Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Facebook.vbs auf USB-Stick

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.05.2013, 23:09   #1
Shakka
 
Facebook.vbs auf USB-Stick - Standard

Facebook.vbs auf USB-Stick



Hallo,

Meine Freundin hat sich auf ihrem Windows 7 Laptop einen Virus eingefangen.
Zum ersten Mal hat sie ihn vor ca. drei Wochen bemerkt, als alle Dateien auf ihrem USB Stick plötzlich Verknüpfungen waren. Die Dateien ließen sich dabei durch Anklicken der Verknüpfungen noch öffnen, aber es erscheinte vorher jedesmal kurz ein schwarzes Fenster (ich nehme an, sie meint das cmd.exe Fenster). Sie ignorierte das Problem erstmal. Nun hat sie vor ein paar Tagen einen zweiten Stick gekauft, da sie meinte, der erste wäre schlicht hinüber, auf dem das gleiche Problem sofort ebenfalls auftrat.

Die echten Dateien sind dabei auf dem Stick noch verhanden, aber als versteckte Dateien. Sichtbar sind nur die gleichnamigen Verknüpfungen.
Die Verknüpfungen verweisen auf folgenden Pfad:
C:/Windows/system32/cmd.exe/c start Facebook.vbs&explorer.exe Dateiname & exit

Vielen Dank im Voraus für eure Hilfe.

Alt 21.05.2013, 13:52   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Facebook.vbs auf USB-Stick - Standard

Facebook.vbs auf USB-Stick



Hallo,

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 21.05.2013, 16:59   #3
Shakka
 
Facebook.vbs auf USB-Stick - Standard

Facebook.vbs auf USB-Stick



Ja, es wurde bereits gescannt. Tut mir leid, dass ich nicht daran gedacht hatte, die Logs zu posten, aber alle Scans waren ohne Fund geblieben, deshalb hatte ich das vergessen.

Zuerst hat meine Freundin in den drei Wochen zweimal mit Antivir gescannt, zuerst am 4. Mai:

Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 4. Mai 2013  19:51

Es wird nach 4469675 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Home Premium
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : CYBERPORT-PC

