytes 30.04.2013 10:14:10
VBASE029.VDF : 7.11.74.254 2048 Bytes 30.04.2013 10:14:10
VBASE030.VDF : 7.11.74.255 2048 Bytes 30.04.2013 10:14:10
VBASE031.VDF : 7.11.75.86 136192 Bytes 01.05.2013 19:20:00
Engineversion : 8.2.12.32
AEVDF.DLL : 8.1.2.10 102772 Bytes 21.08.2012 09:40:16
AESCRIPT.DLL : 8.1.4.108 483709 Bytes 27.04.2013 23:12:41
AESCN.DLL : 8.1.10.4 131446 Bytes 26.03.2013 21:08:54
AESBX.DLL : 8.2.5.12 606578 Bytes 18.07.2012 16:04:20
AERDL.DLL : 8.2.0.88 643444 Bytes 11.01.2013 11:37:57
AEPACK.DLL : 8.3.2.6 827767 Bytes 06.04.2013 09:59:51
AEOFFICE.DLL : 8.1.2.56 205180 Bytes 08.03.2013 16:30:27
AEHEUR.DLL : 8.1.4.318 5894521 Bytes 27.04.2013 23:12:41
AEHELP.DLL : 8.1.25.2 258423 Bytes 20.10.2012 13:07:46
AEGEN.DLL : 8.1.7.2 442741 Bytes 26.03.2013 21:08:53
AEEXP.DLL : 8.4.0.24 196982 Bytes 27.04.2013 23:12:41
AEEMU.DLL : 8.1.3.2 393587 Bytes 21.08.2012 09:40:13
AECORE.DLL : 8.1.31.2 201080 Bytes 19.02.2013 12:26:34
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 21:26:23
AVWINLL.DLL : 12.3.0.15 27344 Bytes 18.07.2012 16:04:25
AVPREF.DLL : 12.3.0.32 50720 Bytes 20.11.2012 11:26:58
AVREP.DLL : 12.3.0.15 179208 Bytes 18.07.2012 16:04:23
AVARKT.DLL : 12.3.0.33 209696 Bytes 20.11.2012 11:26:58
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 18.07.2012 16:04:22
SQLITE3.DLL : 3.7.0.1 398288 Bytes 18.07.2012 16:04:34
AVSMTP.DLL : 12.3.0.32 63480 Bytes 18.07.2012 16:04:24
NETNT.DLL : 12.3.0.15 17104 Bytes 18.07.2012 16:04:31
RCIMAGE.DLL : 12.3.0.31 4444408 Bytes 18.07.2012 16:04:41
RCTEXT.DLL : 12.3.0.32 98848 Bytes 20.11.2012 11:26:08
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, Q:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Samstag, 4. Mai 2013 19:51
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'Q:\'
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Der Suchlauf nach versteckten Objekten wird begonnen.
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\AppDomains\Communications.CCC.exe.CCC.5164
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\AppDomains\Communications.MOM.exe.MOM.4012
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\Processes\4012
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\Processes\5164
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\Settings\Graphics\PowerXpress\Px4.0\ProfiledAppList\0Filepath
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\Settings\Graphics\PowerXpress\Px4.0\ProfiledAppList\0Filepath
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\Settings\Graphics\PowerXpress\Px4.0\ProfiledAppList\0Filepath
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\Settings\Graphics\PowerXpress\Px4.0\ProfiledAppList\2Filepath
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\Settings\Runtime\Runtime Graphics Caste Initialize Finishing
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\Settings\Runtime\Runtime Fuel Caste Constructor
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\Settings\Runtime\Runtime Fuel Caste Constructor ProcTime
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\Settings\Runtime\Runtime Fuel Caste Constructor ProcTime
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\Settings\Runtime\Runtime Fuel Caste HotKey
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\Settings\Runtime\Runtime Platform Caste Aspect ProcTime
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\Settings\Runtime\Runtime Platform Caste Aspect ProcTime
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\Settings\Runtime\Runtime HydraVision Caste HotKey
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\Settings\Runtime\RuntimePublish
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\Settings\Runtime\RuntimeStartUp
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\Microsoft\Direct3D\MostRecentApplication\Name
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTPlayerCtrl.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'MobileConnect.exe' - '125' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'YCMMirage.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'TouchZone.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVD10Serv.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'nusb3mon.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'mediasrv.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'CVHSVC.EXE' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftlist.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'obexsrv.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'VMCService.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftvsa.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'devmonsrv.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '43' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1516' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <Windows7_OS>
Beginne mit der Suche in 'D:\' <LENOVO>
Beginne mit der Suche in 'Q:\'
Der zu durchsuchende Pfad Q:\ konnte nicht geöffnet werden!
Systemfehler [5]: Zugriff verweigert
Ende des Suchlaufs: Samstag, 4. Mai 2013 21:10
Benötigte Zeit: 1:18:39 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
25677 Verzeichnisse wurden überprüft
761038 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
761038 Dateien ohne Befall
8034 Archive wurden durchsucht
0 Warnungen
15 Hinweise
617183 Objekte wurden beim Rootkitscan durchsucht
19 Versteckte Objekte wurden gefunden
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 11. Mai 2013 21:06
Es wird nach 4509628 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : CYBERPORT-PC
Versionsinformationen:
BUILD.DAT : 12.1.9.1236 40872 Bytes 11.10.2012 15:29:00
AVSCAN.EXE : 12.3.0.48 468256 Bytes 20.11.2012 11:26:59
AVSCAN.DLL : 12.3.0.15 66256 Bytes 18.07.2012 16:04:38
LUKE.DLL : 12.3.0.15 68304 Bytes 18.07.2012 16:04:31
AVSCPLR.DLL : 12.3.0.27 97064 Bytes 18.07.2012 16:04:24
AVREG.DLL : 12.3.0.33 232232 Bytes 18.07.2012 16:04:23
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 09:59:24
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 10:14:08
VBASE002.VDF : 7.11.74.227 2048 Bytes 30.04.2013 10:14:09
VBASE003.VDF : 7.11.74.228 2048 Bytes 30.04.2013 10:14:09
VBASE004.VDF : 7.11.74.229 2048 Bytes 30.04.2013 10:14:09
VBASE005.VDF : 7.11.74.230 2048 Bytes 30.04.2013 10:14:09
VBASE006.VDF : 7.11.74.231 2048 Bytes 30.04.2013 10:14:09
VBASE007.VDF : 7.11.74.232 2048 Bytes 30.04.2013 10:14:09
VBASE008.VDF : 7.11.74.233 2048 Bytes 30.04.2013 10:14:09
VBASE009.VDF : 7.11.74.234 2048 Bytes 30.04.2013 10:14:09
VBASE010.VDF : 7.11.74.235 2048 Bytes 30.04.2013 10:14:09
VBASE011.VDF : 7.11.74.236 2048 Bytes 30.04.2013 10:14:09
VBASE012.VDF : 7.11.74.237 2048 Bytes 30.04.2013 10:14:09
VBASE013.VDF : 7.11.74.238 2048 Bytes 30.04.2013 10:14:09
VBASE014.VDF : 7.11.75.97 181248 Bytes 02.05.2013 18:46:23
VBASE015.VDF : 7.11.75.183 217600 Bytes 03.05.2013 18:46:23
VBASE016.VDF : 7.11.76.27 183808 Bytes 04.05.2013 18:46:24
VBASE017.VDF : 7.11.76.28 2048 Bytes 04.05.2013 18:46:24
VBASE018.VDF : 7.11.76.29 2048 Bytes 04.05.2013 18:46:24
VBASE019.VDF : 7.11.76.30 2048 Bytes 04.05.2013 18:46:24
VBASE020.VDF : 7.11.76.31 2048 Bytes 04.05.2013 18:46:24
VBASE021.VDF : 7.11.76.32 2048 Bytes 04.05.2013 18:46:24
VBASE022.VDF : 7.11.76.33 2048 Bytes 04.05.2013 18:46:24
VBASE023.VDF : 7.11.76.34 2048 Bytes 04.05.2013 18:46:24
VBASE024.VDF : 7.11.76.35 2048 Bytes 04.05.2013 18:46:24
VBASE025.VDF : 7.11.76.36 2048 Bytes 04.05.2013 18:46:24
VBASE026.VDF : 7.11.76.37 2048 Bytes 04.05.2013 18:46:24
VBASE027.VDF : 7.11.76.38 2048 Bytes 04.05.2013 18:46:24
VBASE028.VDF : 7.11.76.39 2048 Bytes 04.05.2013 18:46:24
VBASE029.VDF : 7.11.76.40 2048 Bytes 04.05.2013 18:46:24
VBASE030.VDF : 7.11.76.41 2048 Bytes 04.05.2013 18:46:25
VBASE031.VDF : 7.11.76.88 92672 Bytes 05.05.2013 18:46:25
Engineversion : 8.2.12.34
AEVDF.DLL : 8.1.2.10 102772 Bytes 21.08.2012 09:40:16
AESCRIPT.DLL : 8.1.4.110 483709 Bytes 05.05.2013 18:47:08
AESCN.DLL : 8.1.10.4 131446 Bytes 26.03.2013 21:08:54
AESBX.DLL : 8.2.5.12 606578 Bytes 18.07.2012 16:04:20
AERDL.DLL : 8.2.0.88 643444 Bytes 11.01.2013 11:37:57
AEPACK.DLL : 8.3.2.6 827767 Bytes 06.04.2013 09:59:51
AEOFFICE.DLL : 8.1.2.56 205180 Bytes 08.03.2013 16:30:27
AEHEUR.DLL : 8.1.4.336 5898617 Bytes 05.05.2013 18:47:07
AEHELP.DLL : 8.1.25.2 258423 Bytes 20.10.2012 13:07:46
AEGEN.DLL : 8.1.7.2 442741 Bytes 26.03.2013 21:08:53
AEEXP.DLL : 8.4.0.26 201078 Bytes 05.05.2013 18:47:08
AEEMU.DLL : 8.1.3.2 393587 Bytes 21.08.2012 09:40:13
AECORE.DLL : 8.1.31.2 201080 Bytes 19.02.2013 12:26:34
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 21:26:23
AVWINLL.DLL : 12.3.0.15 27344 Bytes 18.07.2012 16:04:25
AVPREF.DLL : 12.3.0.32 50720 Bytes 20.11.2012 11:26:58
AVREP.DLL : 12.3.0.15 179208 Bytes 18.07.2012 16:04:23
AVARKT.DLL : 12.3.0.33 209696 Bytes 20.11.2012 11:26:58
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 18.07.2012 16:04:22
SQLITE3.DLL : 3.7.0.1 398288 Bytes 18.07.2012 16:04:34
AVSMTP.DLL : 12.3.0.32 63480 Bytes 18.07.2012 16:04:24
NETNT.DLL : 12.3.0.15 17104 Bytes 18.07.2012 16:04:31
RCIMAGE.DLL : 12.3.0.31 4444408 Bytes 18.07.2012 16:04:41
RCTEXT.DLL : 12.3.0.32 98848 Bytes 20.11.2012 11:26:08
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, Q:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Samstag, 11. Mai 2013 21:06
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'Q:\'
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '213' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'swriter.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTPlayerCtrl.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'MobileConnect.exe' - '125' Modul(e) wurden durchsucht
Durchsuche Prozess 'mediasrv.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'YCMMirage.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'TouchZone.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVD10Serv.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'nusb3mon.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'CVHSVC.EXE' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftlist.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'obexsrv.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'VMCService.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftvsa.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'devmonsrv.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '43' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1516' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <Windows7_OS>
Beginne mit der Suche in 'D:\' <LENOVO>
Beginne mit der Suche in 'Q:\'
Der zu durchsuchende Pfad Q:\ konnte nicht geöffnet werden!
Systemfehler [5]: Zugriff verweigert
Ende des Suchlaufs: Samstag, 11. Mai 2013 23:04
Benötigte Zeit: 1:57:33 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
25678 Verzeichnisse wurden überprüft
761294 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
761294 Dateien ohne Befall
8042 Archive wurden durchsucht
0 Warnungen
0 Hinweise
617525 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.13.02 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus) Internet Explorer 9.0.8112.16421 Freundin :: CYBERPORT-PC [Administrator] 13.05.2013 13:22:31 mbam-log-2013-05-13 (13-22-31).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 214848 Laufzeit: 2 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.13.02 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus) Internet Explorer 9.0.8112.16421 Freundin :: CYBERPORT-PC [Administrator] 13.05.2013 13:25:04 mbam-log-2013-05-13 (13-25-04).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 368973 Laufzeit: 23 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Freundin\Pictures\Maries Bilder\Mein Zuhause\2004_08_08 Mein Zimmer\IMG_1270.JPG (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Abschliessend noch ein Quick-Scan im regulären Modus: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.13.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Freundin :: CYBERPORT-PC [Administrator] 13.05.2013 13:52:41 mbam-log-2013-05-13 (13-52-41).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 215759 Laufzeit: 3 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Nun scheint MSE ja keine einzelnen Logs anzulegen, sondern nur ein komplettes Log über alle seine Aktivitäten. Ich habe daher daraus alles kopiert, was seit dem Fund des Wurms geschrieben wurde: Code:
ATTFilter ************************************************************
2013-05-21T15:37:52.175Z Task(SpyNetService -RestrictPrivileges -AccessKey B48A5851-F494-AD3F-6BB9-FF0639590FFC) launched
Begin Resource Scan
Scan ID:{A80AD7A8-005D-42FB-96F6-BCAEE151BB84}
Scan Source:3
Start Time:05-21-2013 17:37:51
End Time:05-21-2013 17:37:53
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
2013-05-21T15:37:53.585Z DETECTIONEVENT Worm:VBS/Linxer.A file:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs;
2013-05-21T15:37:53.593Z DETECTION_ADD Worm:VBS/Linxer.A file:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
2013-05-21T15:37:53.609Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2013-05-21T15:37:53.616Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
Begin Resource Scan
Scan ID:{F085B126-FF43-4D26-A795-9A14635D87F6}
Scan Source:6
Start Time:05-21-2013 17:37:56
End Time:05-21-2013 17:37:56
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
2013-05-21T15:37:58.689Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2013-05-21T15:37:58.698Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
Begin Resource Scan
Scan ID:{A552822B-3F85-44E5-8378-989C6A240E1D}
Scan Source:3
Start Time:05-21-2013 17:38:03
End Time:05-21-2013 17:38:03
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
2013-05-21T15:38:03.735Z DETECTION_ADD Worm:VBS/Linxer.A file:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
2013-05-21T15:38:05.568Z Process scan (postsignatureupdatescan) completed.
2013-05-21T15:38:07.465Z DETECTION_MERGE Worm:VBS/Linxer.A file:C:\Users\Freundin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
2013-05-21T15:38:07.465Z DETECTION_MERGE Worm:VBS/Linxer.A regkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
2013-05-21T15:38:07.465Z DETECTION_MERGE Worm:VBS/Linxer.A runkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
2013-05-21T15:38:07.465Z DETECTIONEVENT Worm:VBS/Linxer.A file:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs;file:C:\Users\Freundin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk;regkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs;runkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs;
Begin Resource Scan
Scan ID:{EEA4C650-48A4-47D9-99E1-3F576CEBB914}
Scan Source:6
Start Time:05-21-2013 17:37:56
End Time:05-21-2013 17:38:07
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:4
Resource Schema:regkey
Resource Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Extended Info:0
Resource Schema:runkey
Resource Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Extended Info:0
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
Extended Info:24600314983586
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
2013-05-21T15:38:07.848Z DETECTIONEVENT Worm:VBS/Linxer.A file:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs;
Begin Resource Scan
Scan ID:{64C63509-954F-4211-BC26-1A8B1E22F285}
Scan Source:10
Start Time:05-21-2013 17:38:07
End Time:05-21-2013 17:38:07
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Explicit resource to scan
Resource Schema:runkey
Resource Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:4
Resource Schema:regkey
Resource Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Extended Info:0
Resource Schema:runkey
Resource Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Extended Info:0
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
Extended Info:24600314983586
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
2013-05-21T15:38:07.867Z DETECTION_MERGE Worm:VBS/Linxer.A file:C:\Users\Freundin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
2013-05-21T15:38:07.867Z DETECTION_MERGE Worm:VBS/Linxer.A regkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
2013-05-21T15:38:07.867Z DETECTION_MERGE Worm:VBS/Linxer.A runkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
2013-05-21T15:38:07.868Z DETECTIONEVENT Worm:VBS/Linxer.A file:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs;file:C:\Users\Freundin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk;regkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs;runkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs;
Beginning threat actions
Start time:05-21-2013 17:38:07
Threat Name:Worm:VBS/Linxer.A
Threat ID:2147681518
Action:quarantine
Resource action complete:Quarantine
Schema:regkey
Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Threat ID:2147681518
Resource refcount:1
Result:0
Resource action complete:Quarantine
Schema:runkey
Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Threat ID:2147681518
Resource refcount:1
Result:0
Resource action complete:Quarantine
Schema:file
Path:\\?\C:\Users\Freundin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
Threat ID:2147681518
Resource refcount:1
Result:0
!ERROR
Resource action complete:Quarantine
Schema:file
Path:\\?\C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Threat ID:2147681518
Resource refcount:1
Result:32
!ERROR
Finished threat ID:2147681518
Threat result:32
Threat status flags:385
Finished threat actions
End time:05-21-2013 17:38:07
Result:0
DSS Timeout:Received results after timeout
2013-05-21T15:38:09.885Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2013-05-21T15:38:09.892Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
Begin Resource Scan
Scan ID:{F765FDD6-AD4B-491C-8BE3-D529DED30746}
Scan Source:3
Start Time:05-21-2013 17:38:15
End Time:05-21-2013 17:38:15
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{A8536AB8-F5AD-41AB-A386-7DACDC3F2032}
Scan Source:3
Start Time:05-21-2013 17:38:27
End Time:05-21-2013 17:38:27
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{7FEBF748-94D7-48A3-9C83-0EB4C95CB6D1}
Scan Source:3
Start Time:05-21-2013 17:38:39
End Time:05-21-2013 17:38:39
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{53E8D336-FD3F-47B7-B2E1-174A6F54AC72}
Scan Source:3
Start Time:05-21-2013 17:38:51
End Time:05-21-2013 17:38:51
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{D296DC02-9087-482D-9F92-AC67779EE8DF}
Scan Source:3
Start Time:05-21-2013 17:39:03
End Time:05-21-2013 17:39:03
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{82A5DFDF-EADD-4A71-878A-8D2A425AA47A}
Scan Source:3
Start Time:05-21-2013 17:39:15
End Time:05-21-2013 17:39:15
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{9AAA9B4A-2776-4968-99D8-75F70CB191F9}
Scan Source:3
Start Time:05-21-2013 17:39:28
End Time:05-21-2013 17:39:28
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{C6927D04-D0A6-4589-A7BC-CF71AA07B6BE}
Scan Source:3
Start Time:05-21-2013 17:39:40
End Time:05-21-2013 17:39:40
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{BFB286D5-DE72-4EED-8313-A22D7729633A}
Scan Source:3
Start Time:05-21-2013 17:39:52
End Time:05-21-2013 17:39:52
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{F31420D4-3B9E-46CE-94A3-594C8A135046}
Scan Source:3
Start Time:05-21-2013 17:40:04
End Time:05-21-2013 17:40:04
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{17B9F743-E7AF-4417-978C-443ECA26245A}
Scan Source:3
Start Time:05-21-2013 17:40:16
End Time:05-21-2013 17:40:16
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{147B71CD-8A18-461E-945F-E838C080B8F9}
Scan Source:3
Start Time:05-21-2013 17:40:28
End Time:05-21-2013 17:40:28
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{412A5ADD-1C25-4A70-B95D-4F76C34D1AE8}
Scan Source:3
Start Time:05-21-2013 17:40:40
End Time:05-21-2013 17:40:40
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{7D69E43E-1719-4E3D-BE79-71DCA50AE95C}
Scan Source:3
Start Time:05-21-2013 17:40:52
End Time:05-21-2013 17:40:52
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{A003A741-6B9B-4D94-99C7-3D5E2D8B35D2}
Scan Source:3
Start Time:05-21-2013 17:41:04
End Time:05-21-2013 17:41:04
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{CEEA9429-C229-437A-94E9-7BAFE04683BC}
Scan Source:3
Start Time:05-21-2013 17:41:16
End Time:05-21-2013 17:41:16
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{275368CD-6C54-47DB-AFF6-104566F5E331}
Scan Source:3
Start Time:05-21-2013 17:41:28
End Time:05-21-2013 17:41:28
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{350E7E5E-BB31-4CCF-BF88-0DD3BF0818B1}
Scan Source:3
Start Time:05-21-2013 17:41:40
End Time:05-21-2013 17:41:40
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{D260120B-EA5A-4BF8-A1C3-253D4B41DDD4}
Scan Source:3
Start Time:05-21-2013 17:41:52
End Time:05-21-2013 17:41:52
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{C52B5E61-7B6F-42B6-8950-A5EC99308EF1}
Scan Source:3
Start Time:05-21-2013 17:42:04
End Time:05-21-2013 17:42:04
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{A94EF003-E093-4370-BE13-EBB71C16F269}
Scan Source:3
Start Time:05-21-2013 17:42:16
End Time:05-21-2013 17:42:16
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{0B94A661-A984-4713-9298-269B9209A574}
Scan Source:3
Start Time:05-21-2013 17:42:28
End Time:05-21-2013 17:42:28
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{CED44F5E-BB34-43F3-9A24-2380345CD926}
Scan Source:3
Start Time:05-21-2013 17:42:40
End Time:05-21-2013 17:42:40
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{668A4DC7-54AC-4DAD-8B55-A932D26D8DA2}
Scan Source:3
Start Time:05-21-2013 17:42:52
End Time:05-21-2013 17:42:52
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{AD05385F-0BEA-4EB3-AB5B-B514DF153D20}
Scan Source:3
Start Time:05-21-2013 17:43:04
End Time:05-21-2013 17:43:04
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{63C7394E-D3F1-4192-BFAD-D9DA1F2FA98A}
Scan Source:3
Start Time:05-21-2013 17:43:16
End Time:05-21-2013 17:43:16
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{48CC1CFE-087D-4BC4-82FA-21825A277E0B}
Scan Source:3
Start Time:05-21-2013 17:43:28
End Time:05-21-2013 17:43:28
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{96ED50A8-61FE-4A47-A6C2-5B19559B8CAD}
Scan Source:3
Start Time:05-21-2013 17:43:40
End Time:05-21-2013 17:43:40
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{350F2A8C-49A0-4D6F-8B64-E719EACCE929}
Scan Source:3
Start Time:05-21-2013 17:43:52
End Time:05-21-2013 17:43:52
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{75CDD2F5-D853-4576-9F47-4181965EC3AB}
Scan Source:3
Start Time:05-21-2013 17:44:04
End Time:05-21-2013 17:44:04
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{26BEEAB6-4158-41EA-AAA7-5F65E2104F6B}
Scan Source:3
Start Time:05-21-2013 17:44:16
End Time:05-21-2013 17:44:16
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{C808C0EE-C28D-4B38-9932-50F1DE79B66C}
Scan Source:3
Start Time:05-21-2013 17:44:29
End Time:05-21-2013 17:44:29
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{E6BCB4BC-EC02-4DC0-A101-8CD2872AC647}
Scan Source:3
Start Time:05-21-2013 17:44:41
End Time:05-21-2013 17:44:41
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{992FE68C-42AB-4CA9-B1A7-E5E23235999E}
Scan Source:3
Start Time:05-21-2013 17:44:53
End Time:05-21-2013 17:44:53
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{5772F715-D37F-47E4-AC31-567390E46937}
Scan Source:3
Start Time:05-21-2013 17:45:05
End Time:05-21-2013 17:45:05
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{F5ADAC7D-18BB-4FA8-B3CC-C5A87F5267B7}
Scan Source:3
Start Time:05-21-2013 17:45:17
End Time:05-21-2013 17:45:17
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{6016B2C1-AFB3-49CE-A489-99DA08DD662F}
Scan Source:3
Start Time:05-21-2013 17:45:29
End Time:05-21-2013 17:45:29
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{4AF5AE0F-3FD1-4E96-9FB3-14631738CE97}
Scan Source:3
Start Time:05-21-2013 17:45:41
End Time:05-21-2013 17:45:41
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{4622230C-EE4D-4F6A-BCFF-524D4430B0F5}
Scan Source:3
Start Time:05-21-2013 17:45:53
End Time:05-21-2013 17:45:53
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{7C8ED4BF-3513-4968-A92F-DAFBDBA3B091}
Scan Source:3
Start Time:05-21-2013 17:46:05
End Time:05-21-2013 17:46:05
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{C7AA0A85-C999-4735-AAFE-9AC7AC0B05BA}
Scan Source:3
Start Time:05-21-2013 17:46:17
End Time:05-21-2013 17:46:17
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{A1D3068E-1AAA-43CD-9A39-3D7BAAE02E17}
Scan Source:3
Start Time:05-21-2013 17:46:29
End Time:05-21-2013 17:46:29
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{EB4953BC-6B72-48A9-86D5-78990FAC86F8}
Scan Source:3
Start Time:05-21-2013 17:46:41
End Time:05-21-2013 17:46:41
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{D759ED05-FEDB-47D7-AB69-D82D32B5BB36}
Scan Source:3
Start Time:05-21-2013 17:46:53
End Time:05-21-2013 17:46:53
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{88916526-A9F4-42E3-9C1F-88D52149019D}
Scan Source:3
Start Time:05-21-2013 17:47:05
End Time:05-21-2013 17:47:05
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{5E9F1223-4CC9-41C6-AF31-93E1AC6CC308}