Versionsinformationen:
BUILD.DAT      : 12.1.9.1236    40872 Bytes  11.10.2012 15:29:00
AVSCAN.EXE     : 12.3.0.48     468256 Bytes  20.11.2012 11:26:59
AVSCAN.DLL     : 12.3.0.15      66256 Bytes  18.07.2012 16:04:38
LUKE.DLL       : 12.3.0.15      68304 Bytes  18.07.2012 16:04:31
AVSCPLR.DLL    : 12.3.0.27      97064 Bytes  18.07.2012 16:04:24
AVREG.DLL      : 12.3.0.33     232232 Bytes  18.07.2012 16:04:23
VBASE000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 09:59:24
VBASE001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 10:14:08
VBASE002.VDF   : 7.11.74.227     2048 Bytes  30.04.2013 10:14:09
VBASE003.VDF   : 7.11.74.228     2048 Bytes  30.04.2013 10:14:09
VBASE004.VDF   : 7.11.74.229     2048 Bytes  30.04.2013 10:14:09
VBASE005.VDF   : 7.11.74.230     2048 Bytes  30.04.2013 10:14:09
VBASE006.VDF   : 7.11.74.231     2048 Bytes  30.04.2013 10:14:09
VBASE007.VDF   : 7.11.74.232     2048 Bytes  30.04.2013 10:14:09
VBASE008.VDF   : 7.11.74.233     2048 Bytes  30.04.2013 10:14:09
VBASE009.VDF   : 7.11.74.234     2048 Bytes  30.04.2013 10:14:09
VBASE010.VDF   : 7.11.74.235     2048 Bytes  30.04.2013 10:14:09
VBASE011.VDF   : 7.11.74.236     2048 Bytes  30.04.2013 10:14:09
VBASE012.VDF   : 7.11.74.237     2048 Bytes  30.04.2013 10:14:09
VBASE013.VDF   : 7.11.74.238     2048 Bytes  30.04.2013 10:14:09
VBASE014.VDF   : 7.11.74.239     2048 Bytes  30.04.2013 10:14:09
VBASE015.VDF   : 7.11.74.240     2048 Bytes  30.04.2013 10:14:09
VBASE016.VDF   : 7.11.74.241     2048 Bytes  30.04.2013 10:14:09
VBASE017.VDF   : 7.11.74.242     2048 Bytes  30.04.2013 10:14:09
VBASE018.VDF   : 7.11.74.243     2048 Bytes  30.04.2013 10:14:10
VBASE019.VDF   : 7.11.74.244     2048 Bytes  30.04.2013 10:14:10
VBASE020.VDF   : 7.11.74.245     2048 Bytes  30.04.2013 10:14:10
VBASE021.VDF   : 7.11.74.246     2048 Bytes  30.04.2013 10:14:10
VBASE022.VDF   : 7.11.74.247     2048 Bytes  30.04.2013 10:14:10
VBASE023.VDF   : 7.11.74.248     2048 Bytes  30.04.2013 10:14:10
VBASE024.VDF   : 7.11.74.249     2048 Bytes  30.04.2013 10:14:10
VBASE025.VDF   : 7.11.74.250     2048 Bytes  30.04.2013 10:14:10
VBASE026.VDF   : 7.11.74.251     2048 Bytes  30.04.2013 10:14:10
VBASE027.VDF   : 7.11.74.252     2048 Bytes  30.04.2013 10:14:10
VBASE028.VDF   : 7.11.74.253     2048 Bytes  30.04.2013 10:14:10
VBASE029.VDF   : 7.11.74.254     2048 Bytes  30.04.2013 10:14:10
VBASE030.VDF   : 7.11.74.255     2048 Bytes  30.04.2013 10:14:10
VBASE031.VDF   : 7.11.75.86    136192 Bytes  01.05.2013 19:20:00
Engineversion  : 8.2.12.32 
AEVDF.DLL      : 8.1.2.10      102772 Bytes  21.08.2012 09:40:16
AESCRIPT.DLL   : 8.1.4.108     483709 Bytes  27.04.2013 23:12:41
AESCN.DLL      : 8.1.10.4      131446 Bytes  26.03.2013 21:08:54
AESBX.DLL      : 8.2.5.12      606578 Bytes  18.07.2012 16:04:20
AERDL.DLL      : 8.2.0.88      643444 Bytes  11.01.2013 11:37:57
AEPACK.DLL     : 8.3.2.6       827767 Bytes  06.04.2013 09:59:51
AEOFFICE.DLL   : 8.1.2.56      205180 Bytes  08.03.2013 16:30:27
AEHEUR.DLL     : 8.1.4.318    5894521 Bytes  27.04.2013 23:12:41
AEHELP.DLL     : 8.1.25.2      258423 Bytes  20.10.2012 13:07:46
AEGEN.DLL      : 8.1.7.2       442741 Bytes  26.03.2013 21:08:53
AEEXP.DLL      : 8.4.0.24      196982 Bytes  27.04.2013 23:12:41
AEEMU.DLL      : 8.1.3.2       393587 Bytes  21.08.2012 09:40:13
AECORE.DLL     : 8.1.31.2      201080 Bytes  19.02.2013 12:26:34
AEBB.DLL       : 8.1.1.4        53619 Bytes  05.11.2012 21:26:23
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  18.07.2012 16:04:25
AVPREF.DLL     : 12.3.0.32      50720 Bytes  20.11.2012 11:26:58
AVREP.DLL      : 12.3.0.15     179208 Bytes  18.07.2012 16:04:23
AVARKT.DLL     : 12.3.0.33     209696 Bytes  20.11.2012 11:26:58
AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  18.07.2012 16:04:22
SQLITE3.DLL    : 3.7.0.1       398288 Bytes  18.07.2012 16:04:34