Scan Source:3
Start Time:05-21-2013 17:47:17
End Time:05-21-2013 17:47:17
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{B16399B3-36AA-46B6-B423-CCD69A0FE0EE}
Scan Source:3
Start Time:05-21-2013 17:47:29
End Time:05-21-2013 17:47:29
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{20B72DF3-300E-451F-9128-7A3BBFD00EF8}
Scan Source:3
Start Time:05-21-2013 17:47:41
End Time:05-21-2013 17:47:41
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{6564BB37-F805-4E2F-8399-1D1453127FBC}
Scan Source:3
Start Time:05-21-2013 17:47:53
End Time:05-21-2013 17:47:53
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{85D8E9EA-D5A1-4AAE-9BE6-B9C627F20BB7}
Scan Source:3
Start Time:05-21-2013 17:48:05
End Time:05-21-2013 17:48:05
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{9942B4D4-AAFC-47E7-B803-55F827EA3B38}
Scan Source:3
Start Time:05-21-2013 17:48:17
End Time:05-21-2013 17:48:17
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{3DAB4040-EF6F-46C6-8DA8-C1D8B000F4F9}
Scan Source:3
Start Time:05-21-2013 17:48:29
End Time:05-21-2013 17:48:29
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{69A3FD31-1E2D-4882-AA50-E6C21F8A106A}
Scan Source:3
Start Time:05-21-2013 17:48:41
End Time:05-21-2013 17:48:41
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{31AD4AC0-DCB7-42EC-A600-A4B9DCBD7400}
Scan Source:3
Start Time:05-21-2013 17:48:53
End Time:05-21-2013 17:48:53
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{B060A50F-8F32-4EC4-82E1-E16A7E098360}
Scan Source:3
Start Time:05-21-2013 17:49:05
End Time:05-21-2013 17:49:05
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{CA8C87A0-FBCE-4CD0-990F-90D162BF79C2}
Scan Source:3
Start Time:05-21-2013 17:49:17
End Time:05-21-2013 17:49:17
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{3B394D76-3371-40D4-94B9-1696E9F62962}
Scan Source:3
Start Time:05-21-2013 17:49:30
End Time:05-21-2013 17:49:30
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{9A9435C8-0F73-43EF-9349-0E9D92BCB334}
Scan Source:3
Start Time:05-21-2013 17:49:42
End Time:05-21-2013 17:49:42
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{5F0A8010-7303-4B70-A303-B7B457CBD3CA}
Scan Source:3
Start Time:05-21-2013 17:49:54
End Time:05-21-2013 17:49:54
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{74328370-FDB3-4A95-83B6-01F34E135625}
Scan Source:3
Start Time:05-21-2013 17:50:06
End Time:05-21-2013 17:50:06
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{004A1A65-87A5-4AA9-879D-9B73187B4DAC}
Scan Source:3
Start Time:05-21-2013 17:50:18
End Time:05-21-2013 17:50:18
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{A8075800-191C-4654-8530-09DA6640187F}
Scan Source:3
Start Time:05-21-2013 17:50:30
End Time:05-21-2013 17:50:30
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{0A05DEF5-A27D-431A-9B04-27C01A61EAA6}
Scan Source:3
Start Time:05-21-2013 17:50:42
End Time:05-21-2013 17:50:42
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{D8348B8D-B7B3-44DF-8791-525E8A6FE1E8}
Scan Source:3
Start Time:05-21-2013 17:50:54
End Time:05-21-2013 17:50:54
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{ABFBF399-AD1A-4CC8-8CF0-CC930A21126B}
Scan Source:3
Start Time:05-21-2013 17:51:06
End Time:05-21-2013 17:51:06
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{DA31B75C-FB92-41E8-91CF-A2B207DB8221}
Scan Source:3
Start Time:05-21-2013 17:51:18
End Time:05-21-2013 17:51:18
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{607EA15E-9583-4B66-BD03-F7A479813787}
Scan Source:3
Start Time:05-21-2013 17:51:30
End Time:05-21-2013 17:51:30
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{5865232C-B9FA-4C50-9707-EE0F914EE65D}
Scan Source:3
Start Time:05-21-2013 17:51:42
End Time:05-21-2013 17:51:42
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{D0314D94-DD3A-4F22-A4B8-1654B742852C}
Scan Source:3
Start Time:05-21-2013 17:51:54
End Time:05-21-2013 17:51:54
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{97DECD0D-28B2-400A-9258-AD651F49B78B}
Scan Source:3
Start Time:05-21-2013 17:52:06
End Time:05-21-2013 17:52:06
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{2D664102-8A26-4868-A05C-08AAA63E838D}
Scan Source:3
Start Time:05-21-2013 17:52:18
End Time:05-21-2013 17:52:18
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{012F6765-1C87-48D2-AD6A-D71B44A224E8}
Scan Source:3
Start Time:05-21-2013 17:52:30
End Time:05-21-2013 17:52:30
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{A5050229-EDB9-4FD9-95B9-9BE5DE42D235}
Scan Source:3
Start Time:05-21-2013 17:52:42
End Time:05-21-2013 17:52:42
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{A5EC418D-A4B9-44A0-9A12-71A1A8429309}
Scan Source:3
Start Time:05-21-2013 17:52:54
End Time:05-21-2013 17:52:54
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{4265C0CD-97EC-484E-BA14-79F4E19EC676}
Scan Source:3
Start Time:05-21-2013 17:53:06
End Time:05-21-2013 17:53:06
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{136895D4-1BEE-4E0C-9CCB-959AD2FDB100}
Scan Source:3
Start Time:05-21-2013 17:53:18
End Time:05-21-2013 17:53:18
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{3611E903-D10F-4752-BFB8-CD81B41B5F04}
Scan Source:3
Start Time:05-21-2013 17:53:30
End Time:05-21-2013 17:53:30
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{2B190F96-75E5-4398-BDC9-B90D67E6D6EC}
Scan Source:3
Start Time:05-21-2013 17:53:42
End Time:05-21-2013 17:53:42
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{5A781EBF-B7B3-4F18-948C-E1041107E9E7}
Scan Source:3
Start Time:05-21-2013 17:53:54
End Time:05-21-2013 17:53:54
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{A2EF2C59-0D76-4C58-9651-171F53B0324D}
Scan Source:3
Start Time:05-21-2013 17:54:06
End Time:05-21-2013 17:54:06
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{75626041-0215-4B24-93B8-A7FBC6EB0D83}
Scan Source:3
Start Time:05-21-2013 17:54:18
End Time:05-21-2013 17:54:18
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{812780E4-4EE8-4E05-BEEF-142540FB2194}
Scan Source:3
Start Time:05-21-2013 17:54:30
End Time:05-21-2013 17:54:30
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{C46D1E0A-462E-4FCC-BC25-730B46B85A66}
Scan Source:3
Start Time:05-21-2013 17:54:42
End Time:05-21-2013 17:54:42
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{F12FD096-211B-4312-9094-3F2F23E21308}
Scan Source:3
Start Time:05-21-2013 17:54:54
End Time:05-21-2013 17:54:54
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{88C187D6-79F9-434F-BF8B-CD83DD330424}
Scan Source:3
Start Time:05-21-2013 17:55:06
End Time:05-21-2013 17:55:06
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{C374BBBE-FC8B-4A71-9076-18B41C14E938}
Scan Source:3
Start Time:05-21-2013 17:55:18
End Time:05-21-2013 17:55:18
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{67BA9FA5-6A43-4C4D-8BB0-E6AE1137C1EA}
Scan Source:3
Start Time:05-21-2013 17:55:31
End Time:05-21-2013 17:55:31
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{066EF865-4670-4258-98F5-DF7BFE47671F}
Scan Source:3
Start Time:05-21-2013 17:55:43
End Time:05-21-2013 17:55:43
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{C185A10C-109A-48A5-81E8-15BA5A5C7924}
Scan Source:3
Start Time:05-21-2013 17:55:55
End Time:05-21-2013 17:55:55
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{955F6351-C7F6-4586-947A-74B992C7249D}
Scan Source:3
Start Time:05-21-2013 17:56:07
End Time:05-21-2013 17:56:07
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{97A5503C-657D-4CFE-84A3-371553FEC26F}
Scan Source:3
Start Time:05-21-2013 17:56:19
End Time:05-21-2013 17:56:19
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{8639EC42-774A-435E-BD7E-A98C4B35D447}
Scan Source:3
Start Time:05-21-2013 17:56:31
End Time:05-21-2013 17:56:31
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{21FB6B4E-06A1-47EF-9455-19F553AE2213}
Scan Source:3
Start Time:05-21-2013 17:56:43
End Time:05-21-2013 17:56:43
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{E098575C-71B6-476E-A073-DFDCD42136FF}
Scan Source:3
Start Time:05-21-2013 17:56:55
End Time:05-21-2013 17:56:55
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{6759A2BC-D520-4AAA-8206-BC8A1093258E}
Scan Source:3
Start Time:05-21-2013 17:57:07
End Time:05-21-2013 17:57:07
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{2AEA08BD-128D-4CD7-8A23-3EBB2B262088}
Scan Source:3
Start Time:05-21-2013 17:57:19
End Time:05-21-2013 17:57:19
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{81E433C0-711B-4CA6-906A-D950B7E9C24D}
Scan Source:3
Start Time:05-21-2013 17:57:31
End Time:05-21-2013 17:57:31
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{2C83C653-D074-4C2A-AC8D-5E59CEC15F13}
Scan Source:3
Start Time:05-21-2013 17:57:43
End Time:05-21-2013 17:57:43
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{DC53EE4F-F9C3-49A7-9558-F911ED609740}
Scan Source:3
Start Time:05-21-2013 17:57:55
End Time:05-21-2013 17:57:55
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{6FF1B2D9-2703-4A4C-AFE7-B7552CDC95C5}
Scan Source:3
Start Time:05-21-2013 17:58:07
End Time:05-21-2013 17:58:07
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{02956E36-6706-4D4B-9189-78BF8668206F}
Scan Source:3
Start Time:05-21-2013 17:58:19
End Time:05-21-2013 17:58:19
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{BDCB3448-E7BE-4E84-BEC8-5716D526330F}
Scan Source:3
Start Time:05-21-2013 17:58:31
End Time:05-21-2013 17:58:31
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{251051F6-3E6C-4A7A-B6EF-5413E424C1FC}
Scan Source:3
Start Time:05-21-2013 17:58:43
End Time:05-21-2013 17:58:43
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{92753A82-A3B9-4715-8127-C64C23DEA09E}
Scan Source:3
Start Time:05-21-2013 17:58:55
End Time:05-21-2013 17:58:55
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{182F1A6F-FF7D-43DC-9987-C505D22CE700}
Scan Source:3
Start Time:05-21-2013 17:59:07
End Time:05-21-2013 17:59:07
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{DEFF6E47-482D-4631-B799-44260D416794}
Scan Source:3
Start Time:05-21-2013 17:59:19
End Time:05-21-2013 17:59:19
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{D10E81FE-A9D1-413D-81EC-219CF3613EAC}
Scan Source:3
Start Time:05-21-2013 17:59:31
End Time:05-21-2013 17:59:31
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{54A28683-E220-42A2-9E00-5A26002209FF}
Scan Source:3
Start Time:05-21-2013 17:59:43
End Time:05-21-2013 17:59:43
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{A72230B4-E959-4958-9E42-4CF5EE0635D6}
Scan Source:3
Start Time:05-21-2013 17:59:55
End Time:05-21-2013 17:59:55
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{00F14FA5-9922-41D9-B5F0-8BACA0104818}
Scan Source:3
Start Time:05-21-2013 18:00:07
End Time:05-21-2013 18:00:07
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
2013-05-21T16:00:15.769Z DETECTION_MERGE Worm:VBS/Linxer.A startup:C:\Users\Freundin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
2013-05-21T16:00:15.769Z DETECTIONEVENT Worm:VBS/Linxer.A file:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs;file:C:\Users\Freundin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk;regkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs;runkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs;startup:C:\Users\Freundin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk;
Begin Resource Scan
Scan ID:{6D3657B9-56DC-4867-B150-EBB626EDF602}
Scan Source:6
Start Time:05-21-2013 18:00:09
End Time:05-21-2013 18:00:15
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Explicit resource to scan
Resource Schema:runkey
Resource Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:5
Resource Schema:regkey
Resource Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Extended Info:0
Resource Schema:runkey
Resource Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Extended Info:0
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
Extended Info:24600314983586
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
Resource Schema:startup
Resource Path:C:\Users\Freundin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
Extended Info:0
End Scan
************************************************************
Beginning threat actions
Start time:05-21-2013 18:00:15
Threat Name:Worm:VBS/Linxer.A
Threat ID:2147681518
Action:remove
Registry value to be removed:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Type:1
Value:"C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs"
Action remove successful on regkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Resource action complete:Removal
Schema:regkey
Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Threat ID:2147681518
Resource refcount:1
Result:0
Resource action complete:Removal
Schema:runkey
Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Threat ID:2147681518
Resource refcount:1
Result:0
File to act on SHA1:09FB8C40A32B7230C7B2707E38C7EEF8B561CFBF
File owner:Cyberport-PC\Freundin
File cleaned/removed successfully
File Name:C:\Users\Freundin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\Freundin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
Threat ID:2147681518
Resource refcount:1
Result:0
File to act on SHA1:B47AA09DCB23CB09987B7AF11C97CC51787A7F2D
File scheduled for removal on reboot
File Name:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Threat ID:2147681518
Resource refcount:1
Result:3010
Resource action complete:Removal
Schema:startup
Path:\\?\C:\Users\Freundin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
Threat ID:2147681518
Resource refcount:1
Result:0
Finished threat ID:2147681518
Threat result:0
Threat status flags:386
Finished threat actions
End time:05-21-2013 18:00:16
Result:0
2013-05-21T16:00:16.607Z Task(SpyNetService -RestrictPrivileges -AccessKey E1C832A1-1CC9-A28C-585E-E0478F58866C) launched
DSS Timeout:Received results after timeout
2013-05-21T16:00:18.104Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2013-05-21T16:00:18.116Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
Begin Resource Scan
Scan ID:{4F3629F0-201D-4AE1-A2AE-29FED1B41FDC}
Scan Source:3
Start Time:05-21-2013 18:00:19
End Time:05-21-2013 18:00:19
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
2013-05-21T16:00:19.985Z DETECTIONEVENT Worm:VBS/Linxer.A file:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs;
2013-05-21T16:00:19.985Z DETECTION_ADD Worm:VBS/Linxer.A file:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Begin Resource Scan
Scan ID:{C87D2423-76D7-47D7-A0EE-B07280D12049}
Scan Source:6
Start Time:05-21-2013 18:00:24
End Time:05-21-2013 18:00:24
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
2013-05-21T16:00:26.997Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2013-05-21T16:00:26.999Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2013-05-21T16:00:30.753Z DETECTION_MERGE Worm:VBS/Linxer.A regkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
2013-05-21T16:00:30.753Z DETECTION_MERGE Worm:VBS/Linxer.A runkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
2013-05-21T16:00:30.754Z DETECTIONEVENT Worm:VBS/Linxer.A file:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs;regkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs;runkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs;
Begin Resource Scan
Scan ID:{A2A546D7-30C4-43BF-80CF-AD4A19D524D4}
Scan Source:6
Start Time:05-21-2013 18:00:24
End Time:05-21-2013 18:00:30
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:3
Resource Schema:regkey
Resource Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Extended Info:0
Resource Schema:runkey
Resource Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Extended Info:0
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
Begin Resource Scan
Scan ID:{6ADC3F3C-93D2-4FA1-B65D-7B4A78FFCBAD}
Scan Source:10
Start Time:05-21-2013 18:00:30
End Time:05-21-2013 18:00:30
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Explicit resource to scan
Resource Schema:runkey
Resource Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:3
Resource Schema:regkey
Resource Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Extended Info:0
Resource Schema:runkey
Resource Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Extended Info:0
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
2013-05-21T16:00:30.999Z DETECTIONEVENT Worm:VBS/Linxer.A file:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs;regkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs;runkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs;
2013-05-21T16:00:31.000Z DETECTION_ADD Worm:VBS/Linxer.A file:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
2013-05-21T16:00:31.000Z DETECTION_ADD Worm:VBS/Linxer.A regkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
2013-05-21T16:00:31.000Z DETECTION_ADD Worm:VBS/Linxer.A runkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Beginning threat actions
Start time:05-21-2013 18:00:30
Threat Name:Worm:VBS/Linxer.A
Threat ID:2147681518
Action:quarantine
Resource action complete:Quarantine
Schema:regkey
Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Threat ID:2147681518
Resource refcount:1
Result:0
Resource action complete:Quarantine
Schema:runkey
Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Threat ID:2147681518
Resource refcount:1
Result:0
!ERROR
Resource action complete:Quarantine
Schema:file
Path:\\?\C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Threat ID:2147681518
Resource refcount:1
Result:32
!ERROR
Finished threat ID:2147681518
Threat result:32
Threat status flags:385
Finished threat actions
End time:05-21-2013 18:00:30
Result:0
DSS Timeout:Received results after timeout
Begin Resource Scan
Scan ID:{D62F18F3-696C-4CB5-AE08-7BE520EDF406}
Scan Source:3
Start Time:05-21-2013 18:00:32
End Time:05-21-2013 18:00:32
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************
2013-05-21T16:00:32.010Z DETECTIONEVENT Worm:VBS/Linxer.A file:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs;regkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs;runkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs;
2013-05-21T16:00:33.006Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2013-05-21T16:00:33.009Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Log
Stopped On 05-21-2013 18:00:36 (Exit Code = 0x0)
************************************************************
****************************RTP Perf Log***************************
RTP Start:05-21-2013 17:37:51
Last Perf:05-21-2013 17:37:51
First RTP Scan:05-21-2013 17:37:51
Plugin States: AV:1 AS:1 RTP:1 OA:1 BM:1
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:1
System File Cache:
Hits:634
Misses:626
BM Queue:73,239,0
Proc:50,150,0
File:23,238,0
Plugin Queue:0,1,0
Threat:0,1,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,1,0
SetEngine:1,1,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:7738
Pending:0
RegSize:28920
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:3505646
AsyncQCurrent:0
BMFlags:3
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:8
TotalStreamCon:5699
TotalBitmap:57440
NTFS Cache Statistics:
TotalMisses:11824
TotalHits:132022
InstanceCacheHits:6
CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
**************************END RTP Perf Log*************************
****************************RTP Perf Log***************************
RTP Start:05-21-2013 18:00:36
Last Perf:05-21-2013 18:00:36
First RTP Scan:N/A
Plugin States: AV:1 AS:1 RTP:1 OA:1 BM:1
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:1
System File Cache:
Hits:0
Misses:0
BM Queue:73,0,0
Proc:50,0,0
File:23,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:0,1,0
SetEngine:0,1,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:7738
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:3505646
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:8
TotalStreamCon:5699
TotalBitmap:57440
NTFS Cache Statistics:
TotalMisses:11825
TotalHits:132022
InstanceCacheHits:6
CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
**************************END RTP Perf Log*************************
Geändert von Shakka (21.05.2013 um 17:37 Uhr) |
|
21.05.2013, 20:09
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Facebook.vbs auf USB-Stick Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.05.2013, 02:31
| #5 |
| | Facebook.vbs auf USB-Stick Die Scans habe ich ohne angeschlossenen USB Stick durchgeführt. Ich hoffe, das war okay so. Ohnehin habe ich den USB Stick seitdem ich hier gepostet habe nicht mehr angeschlossen. Leider hatte ich beim ersten OTL Scan vergessen, den Haken bei "Scanne alle Benutzer" zu setzen, daher hier zuerst die Logs ohne Haken: OTL.txt: Code:
ATTFilter OTL logfile created on: 22.05.2013 02:57:48 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,92 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 43,08% Memory free 7,83 Gb Paging File | 5,11 Gb Available in Paging File | 65,31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 684,31 Gb Total Space | 577,81 Gb Free Space | 84,44% Space Free | Partition Type: NTFS Drive D: | 29,30 Gb Total Space | 0,02 Gb Free Space | 0,05% Space Free | Partition Type: NTFS Computer Name: CYBERPORT-PC | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Lenovo\Intelligent Touchpad\TouchZone.exe () PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3abd733e8fa28fafbfc99458fdf691da\System.Security.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Lenovo\Intelligent Touchpad\TouchZone.exe () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\SysWOW64\msjetoledb40.dll () MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (Intel(R) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation) SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.) SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (AMPPALR3) -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe () SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (BTHSSecurityMgr) -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation) SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) ========== Driver Services (SafeList) ========== DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.) DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (cymfltrService) -- C:\Windows\SysNative\drivers\cymfltr.sys (Cypress Semiconductor, Inc.) DRV:64bit: - (cykbfltrService) -- C:\Windows\SysNative\drivers\cykbfltr.sys (Cypress Semiconductor, Inc.) DRV:64bit: - (cyhid) -- C:\Windows\SysNative\drivers\cyhid.sys (Cypress Semiconductor, Inc.) DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation) DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation) DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation) DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation) DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation) DRV:64bit: - (btmaudio) -- C:\Windows\SysNative\drivers\btmaud.sys (Intel Corporation) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.) DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys (Sonix Technology Co., Ltd.) DRV:64bit: - (HybridDisk) -- C:\Windows\SysNative\drivers\HybridDiskX64.sys (Lenovo.) DRV:64bit: - (hybridcfile) -- C:\Windows\SysNative\drivers\HybridCFileX64.sys (Lenovo.) DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_deDE474 IE - HKCU\..\SearchScopes\{77AA7A54-D746-423B-A319-98827EBD25F9}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=a16111de-1c77-4f07-ad87-c12a8cafb25c&apn_sauid=BAD49594-8693-4785-8314-9006357B5ACC IE - HKCU\..\SearchScopes\{93E68F95-737E-4018-95D7-789C9E960C24}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ========== Chrome ========== CHR - default_search_provider: Conduit (Enabled) CHR - default_search_provider: search_url = hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT2801948 CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=48 CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\gcswf32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: YouTube = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: NCH EN = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\10.16.2.506_0\ CHR - Extension: Google Mail = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [CyCpIo] C:\Programme\Cypress\TrackPad\CyCpIo.exe (Cypress Semiconductor Corporation) O4:64bit: - HKLM..\Run: [CyHidWin] C:\Programme\Cypress\TrackPad\CyHidWin.exe (Cypress Semiconductor, Inc.) O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [ForteConfig] C:\Programme\CONEXANT\ForteConfig\fmapp.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Intelligent Touchpad] C:\Program Files (x86)\Lenovo\Intelligent Touchpad\TouchZone.exe () O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink) O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.) O4 - HKCU..\Run: [Facebook.vbs] "C:\Users\****\AppData\Local\Temp\Facebook.vbs" File not found O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E9FFE70-9FB6-414F-BAAA-45D98D1F7475}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DD66717-2FB1-4B77-A070-A48135AFF3AE}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{f557c26f-5747-11e2-90aa-4c8093451261}\Shell - "" = AutoRun O33 - MountPoints2\{f557c26f-5747-11e2-90aa-4c8093451261}\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\{f557c306-5747-11e2-90aa-4c8093451261}\Shell - "" = AutoRun O33 - MountPoints2\{f557c306-5747-11e2-90aa-4c8093451261}\Shell\AutoRun\command - "" = E:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.22 02:55:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2013.05.21 18:29:09 | 008,534,408 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2013.05.13 12:45:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.05.13 12:45:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013.05.13 12:41:11 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2013.05.13 12:41:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2013.05.13 12:41:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2013.05.13 12:41:10 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2013.05.13 12:41:10 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys [2013.05.13 12:41:10 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2013.05.13 12:41:09 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2013.05.13 12:41:09 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2013.05.13 12:41:09 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.05.13 12:41:09 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.05.13 12:41:09 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2013.05.13 12:41:09 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2013.05.13 12:41:09 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2013.05.13 12:41:09 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2013.05.13 12:41:09 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2013.05.13 12:41:09 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2013.05.13 12:41:09 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.05.13 12:41:09 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2013.05.13 12:41:09 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.05.13 12:41:09 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2013.05.13 12:41:09 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2013.05.13 12:41:08 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.05.13 12:41:08 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.05.13 12:41:08 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2013.05.13 12:41:08 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2013.05.13 12:40:24 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2013.05.13 12:40:23 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2013.05.13 12:40:23 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2013.05.13 12:32:18 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes [2013.05.13 12:32:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.13 12:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.13 12:31:59 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.05.13 12:31:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.05.13 12:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2013.05.13 12:26:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2013.04.29 11:40:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AB Frühlingswerkstatt ========== Files - Modified Within 30 Days ========== [2013.05.22 03:00:22 | 000,031,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.22 03:00:22 | 000,031,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.22 02:58:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.22 02:57:47 | 001,614,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.22 02:57:47 | 000,697,322 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.22 02:57:47 | 000,652,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.22 02:57:47 | 000,148,328 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.22 02:57:47 | 000,121,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.22 02:56:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2013.05.22 02:53:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.22 02:52:58 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.22 02:52:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.22 02:52:50 | 