AVSMTP.DLL     : 12.3.0.32      63480 Bytes  18.07.2012 16:04:24
NETNT.DLL      : 12.3.0.15      17104 Bytes  18.07.2012 16:04:31
RCIMAGE.DLL    : 12.3.0.31    4444408 Bytes  18.07.2012 16:04:41
RCTEXT.DLL     : 12.3.0.32      98848 Bytes  20.11.2012 11:26:08

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, Q:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Samstag, 4. Mai 2013  19:51

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD2
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'Q:\'
    [INFO]      Es wurde kein Virus gefunden!
    [INFO]      Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf nach versteckten Objekten wird begonnen.
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\AppDomains\Communications.CCC.exe.CCC.5164
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\AppDomains\Communications.MOM.exe.MOM.4012
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\Processes\4012
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\Processes\5164
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\Settings\Graphics\PowerXpress\Px4.0\ProfiledAppList\0Filepath
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\Settings\Graphics\PowerXpress\Px4.0\ProfiledAppList\0Filepath
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\Settings\Graphics\PowerXpress\Px4.0\ProfiledAppList\0Filepath
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\Settings\Graphics\PowerXpress\Px4.0\ProfiledAppList\2Filepath
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\Settings\Runtime\Runtime Graphics Caste Initialize Finishing
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\Settings\Runtime\Runtime Fuel Caste Constructor
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\Settings\Runtime\Runtime Fuel Caste Constructor ProcTime
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\Settings\Runtime\Runtime Fuel Caste Constructor ProcTime
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\Settings\Runtime\Runtime Fuel Caste HotKey
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\Settings\Runtime\Runtime Platform Caste Aspect ProcTime
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\Settings\Runtime\Runtime Platform Caste Aspect ProcTime
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\Settings\Runtime\Runtime HydraVision Caste HotKey
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\Settings\Runtime\RuntimePublish
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\ATI\ACE\Settings\Runtime\RuntimeStartUp
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\Software\Microsoft\Direct3D\MostRecentApplication\Name
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTPlayerCtrl.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'MobileConnect.exe' - '125' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'YCMMirage.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'TouchZone.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVD10Serv.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'nusb3mon.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'mediasrv.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'CVHSVC.EXE' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftlist.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'obexsrv.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'VMCService.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftvsa.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'devmonsrv.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '43' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1516' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Windows7_OS>
Beginne mit der Suche in 'D:\' <LENOVO>
Beginne mit der Suche in 'Q:\'
Der zu durchsuchende Pfad Q:\ konnte nicht geöffnet werden!
Systemfehler [5]: Zugriff verweigert