3153,268,736 | -HS- | M] () -- C:\hiberfil.sys [2013.05.21 18:29:21 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.21 18:29:21 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.21 18:29:10 | 008,534,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2013.05.15 20:07:02 | 000,067,928 | ---- | M] () -- C:\Users\Public\Documents\Unterrichtsplanung Symmetrie.pdf [2013.05.15 20:07:02 | 000,067,928 | ---- | M] () -- C:\Users\****\Desktop\Unterrichtsplanung Symmetrie.pdf [2013.05.15 20:06:52 | 000,022,775 | ---- | M] () -- C:\Users\Public\Documents\Unterrichtsplanung Symmetrie.odt [2013.05.15 20:06:52 | 000,022,775 | ---- | M] () -- C:\Users\****\Desktop\Unterrichtsplanung Symmetrie.odt [2013.05.13 12:45:32 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.04.30 18:18:27 | 000,119,124 | ---- | M] () -- C:\Users\****\Documents\Werkstatt 3.pdf ========== Files Created - No Company Name ========== [2013.05.15 20:18:28 | 000,067,928 | ---- | C] () -- C:\Users\****\Desktop\Unterrichtsplanung Symmetrie.pdf [2013.05.15 20:18:28 | 000,022,775 | ---- | C] () -- C:\Users\****\Desktop\Unterrichtsplanung Symmetrie.odt [2013.05.13 12:45:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.05.13 12:45:32 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.05.11 22:31:34 | 000,067,928 | ---- | C] () -- C:\Users\Public\Documents\Unterrichtsplanung Symmetrie.pdf [2013.05.11 19:56:17 | 000,022,775 | ---- | C] () -- C:\Users\Public\Documents\Unterrichtsplanung Symmetrie.odt [2013.04.30 18:18:27 | 000,119,124 | ---- | C] () -- C:\Users\****\Documents\Werkstatt 3.pdf [2012.03.06 15:07:13 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat [2012.01.06 19:04:29 | 001,591,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.01.06 19:03:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.01.06 18:58:13 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2012.01.06 18:57:48 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011.12.23 07:44:14 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.12.23 07:44:09 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.12.23 07:44:06 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.12.23 07:44:02 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.12.23 07:43:58 | 013,903,360 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.12.23 07:43:33 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.11.05 23:29:16 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2008.03.07 17:43:56 | 000,084,734 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2008.03.07 14:47:30 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 22.05.2013 02:57:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,92 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 43,08% Memory free
7,83 Gb Paging File | 5,11 Gb Available in Paging File | 65,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684,31 Gb Total Space | 577,81 Gb Free Space | 84,44% Space Free | Partition Type: NTFS
Drive D: | 29,30 Gb Total Space | 0,02 Gb Free Space | 0,05% Space Free | Partition Type: NTFS
Computer Name: CYBERPORT-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DE5E1F-5522-469B-917B-735606214F37}" = lport=139 | protocol=6 | dir=in | app=system |
"{11898D98-6C8B-449D-A2B7-3260E7A42A89}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1440C683-D216-4C0F-B0AB-E11A798B22BA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{22A0B024-E877-46CC-9035-C09744F296FA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3B9C5270-05F2-424F-93E7-460FE768F2F9}" = lport=137 | protocol=17 | dir=in | app=system |
"{5433E419-3F1B-4924-9093-C25B6EC82F1E}" = lport=138 | protocol=17 | dir=in | app=system |
"{5909DC2D-11D5-473E-A8FA-8F10686C3C7A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{596BDC4F-B34E-49F2-A66E-9CBA525CDBD6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5FC741AF-EB3B-4B71-A64F-22B4F98E5A92}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6FC2ED6D-274F-4062-87F0-C376B8FBBDCB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7F50513E-DB7E-46A2-83C6-403FE54DF2E0}" = rport=139 | protocol=6 | dir=out | app=system |
"{887ADCD7-2DC2-4801-BDDC-1F7847B60183}" = rport=445 | protocol=6 | dir=out | app=system |
"{91603165-A76E-407D-88A0-F1CA0BACBB97}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9B49EB6C-7BAC-4953-97B2-C3AC9DF3D204}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A9133D80-F58F-4337-8B0B-BBB9B17D4086}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B31C9C55-75B5-4B60-875E-7DF121B1F1B9}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{BEC36110-393E-4342-ACF3-06C77AE80918}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CC5DCA69-A3B4-454F-A91B-23213A542967}" = rport=137 | protocol=17 | dir=out | app=system |
"{D0B0E9D9-824E-496B-AEE3-81CB471BA91D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D1D0B992-25A1-4FFB-BF8B-D019D34F935E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D7720F69-4039-4C4E-A54D-EB8F55E102DB}" = rport=138 | protocol=17 | dir=out | app=system |
"{DF53888D-69C8-419F-9867-47F95F427FE9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E591F36F-FF0D-41F9-8A00-C4608A75BAE4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E7731312-E65B-4832-9CF7-BEFEC9BA8F4C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F103313D-9BFC-4DF6-9AF7-CCAD53764491}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02FF825F-715D-4F2B-BF72-E79E6F3CCF0F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0754AF5F-E2CB-421F-828D-90BC5E1DB4D0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{121CC999-B044-4204-A718-718E511F7F0F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{16934280-B72C-40B8-BEE1-8BF40460F2F8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{16FD38D6-C784-47B2-9307-5751384A6D51}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{21804C10-A4B8-4D5B-90C5-46A2BC93FC2B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2EC7E695-F050-4D50-BFFD-8C6F27B00795}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3881C58D-8CBE-457E-8E9A-AB4B93805563}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd10.exe |
"{3CCF642E-12F4-4540-8768-9AD7F8D57657}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{46872405-394C-449D-8754-AE9E6AA3C726}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{4C96B856-39D4-4974-9F6C-C15348BA42A9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5CBA1D4E-AFE1-4CC2-A62C-4F07FFEB96C6}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{63DB3F01-26AF-4A15-AD17-9A391B16B6B0}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{6935D317-D3DF-45C8-9485-8FDA3A138335}" = protocol=6 | dir=out | app=system |
"{6CB7D10D-9DAC-4335-BE32-D1A5D11A5114}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6E9C5116-E7AC-45BA-AAFC-CF2163E3E378}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{7AA820E0-C10B-4A1C-93C6-C823BBF0C719}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7E89FA16-1E44-4403-9655-02C4CECDB305}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8AEFB76F-6542-4190-A08A-3F5D866A1652}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{920A9F42-B17E-407B-9900-9C04C2763592}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{932DE051-58E1-4954-B8BD-55448E28AD0B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AA494033-0955-4A8E-97A6-EF9022F11C8E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B3D830B1-E70C-42BE-A5FB-DABD4B93B643}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B3F237AB-4E86-4D05-BC12-811FEEDBC937}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BA973E0E-DCEA-4303-B698-C47BA3214D37}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BB21EA61-C609-4C7E-BF4D-C628D6FAF8CB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CF6141CB-8DB6-4F58-BB05-4C19CC831999}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{E19CABA1-B198-4DCE-8B39-FCD52389DA8E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F7D8F07F-2EC0-42B8-99E3-113033705B65}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F816EDEB-A1B2-4AE1-8984-785DDF5A0761}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{216EFEDD-6665-1A06-BC5E-D66DB0F63E94}" = AMD Catalyst Install Manager
"{25EE6AF4-8FD6-4E09-AD9B-3ACC0B81D902}" = SRS Premium Sound Control Panel
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi-Software
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{44663264-E108-4938-BF9E-A767315072C9}" = Intel(R) Network Connections 16.3.48.0
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{7F2F6CC5-434B-4311-9DE2-60C7CAF50B73}_is1" = Cypress TrackPad
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B3B521D0-C0B9-F9FB-2F87-FAFBC23C131E}" = AMD Media Foundation Decoders
"{BF220B74-FCAE-2674-8939-CA8AC138278B}" = ccc-utility64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"03A1C6133CBCFD1D944CAC45762E2EC5CD524136" = Windows-Treiberpaket - Lenovo (ACPIVPC) System (08/04/2011 6.1.0.1)
"ATI Uninstaller" = ATI Uninstaller
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"PROSetDX" = Intel(R) Network Connections 16.3.48.0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{09A7C56F-3131-FA22-5D0A-6026D5AB5733}" = Catalyst Control Center Localization All
"{0A29AAE4-08D8-D865-E468-8CF1B4E2C0E4}" = CCC Help Norwegian
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13FCE396-40F7-C93F-F79B-2215627A76D2}" = PX Profile Update
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DEB3E6-87BA-28B7-E7C3-BA7305E91DFD}" = CCC Help Portuguese
"{233A7E16-A21A-3970-A0F1-1E84712A529E}" = CCC Help Russian
"{267BA0D6-1405-1181-0601-75133559A44E}" = CCC Help Greek
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Lenovo EasyCamera
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40F4FF7A-B214-4453-B973-080B09CED019}" = Absolute Reminder
"{4171D296-832D-D6C7-1A24-DB80A9D16A31}" = CCC Help Chinese Standard
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{52FDA874-17C5-18EC-1753-A389BC9FD155}" = CCC Help Japanese
"{53F80399-2F41-9067-4131-44253FF14881}" = CCC Help Thai
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{557100D3-1016-1409-FC90-D9C50F9D32E4}" = CCC Help Czech
"{56C9B0FB-3080-651E-7C80-C422CB3D27BF}" = CCC Help Hungarian
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5F75710E-3D36-B3AF-D2FB-48875CD10D0B}" = CCC Help German
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66DDDCFD-14D6-F579-C21B-87B12149991A}" = CCC Help Korean
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{81B13DC5-800B-1F1B-30B0-DC5D3083E4A1}" = CCC Help Italian
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9143971E-6162-804D-319A-6B9280C976E8}" = CCC Help Spanish
"{921DF4FA-FCCB-F72D-E625-B9634DDCC797}" = Catalyst Control Center
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94D24AEA-D6DB-70AE-C560-E346F9EFAA5C}" = CCC Help English
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96D35AEA-E736-DB41-B600-C427A3137B29}" = CCC Help Dutch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1F6929-ECAF-9F73-E8BB-B3176925E5AF}" = CCC Help Finnish
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E292145-51DD-2B95-B04C-3D90F0A4BF6B}" = CCC Help Chinese Traditional
"{A1A2D971-FD11-A5E6-B6FD-57822E2DF67A}" = CCC Help French
"{A4D65972-71A0-1C92-AECC-BB8017E51C8D}" = CCC Help Danish
"{A5FE05E7-8EB8-452E-6D5F-5D9453EB7855}" = CCC Help Polish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB044210-33FB-CFB2-3962-B6BC770B3A56}" = Catalyst Control Center Graphics Previews Common
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B5DF52CC-6A6C-8FF4-867B-0F2759DB144F}" = CCC Help Swedish
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF3637CF-C793-4842-A653-3C1DA2AE2853}" = Catalyst Control Center - Branding
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0C90720-0243-0886-B9E0-FC59F9B1A29B}" = Catalyst Control Center Profiles Mobile
"{D159483E-93B4-7072-2AE5-0C771481FEC5}" = CCC Help Turkish
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1B934BB-6AFA-429F-98E4-76F9CBC72BF6}" = Intel(R) WiDi
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E6A03223-47BC-F37E-AD0C-A98B821A3C21}" = Catalyst Control Center InstallProxy
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F493761C-E465-4B9E-9FC1-A312F161DE0A}" = Active Protection System
"{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF}" = Vodafone Mobile Connect Lite Huawei
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDB0A81A-1173-4B15-BEA4-89FEA0474F17}" = Intelligent Touchpad
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"f42012" = f4 2012
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD 10
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PitchPerfect" = PitchPerfect Musical Instrument Tuner
"ProInst" = Intel PROSet Wireless
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.04.2013 04:31:48 | Computer Name = Cyberport-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 30.04.2013 06:09:04 | Computer Name = Cyberport-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.04.2013 07:05:23 | Computer Name = Cyberport-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WScript.exe, Version: 5.8.7600.16385,
Zeitstempel: 0x4a5bca28 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2
ID
des fehlerhaften Prozesses: 0x1308 Startzeit der fehlerhaften Anwendung: 0x01ce458ad33e22a4
Pfad
der fehlerhaften Anwendung: C:\Windows\System32\WScript.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: da0a577a-b185-11e2-8c15-4c8093451261
Error - 30.04.2013 07:37:01 | Computer Name = Cyberport-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.04.2013 07:47:57 | Computer Name = Cyberport-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 30.04.2013 12:52:18 | Computer Name = Cyberport-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.04.2013 14:53:10 | Computer Name = Cyberport-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.05.2013 03:48:23 | Computer Name = Cyberport-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.05.2013 04:23:19 | Computer Name = Cyberport-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 01.05.2013 16:00:17 | Computer Name = Cyberport-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 17.05.2013 12:15:59 | Computer Name = Cyberport-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.149.1816.0 Aktualisierungsquelle:
%%859 Aktualisierungsphase: %%852 Quellpfad: hxxp://www.microsoft.com Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9402.0 Fehlercode: 0x8024402c Fehlerbeschreibung: Unerwartetes
Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
oder zur Problembehandlung finden Sie unter "Hilfe und Support".
Error - 18.05.2013 16:33:56 | Computer Name = Cyberport-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Google Update-Dienst (gupdate)" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 18.05.2013 16:34:26 | Computer Name = Cyberport-PC | Source = DCOM | ID = 10010
Description =
Error - 18.05.2013 16:35:15 | Computer Name = Cyberport-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 21.05.2013 11:25:40 | Computer Name = Cyberport-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.149.1816.0 Aktualisierungsquelle:
%%859 Aktualisierungsphase: %%852 Quellpfad: hxxp://www.microsoft.com Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9402.0 Fehlercode: 0x8024402c Fehlerbeschreibung: Unerwartetes
Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
oder zur Problembehandlung finden Sie unter "Hilfe und Support".
Error - 21.05.2013 11:25:40 | Computer Name = Cyberport-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.149.1816.0 Aktualisierungsquelle:
%%851 Aktualisierungsphase: %%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9402.0&avdelta=1.149.1816.0&asdelta=1.149.1816.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9402.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: Der
Servername oder die Serveradresse konnte nicht verarbeitet werden.
Error - 21.05.2013 11:25:40 | Computer Name = Cyberport-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.149.1816.0 Aktualisierungsquelle:
%%851 Aktualisierungsphase: %%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9402.0&avdelta=1.149.1816.0&asdelta=1.149.1816.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%801 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9402.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: Der
Servername oder die Serveradresse konnte nicht verarbeitet werden.
Error - 21.05.2013 11:25:41 | Computer Name = Cyberport-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 101.4.0.0 Aktualisierungsquelle: %%851
Aktualisierungsphase:
%%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=2.1.9402.0&sig=101.4.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%886 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion:
Vorherige Modulversion: 2.1.9402.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: Der
Servername oder die Serveradresse konnte nicht verarbeitet werden.
Error - 21.05.2013 11:38:07 | Computer Name = Cyberport-PC | Source = Microsoft Antimalware | ID = 1119
Description = Beim Anwenden von Aktionen auf Schadsoftware und potenziell unerwünschte
Software wurde von %%860 ein schwerwiegender Fehler festgestellt. Weitere Informationen
finden Sie hier: hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Worm:VBS/Linxer.A&threatid=2147681518
Name:
Worm:VBS/Linxer.A ID: 2147681518 Schweregrad: Schwerwiegend Kategorie: Wurm Pfad: file:_C:\Users\****\AppData\Local\Temp\Facebook.vbs;file:_C:\Users\****\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\FlashPlayerPlug.lnk;regkey:_HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs;runkey:_HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Ursprung
der Erkennung: %%845 Typ der Erkennung: %%822 Quelle der Erkennung: %%818 Benutzer:
NT-AUTORITÄT\SYSTEM Prozessname: C:\Windows\System32\wscript.exe Aktion: %%809 Aktionsstatus:
No additional actions required Fehlercode: 0x80070020 Fehlerbeschreibung: Der Prozess
kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. Signaturversion: AV: 1.151.563.0, AS: 1.151.563.0, NIS: 104.0.0.0 Modulversion:
AM: 1.1.9506.0, NIS: 2.1.9510.0
Error - 21.05.2013 12:00:30 | Computer Name = Cyberport-PC | Source = Microsoft Antimalware | ID = 1119
Description = Beim Anwenden von Aktionen auf Schadsoftware und potenziell unerwünschte
Software wurde von %%860 ein schwerwiegender Fehler festgestellt. Weitere Informationen
finden Sie hier: hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Worm:VBS/Linxer.A&threatid=2147681518
Name:
Worm:VBS/Linxer.A ID: 2147681518 Schweregrad: Schwerwiegend Kategorie: Wurm Pfad: file:_C:\Users\****\AppData\Local\Temp\Facebook.vbs;regkey:_HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs;runkey:_HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Ursprung
der Erkennung: %%845 Typ der Erkennung: %%822 Quelle der Erkennung: %%818 Benutzer:
NT-AUTORITÄT\SYSTEM Prozessname: C:\Windows\System32\wscript.exe Aktion: %%809 Aktionsstatus:
No additional actions required Fehlercode: 0x80070020 Fehlerbeschreibung: Der Prozess
kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. Signaturversion: AV: 1.151.563.0, AS: 1.151.563.0, NIS: 104.0.0.0 Modulversion:
AM: 1.1.9506.0, NIS: 2.1.9510.0
< End of report >
|
|
22.05.2013, 02:33
| #6 |
| | Facebook.vbs auf USB-Stick Und nun nochmal mit gesetztem Haken bei "Scanne alle Benutzer": OTL.txt: Code:
ATTFilter OTL logfile created on: 22.05.2013 03:16:08 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,92 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 44,21% Memory free 7,83 Gb Paging File | 4,98 Gb Available in Paging File | 63,61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 684,31 Gb Total Space | 577,46 Gb Free Space | 84,39% Space Free | Partition Type: NTFS Drive D: | 29,30 Gb Total Space | 0,02 Gb Free Space | 0,05% Space Free | Partition Type: NTFS Computer Name: CYBERPORT-PC | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Lenovo\Intelligent Touchpad\TouchZone.exe () PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3abd733e8fa28fafbfc99458fdf691da\System.Security.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL () MOD - C:\Program Files (x86)\Lenovo\Intelligent Touchpad\TouchZone.exe () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\SysWOW64\msjetoledb40.dll () MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (Intel(R) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation) SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.) SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (AMPPALR3) -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe () SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (BTHSSecurityMgr) -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation) SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) ========== Driver Services (SafeList) ========== DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.) DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (cymfltrService) -- C:\Windows\SysNative\drivers\cymfltr.sys (Cypress Semiconductor, Inc.) DRV:64bit: - (cykbfltrService) -- C:\Windows\SysNative\drivers\cykbfltr.sys (Cypress Semiconductor, Inc.) DRV:64bit: - (cyhid) -- C:\Windows\SysNative\drivers\cyhid.sys (Cypress Semiconductor, Inc.) DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation) DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation) DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation) DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation) DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation) DRV:64bit: - (btmaudio) -- C:\Windows\SysNative\drivers\btmaud.sys (Intel Corporation) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.) DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys (Sonix Technology Co., Ltd.) DRV:64bit: - (HybridDisk) -- C:\Windows\SysNative\drivers\HybridDiskX64.sys (Lenovo.) DRV:64bit: - (hybridcfile) -- C:\Windows\SysNative\drivers\HybridCFileX64.sys (Lenovo.) DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN IE - HKU\S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2351051258-829387-1154746032-1001\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found IE - HKU\S-1-5-21-2351051258-829387-1154746032-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-2351051258-829387-1154746032-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKU\S-1-5-21-2351051258-829387-1154746032-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_deDE474 IE - HKU\S-1-5-21-2351051258-829387-1154746032-1001\..\SearchScopes\{77AA7A54-D746-423B-A319-98827EBD25F9}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=a16111de-1c77-4f07-ad87-c12a8cafb25c&apn_sauid=BAD49594-8693-4785-8314-9006357B5ACC IE - HKU\S-1-5-21-2351051258-829387-1154746032-1001\..\SearchScopes\{93E68F95-737E-4018-95D7-789C9E960C24}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948 IE - HKU\S-1-5-21-2351051258-829387-1154746032-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ========== Chrome ========== CHR - default_search_provider: Conduit (Enabled) CHR - default_search_provider: search_url = hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT2801948 CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=48 CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\gcswf32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: YouTube = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: NCH EN = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\10.16.2.506_0\ CHR - Extension: Google Mail = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2351051258-829387-1154746032-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-2351051258-829387-1154746032-1001\..\Toolbar\WebBrowser: (no name) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No CLSID value found. O3 - HKU\S-1-5-21-2351051258-829387-1154746032-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [CyCpIo] C:\Programme\Cypress\TrackPad\CyCpIo.exe (Cypress Semiconductor Corporation) O4:64bit: - HKLM..\Run: [CyHidWin] C:\Programme\Cypress\TrackPad\CyHidWin.exe (Cypress Semiconductor, Inc.) O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [ForteConfig] C:\Programme\CONEXANT\ForteConfig\fmapp.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Intelligent Touchpad] C:\Program Files (x86)\Lenovo\Intelligent Touchpad\TouchZone.exe () O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink) O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2351051258-829387-1154746032-1001..\Run: [Facebook.vbs] "C:\Users\****\AppData\Local\Temp\Facebook.vbs" File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E9FFE70-9FB6-414F-BAAA-45D98D1F7475}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DD66717-2FB1-4B77-A070-A48135AFF3AE}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{f557c26f-5747-11e2-90aa-4c8093451261}\Shell - "" = AutoRun O33 - MountPoints2\{f557c26f-5747-11e2-90aa-4c8093451261}\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\{f557c306-5747-11e2-90aa-4c8093451261}\Shell - "" = AutoRun O33 - MountPoints2\{f557c306-5747-11e2-90aa-4c8093451261}\Shell\AutoRun\command - "" = E:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.22 02:55:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2013.05.21 18:29:09 | 008,534,408 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2013.05.13 12:45:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.05.13 12:45:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013.05.13 12:41:11 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2013.05.13 12:41:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2013.05.13 12:41:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2013.05.13 12:41:10 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2013.05.13 12:41:10 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys [2013.05.13 12:41:10 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2013.05.13 12:41:09 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2013.05.13 12:41:09 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2013.05.13 12:41:09 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.05.13 12:41:09 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.05.13 12:41:09 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2013.05.13 12:41:09 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2013.05.13 12:41:09 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2013.05.13 12:41:09 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2013.05.13 12:41:09 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2013.05.13 12:41:09 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2013.05.13 12:41:09 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.05.13 12:41:09 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2013.05.13 12:41:09 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.05.13 12:41:09 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2013.05.13 12:41:09 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2013.05.13 12:41:08 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.05.13 12:41:08 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.05.13 12:41:08 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2013.05.13 12:41:08 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2013.05.13 12:40:24 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2013.05.13 12:40:23 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2013.05.13 12:40:23 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2013.05.13 12:32:18 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes [2013.05.13 12:32:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.13 12:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.13 12:31:59 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.05.13 12:31:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.05.13 12:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2013.05.13 12:26:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2013.04.29 11:40:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AB Frühlingswerkstatt ========== Files - Modified Within 30 Days ========== [2013.05.22 03:02:48 | 001,636,028 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.22 03:02:48 | 000,697,322 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.22 03:02:48 | 000,652,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.22 03:02:48 | 000,148,328 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.22 03:02:48 | 000,121,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.22 03:00:22 | 000,031,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.22 03:00:22 | 000,031,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.22 02:58:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.22 02:56:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2013.05.22 02:53:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.22 02:52:58 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.22 02:52:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.22 02:52:50 | 3153,268,736 | -HS- | M] () -- C:\hiberfil.sys [2013.05.21 18:29:21 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.21 18:29:21 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.21 18:29:10 | 008,534,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2013.05.15 20:07:02 | 000,067,928 | ---- | M] () -- C:\Users\Public\Documents\Unterrichtsplanung Symmetrie.pdf [2013.05.15 20:07:02 | 000,067,928 | ---- | M] () -- C:\Users\****\Desktop\Unterrichtsplanung Symmetrie.pdf [2013.05.15 20:06:52 | 000,022,775 | ---- | M] () -- C:\Users\Public\Documents\Unterrichtsplanung Symmetrie.odt [2013.05.15 20:06:52 | 000,022,775 | ---- | M] () -- C:\Users\****\Desktop\Unterrichtsplanung Symmetrie.odt [2013.05.13 12:45:32 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.04.30 18:18:27 | 000,119,124 | ---- | M] () -- C:\Users\****\Documents\Werkstatt 3.pdf ========== Files Created - No Company Name ========== [2013.05.15 20:18:28 | 000,067,928 | ---- | C] () -- C:\Users\****\Desktop\Unterrichtsplanung Symmetrie.pdf [2013.05.15 20:18:28 | 000,022,775 | ---- | C] () -- C:\Users\****\Desktop\Unterrichtsplanung Symmetrie.odt [2013.05.13 12:45:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.05.13 12:45:32 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.05.11 22:31:34 | 000,067,928 | ---- | C] () -- C:\Users\Public\Documents\Unterrichtsplanung Symmetrie.pdf [2013.05.11 19:56:17 | 000,022,775 | ---- | C] () -- C:\Users\Public\Documents\Unterrichtsplanung Symmetrie.odt [2013.04.30 18:18:27 | 000,119,124 | ---- | C] () -- C:\Users\****\Documents\Werkstatt 3.pdf [2012.03.06 15:07:13 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat [2012.01.06 19:04:29 | 001,591,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.01.06 19:03:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.01.06 18:58:13 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2012.01.06 18:57:48 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011.12.23 07:44:14 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.12.23 07:44:09 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.12.23 07:44:06 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.12.23 07:44:02 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.12.23 07:43:58 | 013,903,360 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.12.23 07:43:33 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.11.05 23:29:16 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2008.03.07 17:43:56 | 000,084,734 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2008.03.07 14:47:30 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 22.05.2013 03:16:08 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,92 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 44,21% Memory free
7,83 Gb Paging File | 4,98 Gb Available in Paging File | 63,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684,31 Gb Total Space | 577,46 Gb Free Space | 84,39% Space Free | Partition Type: NTFS
Drive D: | 29,30 Gb Total Space | 0,02 Gb Free Space | 0,05% Space Free | Partition Type: NTFS
Computer Name: CYBERPORT-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DE5E1F-5522-469B-917B-735606214F37}" = lport=139 | protocol=6 | dir=in | app=system |
"{11898D98-6C8B-449D-A2B7-3260E7A42A89}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1440C683-D216-4C0F-B0AB-E11A798B22BA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{22A0B024-E877-46CC-9035-C09744F296FA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3B9C5270-05F2-424F-93E7-460FE768F2F9}" = lport=137 | protocol=17 | dir=in | app=system |
"{5433E419-3F1B-4924-9093-C25B6EC82F1E}" = lport=138 | protocol=17 | dir=in | app=system |
"{5909DC2D-11D5-473E-A8FA-8F10686C3C7A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{596BDC4F-B34E-49F2-A66E-9CBA525CDBD6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5FC741AF-EB3B-4B71-A64F-22B4F98E5A92}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6FC2ED6D-274F-4062-87F0-C376B8FBBDCB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7F50513E-DB7E-46A2-83C6-403FE54DF2E0}" = rport=139 | protocol=6 | dir=out | app=system |
"{887ADCD7-2DC2-4801-BDDC-1F7847B60183}" = rport=445 | protocol=6 | dir=out | app=system |
"{91603165-A76E-407D-88A0-F1CA0BACBB97}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9B49EB6C-7BAC-4953-97B2-C3AC9DF3D204}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A9133D80-F58F-4337-8B0B-BBB9B17D4086}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B31C9C55-75B5-4B60-875E-7DF121B1F1B9}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{BEC36110-393E-4342-ACF3-06C77AE80918}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CC5DCA69-A3B4-454F-A91B-23213A542967}" = rport=137 | protocol=17 | dir=out | app=system |
"{D0B0E9D9-824E-496B-AEE3-81CB471BA91D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D1D0B992-25A1-4FFB-BF8B-D019D34F935E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D7720F69-4039-4C4E-A54D-EB8F55E102DB}" = rport=138 | protocol=17 | dir=out | app=system |
"{DF53888D-69C8-419F-9867-47F95F427FE9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E591F36F-FF0D-41F9-8A00-C4608A75BAE4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E7731312-E65B-4832-9CF7-BEFEC9BA8F4C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F103313D-9BFC-4DF6-9AF7-CCAD53764491}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02FF825F-715D-4F2B-BF72-E79E6F3CCF0F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0754AF5F-E2CB-421F-828D-90BC5E1DB4D0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{121CC999-B044-4204-A718-718E511F7F0F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{16934280-B72C-40B8-BEE1-8BF40460F2F8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{16FD38D6-C784-47B2-9307-5751384A6D51}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{21804C10-A4B8-4D5B-90C5-46A2BC93FC2B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2EC7E695-F050-4D50-BFFD-8C6F27B00795}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3881C58D-8CBE-457E-8E9A-AB4B93805563}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd10.exe |
"{3CCF642E-12F4-4540-8768-9AD7F8D57657}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{46872405-394C-449D-8754-AE9E6AA3C726}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{4C96B856-39D4-4974-9F6C-C15348BA42A9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5CBA1D4E-AFE1-4CC2-A62C-4F07FFEB96C6}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{63DB3F01-26AF-4A15-AD17-9A391B16B6B0}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{6935D317-D3DF-45C8-9485-8FDA3A138335}" = protocol=6 | dir=out | app=system |
"{6CB7D10D-9DAC-4335-BE32-D1A5D11A5114}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6E9C5116-E7AC-45BA-AAFC-CF2163E3E378}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{7AA820E0-C10B-4A1C-93C6-C823BBF0C719}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7E89FA16-1E44-4403-9655-02C4CECDB305}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8AEFB76F-6542-4190-A08A-3F5D866A1652}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{920A9F42-B17E-407B-9900-9C04C2763592}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{932DE051-58E1-4954-B8BD-55448E28AD0B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AA494033-0955-4A8E-97A6-EF9022F11C8E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B3D830B1-E70C-42BE-A5FB-DABD4B93B643}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B3F237AB-4E86-4D05-BC12-811FEEDBC937}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BA973E0E-DCEA-4303-B698-C47BA3214D37}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BB21EA61-C609-4C7E-BF4D-C628D6FAF8CB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CF6141CB-8DB6-4F58-BB05-4C19CC831999}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{E19CABA1-B198-4DCE-8B39-FCD52389DA8E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F7D8F07F-2EC0-42B8-99E3-113033705B65}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F816EDEB-A1B2-4AE1-8984-785DDF5A0761}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{216EFEDD-6665-1A06-BC5E-D66DB0F63E94}" = AMD Catalyst Install Manager
"{25EE6AF4-8FD6-4E09-AD9B-3ACC0B81D902}" = SRS Premium Sound Control Panel
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi-Software
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{44663264-E108-4938-BF9E-A767315072C9}" = Intel(R) Network Connections 16.3.48.0
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{7F2F6CC5-434B-4311-9DE2-60C7CAF50B73}_is1" = Cypress TrackPad
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B3B521D0-C0B9-F9FB-2F87-FAFBC23C131E}" = AMD Media Foundation Decoders
"{BF220B74-FCAE-2674-8939-CA8AC138278B}" = ccc-utility64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"03A1C6133CBCFD1D944CAC45762E2EC5CD524136" = Windows-Treiberpaket - Lenovo (ACPIVPC) System (08/04/2011 6.1.0.1)
"ATI Uninstaller" = ATI Uninstaller
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"PROSetDX" = Intel(R) Network Connections 16.3.48.0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{09A7C56F-3131-FA22-5D0A-6026D5AB5733}" = Catalyst Control Center Localization All
"{0A29AAE4-08D8-D865-E468-8CF1B4E2C0E4}" = CCC Help Norwegian
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13FCE396-40F7-C93F-F79B-2215627A76D2}" = PX Profile Update
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DEB3E6-87BA-28B7-E7C3-BA7305E91DFD}" = CCC Help Portuguese
"{233A7E16-A21A-3970-A0F1-1E84712A529E}" = CCC Help Russian
"{267BA0D6-1405-1181-0601-75133559A44E}" = CCC Help Greek
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Lenovo EasyCamera
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40F4FF7A-B214-4453-B973-080B09CED019}" = Absolute Reminder
"{4171D296-832D-D6C7-1A24-DB80A9D16A31}" = CCC Help Chinese Standard
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{52FDA874-17C5-18EC-1753-A389BC9FD155}" = CCC Help Japanese
"{53F80399-2F41-9067-4131-44253FF14881}" = CCC Help Thai
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{557100D3-1016-1409-FC90-D9C50F9D32E4}" = CCC Help Czech
"{56C9B0FB-3080-651E-7C80-C422CB3D27BF}" = CCC Help Hungarian
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5F75710E-3D36-B3AF-D2FB-48875CD10D0B}" = CCC Help German
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66DDDCFD-14D6-F579-C21B-87B12149991A}" = CCC Help Korean
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{81B13DC5-800B-1F1B-30B0-DC5D3083E4A1}" = CCC Help Italian
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9143971E-6162-804D-319A-6B9280C976E8}" = CCC Help Spanish
"{921DF4FA-FCCB-F72D-E625-B9634DDCC797}" = Catalyst Control Center
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94D24AEA-D6DB-70AE-C560-E346F9EFAA5C}" = CCC Help English
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96D35AEA-E736-DB41-B600-C427A3137B29}" = CCC Help Dutch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1F6929-ECAF-9F73-E8BB-B3176925E5AF}" = CCC Help Finnish
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E292145-51DD-2B95-B04C-3D90F0A4BF6B}" = CCC Help Chinese Traditional
"{A1A2D971-FD11-A5E6-B6FD-57822E2DF67A}" = CCC Help French
"{A4D65972-71A0-1C92-AECC-BB8017E51C8D}" = CCC Help Danish
"{A5FE05E7-8EB8-452E-6D5F-5D9453EB7855}" = CCC Help Polish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB044210-33FB-CFB2-3962-B6BC770B3A56}" = Catalyst Control Center Graphics Previews Common
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B5DF52CC-6A6C-8FF4-867B-0F2759DB144F}" = CCC Help Swedish
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF3637CF-C793-4842-A653-3C1DA2AE2853}" = Catalyst Control Center - Branding
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0C90720-0243-0886-B9E0-FC59F9B1A29B}" = Catalyst Control Center Profiles Mobile
"{D159483E-93B4-7072-2AE5-0C771481FEC5}" = CCC Help Turkish
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1B934BB-6AFA-429F-98E4-76F9CBC72BF6}" = Intel(R) WiDi
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E6A03223-47BC-F37E-AD0C-A98B821A3C21}" = Catalyst Control Center InstallProxy
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F493761C-E465-4B9E-9FC1-A312F161DE0A}" = Active Protection System
"{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF}" = Vodafone Mobile Connect Lite Huawei
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDB0A81A-1173-4B15-BEA4-89FEA0474F17}" = Intelligent Touchpad
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"f42012" = f4 2012
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD 10
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PitchPerfect" = PitchPerfect Musical Instrument Tuner
"ProInst" = Intel PROSet Wireless
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.04.2013 04:31:48 | Computer Name = Cyberport-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 30.04.2013 06:09:04 | Computer Name = Cyberport-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.04.2013 07:05:23 | Computer Name = Cyberport-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WScript.exe, Version: 5.8.7600.16385,
Zeitstempel: 0x4a5bca28 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2
ID
des fehlerhaften Prozesses: 0x1308 Startzeit der fehlerhaften Anwendung: 0x01ce458ad33e22a4
Pfad
der fehlerhaften Anwendung: C:\Windows\System32\WScript.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: da0a577a-b185-11e2-8c15-4c8093451261
Error - 30.04.2013 07:37:01 | Computer Name = Cyberport-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.04.2013 07:47:57 | Computer Name = Cyberport-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 30.04.2013 12:52:18 | Computer Name = Cyberport-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.04.2013 14:53:10 | Computer Name = Cyberport-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.05.2013 03:48:23 | Computer Name = Cyberport-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.05.2013 04:23:19 | Computer Name = Cyberport-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 01.05.2013 16:00:17 | Computer Name = Cyberport-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 17.05.2013 12:15:59 | Computer Name = Cyberport-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.149.1816.0 Aktualisierungsquelle:
%%859 Aktualisierungsphase: %%852 Quellpfad: hxxp://www.microsoft.com Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9402.0 Fehlercode: 0x8024402c Fehlerbeschreibung: Unerwartetes
Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
oder zur Problembehandlung finden Sie unter "Hilfe und Support".
Error - 18.05.2013 16:33:56 | Computer Name = Cyberport-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Google Update-Dienst (gupdate)" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 18.05.2013 16:34:26 | Computer Name = Cyberport-PC | Source = DCOM | ID = 10010
Description =
Error - 18.05.2013 16:35:15 | Computer Name = Cyberport-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 21.05.2013 11:25:40 | Computer Name = Cyberport-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.149.1816.0 Aktualisierungsquelle:
%%859 Aktualisierungsphase: %%852 Quellpfad: hxxp://www.microsoft.com Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9402.0 Fehlercode: 0x8024402c Fehlerbeschreibung: Unerwartetes
Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
oder zur Problembehandlung finden Sie unter "Hilfe und Support".
Error - 21.05.2013 11:25:40 | Computer Name = Cyberport-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.149.1816.0 Aktualisierungsquelle:
%%851 Aktualisierungsphase: %%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9402.0&avdelta=1.149.1816.0&asdelta=1.149.1816.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9402.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: Der
Servername oder die Serveradresse konnte nicht verarbeitet werden.
Error - 21.05.2013 11:25:40 | Computer Name = Cyberport-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.149.1816.0 Aktualisierungsquelle:
%%851 Aktualisierungsphase: %%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9402.0&avdelta=1.149.1816.0&asdelta=1.149.1816.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%801 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9402.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: Der
Servername oder die Serveradresse konnte nicht verarbeitet werden.
Error - 21.05.2013 11:25:41 | Computer Name = Cyberport-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 101.4.0.0 Aktualisierungsquelle: %%851
Aktualisierungsphase:
%%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=2.1.9402.0&sig=101.4.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%886 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion:
Vorherige Modulversion: 2.1.9402.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: Der
Servername oder die Serveradresse konnte nicht verarbeitet werden.
Error - 21.05.2013 11:38:07 | Computer Name = Cyberport-PC | Source = Microsoft Antimalware | ID = 1119
Description = Beim Anwenden von Aktionen auf Schadsoftware und potenziell unerwünschte
Software wurde von %%860 ein schwerwiegender Fehler festgestellt. Weitere Informationen
finden Sie hier: hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Worm:VBS/Linxer.A&threatid=2147681518
Name:
Worm:VBS/Linxer.A ID: 2147681518 Schweregrad: Schwerwiegend Kategorie: Wurm Pfad: file:_C:\Users\****\AppData\Local\Temp\Facebook.vbs;file:_C:\Users\****\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\FlashPlayerPlug.lnk;regkey:_HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs;runkey:_HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Ursprung
der Erkennung: %%845 Typ der Erkennung: %%822 Quelle der Erkennung: %%818 Benutzer:
NT-AUTORITÄT\SYSTEM Prozessname: C:\Windows\System32\wscript.exe Aktion: %%809 Aktionsstatus:
No additional actions required Fehlercode: 0x80070020 Fehlerbeschreibung: Der Prozess
kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. Signaturversion: AV: 1.151.563.0, AS: 1.151.563.0, NIS: 104.0.0.0 Modulversion:
AM: 1.1.9506.0, NIS: 2.1.9510.0
Error - 21.05.2013 12:00:30 | Computer Name = Cyberport-PC | Source = Microsoft Antimalware | ID = 1119
Description = Beim Anwenden von Aktionen auf Schadsoftware und potenziell unerwünschte
Software wurde von %%860 ein schwerwiegender Fehler festgestellt. Weitere Informationen
finden Sie hier: hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Worm:VBS/Linxer.A&threatid=2147681518
Name:
Worm:VBS/Linxer.A ID: 2147681518 Schweregrad: Schwerwiegend Kategorie: Wurm Pfad: file:_C:\Users\****\AppData\Local\Temp\Facebook.vbs;regkey:_HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs;runkey:_HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Ursprung
der Erkennung: %%845 Typ der Erkennung: %%822 Quelle der Erkennung: %%818 Benutzer:
NT-AUTORITÄT\SYSTEM Prozessname: C:\Windows\System32\wscript.exe Aktion: %%809 Aktionsstatus:
No additional actions required Fehlercode: 0x80070020 Fehlerbeschreibung: Der Prozess
kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. Signaturversion: AV: 1.151.563.0, AS: 1.151.563.0, NIS: 104.0.0.0 Modulversion:
AM: 1.1.9506.0, NIS: 2.1.9510.0
< End of report >
|
|
22.05.2013, 09:36
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Facebook.vbs auf USB-Stick Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.05.2013, 19:20
| #8 |
| | Facebook.vbs auf USB-Stick Combofix.txt: Code:
ATTFilter ComboFix 13-05-22.01 - **** 22.05.2013 20:10:36.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4010.1714 [GMT 2:00]
ausgeführt von:: c:\users\****\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\SecureW2
c:\program files (x86)\SecureW2\Uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
c:\programdata\Roaming
c:\users\****\AppData\Local\TempDIR
c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-22 bis 2013-05-22 ))))))))))))))))))))))))))))))
.
.
2013-05-22 18:14 . 2013-05-22 18:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-22 18:05 . 2013-05-22 18:05 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5B5F3CFD-8F99-4F49-A8F3-127AC701F16C}\offreg.dll
2013-05-22 17:58 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5B5F3CFD-8F99-4F49-A8F3-127AC701F16C}\mpengine.dll
2013-05-22 01:01 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll
2013-05-22 01:01 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-22 01:01 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-05-21 16:29 . 2013-05-21 16:29 8534408 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-21 15:37 . 2013-05-21 15:36 964552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{684E25EB-482C-46FF-9A8D-B9D56650F3ED}\gapaengine.dll
2013-05-13 10:45 . 2013-05-13 10:45 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-05-13 10:40 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-13 10:40 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-05-13 10:40 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-05-13 10:40 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-05-13 10:40 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-05-13 10:40 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-05-13 10:40 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-05-13 10:40 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-05-13 10:40 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-05-13 10:40 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-05-13 10:32 . 2013-05-13 10:32 -------- d-----w- c:\users\****\AppData\Roaming\Malwarebytes
2013-05-13 10:32 . 2013-05-13 10:32 -------- d-----w- c:\programdata\Malwarebytes
2013-05-13 10:31 . 2013-05-13 10:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-13 10:31 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-13 10:26 . 2013-05-13 10:26 -------- d-----w- c:\program files (x86)\Microsoft
2013-04-25 18:02 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-22 18:00 . 2012-11-01 21:12 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-21 16:29 . 2013-04-07 20:42 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-21 16:29 . 2013-04-07 20:42 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-13 10:44 . 2010-06-24 10:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-25 18:12 . 2012-06-13 07:52 905296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-13 05:49 . 2013-05-22 01:05 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-22 01:05 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-22 01:05 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-22 01:05 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-22 01:05 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-22 01:05 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-03-19 06:04 . 2013-04-10 11:31 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 11:31 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 11:31 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 11:31 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 11:31 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 11:31 112640 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-06 343168]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"RemoteControl10"="c:\program files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"Intelligent Touchpad"="c:\program files (x86)\Lenovo\Intelligent Touchpad\TouchZone.exe" [2011-08-01 291272]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
"MobileConnect"="c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-03-13 2060288]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SRS Premium Surround Sound.lnk - c:\program files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2011-11-7 2153344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-05-19 995392]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-05-19 1335360]
R3 cpuz135;cpuz135;c:\users\CYBERP~1\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-09-08 34200]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-27 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 HybridDisk;HybridDisk;c:\windows\System32\DRIVERS\HybridDiskX64.sys [2010-03-02 38496]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2012-01-06 39008]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2009-12-09 23648]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-07-18 27760]
S1 hybridcfile;hybridcfile;c:\windows\system32\DRIVERS\HybridCFileX64.sys [2010-03-02 13920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-06 204288]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-31 1166848]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-07-18 86224]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-05-19 921664]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-17 198784]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-04-11 171176]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-03-13 24576]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2012-01-06 30816]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-05-19 51712]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-05-19 53248]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-07-19 282624]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-01-28 31088]
S3 cyhid;Cypress Input Device;c:\windows\system32\DRIVERS\cyhid.sys [2011-09-29 116736]
S3 cykbfltrService;Cypress Keyboard Filter Driver;c:\windows\system32\DRIVERS\cykbfltr.sys [2011-09-29 13312]
S3 cymfltrService;Cypress Trackpad Filter Driver;c:\windows\system32\DRIVERS\cymfltr.sys [2011-09-29 77312]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-07-19 59904]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-09-26 12309440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-09-08 25496]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-12 12:16 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-07 16:29]
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-06 17:13]
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-06 17:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-26 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-26 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-26 416024]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-06-03 524928]
"CyCpIo"="c:\program files\Cypress\TrackPad\CyCpIo.exe" [2011-09-29 2366976]
"CyHidWin"="c:\program files\Cypress\TrackPad\CyHidWin.exe" [2011-09-29 2353664]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-27 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952]
"TpShocks"="c:\windows\System32\TpShocks.exe" [2010-03-15 231328]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-01-06 9768352]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-01-06 5940128]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
Toolbar-Locked - (no file)
WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)
AddRemove-f42012 - c:\program files (x86)\f4_2012\uninstall.exe
AddRemove-SecureW2 EAP Suite - c:\program files (x86)\SecureW2\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-22 20:17:16
ComboFix-quarantined-files.txt 2013-05-22 18:17
.
Vor Suchlauf: 8 Verzeichnis(se), 620.359.016.448 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 620.491.554.816 Bytes frei
.
- - End Of File - - 3C129E41A3C032B7898DCDEDC6984D2A
|
|
22.05.2013, 20:36
| #9 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Facebook.vbs auf USB-StickZitat:
 Warum betreibst du MSE und AntiVir gleichzeitig, noch nie davon gehört, dass man es tunlichst unterlassen sollte zwei oder mehr solcher Scanner parallel zu verwenden?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.05.2013, 21:36
| #10 |
| | Facebook.vbs auf USB-Stick Wie gesagt, es ist der PC meiner Freundin. Sie schien es wohl für sicherer zu halten, gleich zwei zu haben, keine Ahnung. Hast du eine Empfehlung, welcher der beiden entfernt werden soll? Während des Combofix Scans hatte ich allerdings sowohl MSE als auch Antivir deaktiviert. Hat der Scan nicht funktioniert? |
|
22.05.2013, 21:43
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Facebook.vbs auf USB-Stick Es ging eher um das Allgemeine, nicht jetzt um CF; zwei Virenscanner sollte man tunlichst meiden, also sowas wie MSE und AntiVir. Welchen ihr behaltet müsst ihr wissen. Ich würde zu MSE tendieren. Oder Avast allein. Wenn es einer sein muss - auf meinen Windows-VMs hab ich wenn überhaupt nur Malwarebytes drauf. Deinstalliere einen der beiden und gib dann bitte Bescheid.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.05.2013, 22:04
| #12 |
| | Facebook.vbs auf USB-Stick So, Antivir habe ich entfernt, MSE ist nun der einzige noch installierte Echtzeitscanner. |
|
22.05.2013, 22:07
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Facebook.vbs auf USB-Stick Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.05.2013, 23:35
| #14 |
| | Facebook.vbs auf USB-Stick Zuerst Gmer.txt: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-23 00:18:10
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.AXM1 728,45GB
Running: nv6evsnh.exe; Driver: C:\Users\****\AppData\Local\Temp\pxrdruoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002fac000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff80002fac02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[2572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e21465 2 bytes [E2, 76]
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[2572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e214bb 2 bytes [E2, 76]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [2700] entry point in ".rdata" section 000000006f4071e6
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e21465 2 bytes [E2, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e214bb 2 bytes [E2, 76]
.text ... * 2
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e21465 2 bytes [E2, 76]
.text C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e214bb 2 bytes [E2, 76]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5332:5140] 0000000076147587
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5332:5428] 0000000074900cb3
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5332:2384] 0000000077942e25
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5332:5748] 0000000077943e45
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5332:6852] 0000000077943e45
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4c8093451261
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4c8093451261 (not active ControlSet)
---- EOF - GMER 2.1 ----
Und anschließend das MBAR Log: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.22.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
**** :: CYBERPORT-PC [administrator]
23.05.2013 00:30:56
mbar-log-2013-05-23 (00-30-56).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 9777
Time elapsed: 4 minute(s), 49 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
23.05.2013, 09:50
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Facebook.vbs auf USB-Stick aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Facebook.vbs auf USB-Stick |
| c:/windows/system32/cmd.exe/c, cmd.exe, dateien, dateiname, ebenfalls, explorer.exe, extension.mismatch, fenster, folgende, freundin, klicken, name:worm:vbs/linxer.a, problem, stick, usb stick, versteckte, verweisen, virus, worm:vbs/linxer.a, öffnen |
Linear-Darstellung