Ende des Suchlaufs: Samstag, 4. Mai 2013  21:10
Benötigte Zeit:  1:18:39 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  25677 Verzeichnisse wurden überprüft
 761038 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 761038 Dateien ohne Befall
   8034 Archive wurden durchsucht
      0 Warnungen
     15 Hinweise
 617183 Objekte wurden beim Rootkitscan durchsucht
     19 Versteckte Objekte wurden gefunden
         
Danach am 11. Mai:

Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 11. Mai 2013  21:06

Es wird nach 4509628 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Home Premium
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : CYBERPORT-PC

Versionsinformationen:
BUILD.DAT      : 12.1.9.1236    40872 Bytes  11.10.2012 15:29:00
AVSCAN.EXE     : 12.3.0.48     468256 Bytes  20.11.2012 11:26:59
AVSCAN.DLL     : 12.3.0.15      66256 Bytes  18.07.2012 16:04:38
LUKE.DLL       : 12.3.0.15      68304 Bytes  18.07.2012 16:04:31
AVSCPLR.DLL    : 12.3.0.27      97064 Bytes  18.07.2012 16:04:24
AVREG.DLL      : 12.3.0.33     232232 Bytes  18.07.2012 16:04:23
VBASE000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 09:59:24
VBASE001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 10:14:08
VBASE002.VDF   : 7.11.74.227     2048 Bytes  30.04.2013 10:14:09
VBASE003.VDF   : 7.11.74.228     2048 Bytes  30.04.2013 10:14:09
VBASE004.VDF   : 7.11.74.229     2048 Bytes  30.04.2013 10:14:09
VBASE005.VDF   : 7.11.74.230     2048 Bytes  30.04.2013 10:14:09
VBASE006.VDF   : 7.11.74.231     2048 Bytes  30.04.2013 10:14:09
VBASE007.VDF   : 7.11.74.232     2048 Bytes  30.04.2013 10:14:09
VBASE008.VDF   : 7.11.74.233     2048 Bytes  30.04.2013 10:14:09
VBASE009.VDF   : 7.11.74.234     2048 Bytes  30.04.2013 10:14:09
VBASE010.VDF   : 7.11.74.235     2048 Bytes  30.04.2013 10:14:09
VBASE011.VDF   : 7.11.74.236     2048 Bytes  30.04.2013 10:14:09
VBASE012.VDF   : 7.11.74.237     2048 Bytes  30.04.2013 10:14:09
VBASE013.VDF   : 7.11.74.238     2048 Bytes  30.04.2013 10:14:09
VBASE014.VDF   : 7.11.75.97    181248 Bytes  02.05.2013 18:46:23
VBASE015.VDF   : 7.11.75.183   217600 Bytes  03.05.2013 18:46:23
VBASE016.VDF   : 7.11.76.27    183808 Bytes  04.05.2013 18:46:24
VBASE017.VDF   : 7.11.76.28      2048 Bytes  04.05.2013 18:46:24
VBASE018.VDF   : 7.11.76.29      2048 Bytes  04.05.2013 18:46:24
VBASE019.VDF   : 7.11.76.30      2048 Bytes  04.05.2013 18:46:24
VBASE020.VDF   : 7.11.76.31      2048 Bytes  04.05.2013 18:46:24
VBASE021.VDF   : 7.11.76.32      2048 Bytes  04.05.2013 18:46:24
VBASE022.VDF   : 7.11.76.33      2048 Bytes  04.05.2013 18:46:24
VBASE023.VDF   : 7.11.76.34      2048 Bytes  04.05.2013 18:46:24
VBASE024.VDF   : 7.11.76.35      2048 Bytes  04.05.2013 18:46:24
VBASE025.VDF   : 7.11.76.36      2048 Bytes  04.05.2013 18:46:24
VBASE026.VDF   : 7.11.76.37      2048 Bytes  04.05.2013 18:46:24
VBASE027.VDF   : 7.11.76.38      2048 Bytes  04.05.2013 18:46:24
VBASE028.VDF   : 7.11.76.39      2048 Bytes  04.05.2013 18:46:24
VBASE029.VDF   : 7.11.76.40      2048 Bytes  04.05.2013 18:46:24
VBASE030.VDF   : 7.11.76.41      2048 Bytes  04.05.2013 18:46:25
VBASE031.VDF   : 7.11.76.88     92672 Bytes  05.05.2013 18:46:25
Engineversion  : 8.2.12.34 
AEVDF.DLL      : 8.1.2.10      102772 Bytes  21.08.2012 09:40:16
AESCRIPT.DLL   : 8.1.4.110     483709 Bytes  05.05.2013 18:47:08
AESCN.DLL      : 8.1.10.4      131446 Bytes  26.03.2013 21:08:54
AESBX.DLL      : 8.2.5.12      606578 Bytes  18.07.2012 16:04:20
AERDL.DLL      : 8.2.0.88      643444 Bytes  11.01.2013 11:37:57
AEPACK.DLL     : 8.3.2.6       827767 Bytes  06.04.2013 09:59:51
AEOFFICE.DLL   : 8.1.2.56      205180 Bytes  08.03.2013 16:30:27
AEHEUR.DLL     : 8.1.4.336    5898617 Bytes  05.05.2013 18:47:07
AEHELP.DLL     : 8.1.25.2      258423 Bytes  20.10.2012 13:07:46
AEGEN.DLL      : 8.1.7.2       442741 Bytes  26.03.2013 21:08:53
AEEXP.DLL      : 8.4.0.26      201078 Bytes  05.05.2013 18:47:08
AEEMU.DLL      : 8.1.3.2       393587 Bytes  21.08.2012 09:40:13
AECORE.DLL     : 8.1.31.2      201080 Bytes  19.02.2013 12:26:34
AEBB.DLL       : 8.1.1.4        53619 Bytes  05.11.2012 21:26:23
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  18.07.2012 16:04:25
AVPREF.DLL     : 12.3.0.32      50720 Bytes  20.11.2012 11:26:58
AVREP.DLL      : 12.3.0.15     179208 Bytes  18.07.2012 16:04:23
AVARKT.DLL     : 12.3.0.33     209696 Bytes  20.11.2012 11:26:58
AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  18.07.2012 16:04:22
SQLITE3.DLL    : 3.7.0.1       398288 Bytes  18.07.2012 16:04:34
AVSMTP.DLL     : 12.3.0.32      63480 Bytes  18.07.2012 16:04:24
NETNT.DLL      : 12.3.0.15      17104 Bytes  18.07.2012 16:04:31
RCIMAGE.DLL    : 12.3.0.31    4444408 Bytes  18.07.2012 16:04:41
RCTEXT.DLL     : 12.3.0.32      98848 Bytes  20.11.2012 11:26:08

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, Q:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Samstag, 11. Mai 2013  21:06

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD2
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'Q:\'
    [INFO]      Es wurde kein Virus gefunden!
    [INFO]      Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '213' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'swriter.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTPlayerCtrl.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'MobileConnect.exe' - '125' Modul(e) wurden durchsucht
Durchsuche Prozess 'mediasrv.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'YCMMirage.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'TouchZone.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVD10Serv.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'nusb3mon.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'CVHSVC.EXE' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftlist.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'obexsrv.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'VMCService.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftvsa.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'devmonsrv.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '43' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1516' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Windows7_OS>
Beginne mit der Suche in 'D:\' <LENOVO>
Beginne mit der Suche in 'Q:\'
Der zu durchsuchende Pfad Q:\ konnte nicht geöffnet werden!
Systemfehler [5]: Zugriff verweigert


Ende des Suchlaufs: Samstag, 11. Mai 2013  23:04
Benötigte Zeit:  1:57:33 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  25678 Verzeichnisse wurden überprüft
 761294 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 761294 Dateien ohne Befall
   8042 Archive wurden durchsucht
      0 Warnungen
      0 Hinweise
 617525 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
         
Ich habe dann mit Malwarebytes Anti-Malware gescannt, zuerst ein Quick-Scan im abgesicherten Modus:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.13.02

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
Freundin :: CYBERPORT-PC [Administrator]

13.05.2013 13:22:31
mbam-log-2013-05-13 (13-22-31).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 214848
Laufzeit: 2 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Danach ein kompletter Scan, ebenfalls im abgesicherten Modus (E:\ ist der USB-Stick):

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.13.02

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
Freundin :: CYBERPORT-PC [Administrator]

13.05.2013 13:25:04
mbam-log-2013-05-13 (13-25-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 368973
Laufzeit: 23 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Freundin\Pictures\Maries Bilder\Mein Zuhause\2004_08_08 Mein Zimmer\IMG_1270.JPG (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Das gefundene Bild ist eines, was sie selbst dorthin kopiert hat. Wir haben es aber vorsichtshalber trotzdem in Quarantäne verschoben.

Abschliessend noch ein Quick-Scan im regulären Modus:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.13.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Freundin :: CYBERPORT-PC [Administrator]

13.05.2013 13:52:41
mbam-log-2013-05-13 (13-52-41).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 215759
Laufzeit: 3 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Während ich meinen letzten Post schrieb, hat sich plötzlich Microsoft Security Essentials gemeldet, dass es etwas gefunden hätte und ich dies bereinigen lassen sollen. Ich hab dann auf Bereinigen geklickt, ich hoffe, dass das nicht falsch war.

Nun scheint MSE ja keine einzelnen Logs anzulegen, sondern nur ein komplettes Log über alle seine Aktivitäten. Ich habe daher daraus alles kopiert, was seit dem Fund des Wurms geschrieben wurde:

Code:
ATTFilter
************************************************************
2013-05-21T15:37:52.175Z Task(SpyNetService -RestrictPrivileges -AccessKey B48A5851-F494-AD3F-6BB9-FF0639590FFC) launched
Begin Resource Scan
Scan ID:{A80AD7A8-005D-42FB-96F6-BCAEE151BB84}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:37:51
End Time:‎05‎-‎21‎-‎2013 17:37:53
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

2013-05-21T15:37:53.585Z DETECTIONEVENT Worm:VBS/Linxer.A file:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs;
2013-05-21T15:37:53.593Z DETECTION_ADD Worm:VBS/Linxer.A file:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
2013-05-21T15:37:53.609Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2013-05-21T15:37:53.616Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
Begin Resource Scan
Scan ID:{F085B126-FF43-4D26-A795-9A14635D87F6}
Scan Source:6
Start Time:‎05‎-‎21‎-‎2013 17:37:56
End Time:‎05‎-‎21‎-‎2013 17:37:56
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

2013-05-21T15:37:58.689Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2013-05-21T15:37:58.698Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
Begin Resource Scan
Scan ID:{A552822B-3F85-44E5-8378-989C6A240E1D}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:38:03
End Time:‎05‎-‎21‎-‎2013 17:38:03
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

2013-05-21T15:38:03.735Z DETECTION_ADD Worm:VBS/Linxer.A file:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
2013-05-21T15:38:05.568Z Process scan (postsignatureupdatescan) completed.
2013-05-21T15:38:07.465Z DETECTION_MERGE Worm:VBS/Linxer.A file:C:\Users\Freundin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
2013-05-21T15:38:07.465Z DETECTION_MERGE Worm:VBS/Linxer.A regkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
2013-05-21T15:38:07.465Z DETECTION_MERGE Worm:VBS/Linxer.A runkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
2013-05-21T15:38:07.465Z DETECTIONEVENT Worm:VBS/Linxer.A file:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs;file:C:\Users\Freundin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk;regkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs;runkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs;
Begin Resource Scan
Scan ID:{EEA4C650-48A4-47D9-99E1-3F576CEBB914}
Scan Source:6
Start Time:‎05‎-‎21‎-‎2013 17:37:56
End Time:‎05‎-‎21‎-‎2013 17:38:07
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:4
Resource Schema:regkey
Resource Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Extended Info:0
Resource Schema:runkey
Resource Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Extended Info:0
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
Extended Info:24600314983586
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

2013-05-21T15:38:07.848Z DETECTIONEVENT Worm:VBS/Linxer.A file:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs;
Begin Resource Scan
Scan ID:{64C63509-954F-4211-BC26-1A8B1E22F285}
Scan Source:10
Start Time:‎05‎-‎21‎-‎2013 17:38:07
End Time:‎05‎-‎21‎-‎2013 17:38:07
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Explicit resource to scan
Resource Schema:runkey
Resource Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:4
Resource Schema:regkey
Resource Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Extended Info:0
Resource Schema:runkey
Resource Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Extended Info:0
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
Extended Info:24600314983586
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

2013-05-21T15:38:07.867Z DETECTION_MERGE Worm:VBS/Linxer.A file:C:\Users\Freundin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
2013-05-21T15:38:07.867Z DETECTION_MERGE Worm:VBS/Linxer.A regkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
2013-05-21T15:38:07.867Z DETECTION_MERGE Worm:VBS/Linxer.A runkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
2013-05-21T15:38:07.868Z DETECTIONEVENT Worm:VBS/Linxer.A file:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs;file:C:\Users\Freundin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk;regkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs;runkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs;
Beginning threat actions
Start time:‎05‎-‎21‎-‎2013 17:38:07
Threat Name:Worm:VBS/Linxer.A
Threat ID:2147681518
Action:quarantine
Resource action complete:Quarantine
Schema:regkey
Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Threat ID:2147681518
Resource refcount:1
Result:0
Resource action complete:Quarantine
Schema:runkey
Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Threat ID:2147681518
Resource refcount:1
Result:0
Resource action complete:Quarantine
Schema:file
Path:\\?\C:\Users\Freundin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
Threat ID:2147681518
Resource refcount:1
Result:0
!ERROR
Resource action complete:Quarantine
Schema:file
Path:\\?\C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Threat ID:2147681518
Resource refcount:1
Result:32
!ERROR
Finished threat ID:2147681518
Threat result:32
Threat status flags:385
Finished threat actions
End time:‎05‎-‎21‎-‎2013 17:38:07
Result:0
DSS Timeout:Received results after timeout
2013-05-21T15:38:09.885Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2013-05-21T15:38:09.892Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
Begin Resource Scan
Scan ID:{F765FDD6-AD4B-491C-8BE3-D529DED30746}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:38:15
End Time:‎05‎-‎21‎-‎2013 17:38:15
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{A8536AB8-F5AD-41AB-A386-7DACDC3F2032}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:38:27
End Time:‎05‎-‎21‎-‎2013 17:38:27
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{7FEBF748-94D7-48A3-9C83-0EB4C95CB6D1}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:38:39
End Time:‎05‎-‎21‎-‎2013 17:38:39
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{53E8D336-FD3F-47B7-B2E1-174A6F54AC72}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:38:51
End Time:‎05‎-‎21‎-‎2013 17:38:51
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{D296DC02-9087-482D-9F92-AC67779EE8DF}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:39:03
End Time:‎05‎-‎21‎-‎2013 17:39:03
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{82A5DFDF-EADD-4A71-878A-8D2A425AA47A}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:39:15
End Time:‎05‎-‎21‎-‎2013 17:39:15
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{9AAA9B4A-2776-4968-99D8-75F70CB191F9}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:39:28
End Time:‎05‎-‎21‎-‎2013 17:39:28
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{C6927D04-D0A6-4589-A7BC-CF71AA07B6BE}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:39:40
End Time:‎05‎-‎21‎-‎2013 17:39:40
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{BFB286D5-DE72-4EED-8313-A22D7729633A}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:39:52
End Time:‎05‎-‎21‎-‎2013 17:39:52
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{F31420D4-3B9E-46CE-94A3-594C8A135046}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:40:04
End Time:‎05‎-‎21‎-‎2013 17:40:04
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{17B9F743-E7AF-4417-978C-443ECA26245A}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:40:16
End Time:‎05‎-‎21‎-‎2013 17:40:16
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{147B71CD-8A18-461E-945F-E838C080B8F9}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:40:28
End Time:‎05‎-‎21‎-‎2013 17:40:28
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{412A5ADD-1C25-4A70-B95D-4F76C34D1AE8}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:40:40
End Time:‎05‎-‎21‎-‎2013 17:40:40
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{7D69E43E-1719-4E3D-BE79-71DCA50AE95C}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:40:52
End Time:‎05‎-‎21‎-‎2013 17:40:52
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{A003A741-6B9B-4D94-99C7-3D5E2D8B35D2}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:41:04
End Time:‎05‎-‎21‎-‎2013 17:41:04
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{CEEA9429-C229-437A-94E9-7BAFE04683BC}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:41:16
End Time:‎05‎-‎21‎-‎2013 17:41:16
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{275368CD-6C54-47DB-AFF6-104566F5E331}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:41:28
End Time:‎05‎-‎21‎-‎2013 17:41:28
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{350E7E5E-BB31-4CCF-BF88-0DD3BF0818B1}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:41:40
End Time:‎05‎-‎21‎-‎2013 17:41:40
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{D260120B-EA5A-4BF8-A1C3-253D4B41DDD4}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:41:52
End Time:‎05‎-‎21‎-‎2013 17:41:52
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{C52B5E61-7B6F-42B6-8950-A5EC99308EF1}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:42:04
End Time:‎05‎-‎21‎-‎2013 17:42:04
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{A94EF003-E093-4370-BE13-EBB71C16F269}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:42:16
End Time:‎05‎-‎21‎-‎2013 17:42:16
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{0B94A661-A984-4713-9298-269B9209A574}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:42:28
End Time:‎05‎-‎21‎-‎2013 17:42:28
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{CED44F5E-BB34-43F3-9A24-2380345CD926}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:42:40
End Time:‎05‎-‎21‎-‎2013 17:42:40
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan

************************************************************

Begin Resource Scan
Scan ID:{668A4DC7-54AC-4DAD-8B55-A932D26D8DA2}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:42:52
End Time:‎05‎-‎21‎-‎2013 17:42:52
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{AD05385F-0BEA-4EB3-AB5B-B514DF153D20}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:43:04
End Time:‎05‎-‎21‎-‎2013 17:43:04
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{63C7394E-D3F1-4192-BFAD-D9DA1F2FA98A}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:43:16
End Time:‎05‎-‎21‎-‎2013 17:43:16
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{48CC1CFE-087D-4BC4-82FA-21825A277E0B}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:43:28
End Time:‎05‎-‎21‎-‎2013 17:43:28
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{96ED50A8-61FE-4A47-A6C2-5B19559B8CAD}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:43:40
End Time:‎05‎-‎21‎-‎2013 17:43:40
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{350F2A8C-49A0-4D6F-8B64-E719EACCE929}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:43:52
End Time:‎05‎-‎21‎-‎2013 17:43:52
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{75CDD2F5-D853-4576-9F47-4181965EC3AB}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:44:04
End Time:‎05‎-‎21‎-‎2013 17:44:04
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{26BEEAB6-4158-41EA-AAA7-5F65E2104F6B}
Scan Source:3	
Start Time:‎05‎-‎21‎-‎2013 17:44:16
End Time:‎05‎-‎21‎-‎2013 17:44:16
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{C808C0EE-C28D-4B38-9932-50F1DE79B66C}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:44:29
End Time:‎05‎-‎21‎-‎2013 17:44:29
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{E6BCB4BC-EC02-4DC0-A101-8CD2872AC647}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:44:41
End Time:‎05‎-‎21‎-‎2013 17:44:41
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{992FE68C-42AB-4CA9-B1A7-E5E23235999E}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:44:53
End Time:‎05‎-‎21‎-‎2013 17:44:53
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{5772F715-D37F-47E4-AC31-567390E46937}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:45:05
End Time:‎05‎-‎21‎-‎2013 17:45:05
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{F5ADAC7D-18BB-4FA8-B3CC-C5A87F5267B7}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:45:17
End Time:‎05‎-‎21‎-‎2013 17:45:17
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{6016B2C1-AFB3-49CE-A489-99DA08DD662F}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:45:29
End Time:‎05‎-‎21‎-‎2013 17:45:29
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{4AF5AE0F-3FD1-4E96-9FB3-14631738CE97}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:45:41
End Time:‎05‎-‎21‎-‎2013 17:45:41
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{4622230C-EE4D-4F6A-BCFF-524D4430B0F5}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:45:53
End Time:‎05‎-‎21‎-‎2013 17:45:53
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{7C8ED4BF-3513-4968-A92F-DAFBDBA3B091}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:46:05
End Time:‎05‎-‎21‎-‎2013 17:46:05
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{C7AA0A85-C999-4735-AAFE-9AC7AC0B05BA}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:46:17
End Time:‎05‎-‎21‎-‎2013 17:46:17
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{A1D3068E-1AAA-43CD-9A39-3D7BAAE02E17}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:46:29
End Time:‎05‎-‎21‎-‎2013 17:46:29
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{EB4953BC-6B72-48A9-86D5-78990FAC86F8}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:46:41
End Time:‎05‎-‎21‎-‎2013 17:46:41
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{D759ED05-FEDB-47D7-AB69-D82D32B5BB36}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:46:53
End Time:‎05‎-‎21‎-‎2013 17:46:53
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{88916526-A9F4-42E3-9C1F-88D52149019D}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:47:05
End Time:‎05‎-‎21‎-‎2013 17:47:05
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{5E9F1223-4CC9-41C6-AF31-93E1AC6CC308}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:47:17
End Time:‎05‎-‎21‎-‎2013 17:47:17
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{B16399B3-36AA-46B6-B423-CCD69A0FE0EE}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:47:29
End Time:‎05‎-‎21‎-‎2013 17:47:29
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{20B72DF3-300E-451F-9128-7A3BBFD00EF8}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:47:41
End Time:‎05‎-‎21‎-‎2013 17:47:41
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{6564BB37-F805-4E2F-8399-1D1453127FBC}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:47:53
End Time:‎05‎-‎21‎-‎2013 17:47:53
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{85D8E9EA-D5A1-4AAE-9BE6-B9C627F20BB7}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:48:05
End Time:‎05‎-‎21‎-‎2013 17:48:05
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{9942B4D4-AAFC-47E7-B803-55F827EA3B38}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:48:17
End Time:‎05‎-‎21‎-‎2013 17:48:17
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{3DAB4040-EF6F-46C6-8DA8-C1D8B000F4F9}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:48:29
End Time:‎05‎-‎21‎-‎2013 17:48:29
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{69A3FD31-1E2D-4882-AA50-E6C21F8A106A}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:48:41
End Time:‎05‎-‎21‎-‎2013 17:48:41
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{31AD4AC0-DCB7-42EC-A600-A4B9DCBD7400}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:48:53
End Time:‎05‎-‎21‎-‎2013 17:48:53
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{B060A50F-8F32-4EC4-82E1-E16A7E098360}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:49:05
End Time:‎05‎-‎21‎-‎2013 17:49:05
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{CA8C87A0-FBCE-4CD0-990F-90D162BF79C2}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:49:17
End Time:‎05‎-‎21‎-‎2013 17:49:17
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{3B394D76-3371-40D4-94B9-1696E9F62962}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:49:30
End Time:‎05‎-‎21‎-‎2013 17:49:30
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{9A9435C8-0F73-43EF-9349-0E9D92BCB334}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:49:42
End Time:‎05‎-‎21‎-‎2013 17:49:42
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{5F0A8010-7303-4B70-A303-B7B457CBD3CA}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:49:54
End Time:‎05‎-‎21‎-‎2013 17:49:54
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{74328370-FDB3-4A95-83B6-01F34E135625}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:50:06
End Time:‎05‎-‎21‎-‎2013 17:50:06
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{004A1A65-87A5-4AA9-879D-9B73187B4DAC}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:50:18
End Time:‎05‎-‎21‎-‎2013 17:50:18
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{A8075800-191C-4654-8530-09DA6640187F}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:50:30
End Time:‎05‎-‎21‎-‎2013 17:50:30
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{0A05DEF5-A27D-431A-9B04-27C01A61EAA6}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:50:42
End Time:‎05‎-‎21‎-‎2013 17:50:42
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{D8348B8D-B7B3-44DF-8791-525E8A6FE1E8}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:50:54
End Time:‎05‎-‎21‎-‎2013 17:50:54
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{ABFBF399-AD1A-4CC8-8CF0-CC930A21126B}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:51:06
End Time:‎05‎-‎21‎-‎2013 17:51:06
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{DA31B75C-FB92-41E8-91CF-A2B207DB8221}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:51:18
End Time:‎05‎-‎21‎-‎2013 17:51:18
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{607EA15E-9583-4B66-BD03-F7A479813787}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:51:30
End Time:‎05‎-‎21‎-‎2013 17:51:30
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{5865232C-B9FA-4C50-9707-EE0F914EE65D}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:51:42
End Time:‎05‎-‎21‎-‎2013 17:51:42
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{D0314D94-DD3A-4F22-A4B8-1654B742852C}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:51:54
End Time:‎05‎-‎21‎-‎2013 17:51:54
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{97DECD0D-28B2-400A-9258-AD651F49B78B}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:52:06
End Time:‎05‎-‎21‎-‎2013 17:52:06
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{2D664102-8A26-4868-A05C-08AAA63E838D}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:52:18
End Time:‎05‎-‎21‎-‎2013 17:52:18
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{012F6765-1C87-48D2-AD6A-D71B44A224E8}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:52:30
End Time:‎05‎-‎21‎-‎2013 17:52:30
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{A5050229-EDB9-4FD9-95B9-9BE5DE42D235}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:52:42
End Time:‎05‎-‎21‎-‎2013 17:52:42
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{A5EC418D-A4B9-44A0-9A12-71A1A8429309}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:52:54
End Time:‎05‎-‎21‎-‎2013 17:52:54
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{4265C0CD-97EC-484E-BA14-79F4E19EC676}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:53:06
End Time:‎05‎-‎21‎-‎2013 17:53:06
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{136895D4-1BEE-4E0C-9CCB-959AD2FDB100}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:53:18
End Time:‎05‎-‎21‎-‎2013 17:53:18
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{3611E903-D10F-4752-BFB8-CD81B41B5F04}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:53:30
End Time:‎05‎-‎21‎-‎2013 17:53:30
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{2B190F96-75E5-4398-BDC9-B90D67E6D6EC}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:53:42
End Time:‎05‎-‎21‎-‎2013 17:53:42
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{5A781EBF-B7B3-4F18-948C-E1041107E9E7}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:53:54
End Time:‎05‎-‎21‎-‎2013 17:53:54
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{A2EF2C59-0D76-4C58-9651-171F53B0324D}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:54:06
End Time:‎05‎-‎21‎-‎2013 17:54:06
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{75626041-0215-4B24-93B8-A7FBC6EB0D83}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:54:18
End Time:‎05‎-‎21‎-‎2013 17:54:18
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{812780E4-4EE8-4E05-BEEF-142540FB2194}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:54:30
End Time:‎05‎-‎21‎-‎2013 17:54:30
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{C46D1E0A-462E-4FCC-BC25-730B46B85A66}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:54:42
End Time:‎05‎-‎21‎-‎2013 17:54:42
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{F12FD096-211B-4312-9094-3F2F23E21308}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:54:54
End Time:‎05‎-‎21‎-‎2013 17:54:54
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{88C187D6-79F9-434F-BF8B-CD83DD330424}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:55:06
End Time:‎05‎-‎21‎-‎2013 17:55:06
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{C374BBBE-FC8B-4A71-9076-18B41C14E938}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:55:18
End Time:‎05‎-‎21‎-‎2013 17:55:18
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{67BA9FA5-6A43-4C4D-8BB0-E6AE1137C1EA}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:55:31
End Time:‎05‎-‎21‎-‎2013 17:55:31
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{066EF865-4670-4258-98F5-DF7BFE47671F}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:55:43
End Time:‎05‎-‎21‎-‎2013 17:55:43
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{C185A10C-109A-48A5-81E8-15BA5A5C7924}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:55:55
End Time:‎05‎-‎21‎-‎2013 17:55:55
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{955F6351-C7F6-4586-947A-74B992C7249D}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:56:07
End Time:‎05‎-‎21‎-‎2013 17:56:07
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{97A5503C-657D-4CFE-84A3-371553FEC26F}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:56:19
End Time:‎05‎-‎21‎-‎2013 17:56:19
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{8639EC42-774A-435E-BD7E-A98C4B35D447}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:56:31
End Time:‎05‎-‎21‎-‎2013 17:56:31
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{21FB6B4E-06A1-47EF-9455-19F553AE2213}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:56:43
End Time:‎05‎-‎21‎-‎2013 17:56:43
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{E098575C-71B6-476E-A073-DFDCD42136FF}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:56:55
End Time:‎05‎-‎21‎-‎2013 17:56:55
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{6759A2BC-D520-4AAA-8206-BC8A1093258E}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:57:07
End Time:‎05‎-‎21‎-‎2013 17:57:07
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{2AEA08BD-128D-4CD7-8A23-3EBB2B262088}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:57:19
End Time:‎05‎-‎21‎-‎2013 17:57:19
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{81E433C0-711B-4CA6-906A-D950B7E9C24D}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:57:31
End Time:‎05‎-‎21‎-‎2013 17:57:31
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{2C83C653-D074-4C2A-AC8D-5E59CEC15F13}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:57:43
End Time:‎05‎-‎21‎-‎2013 17:57:43
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{DC53EE4F-F9C3-49A7-9558-F911ED609740}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:57:55
End Time:‎05‎-‎21‎-‎2013 17:57:55
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{6FF1B2D9-2703-4A4C-AFE7-B7552CDC95C5}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:58:07
End Time:‎05‎-‎21‎-‎2013 17:58:07
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{02956E36-6706-4D4B-9189-78BF8668206F}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:58:19
End Time:‎05‎-‎21‎-‎2013 17:58:19
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{BDCB3448-E7BE-4E84-BEC8-5716D526330F}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:58:31
End Time:‎05‎-‎21‎-‎2013 17:58:31
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{251051F6-3E6C-4A7A-B6EF-5413E424C1FC}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:58:43
End Time:‎05‎-‎21‎-‎2013 17:58:43
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{92753A82-A3B9-4715-8127-C64C23DEA09E}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:58:55
End Time:‎05‎-‎21‎-‎2013 17:58:55
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{182F1A6F-FF7D-43DC-9987-C505D22CE700}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:59:07
End Time:‎05‎-‎21‎-‎2013 17:59:07
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{DEFF6E47-482D-4631-B799-44260D416794}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:59:19
End Time:‎05‎-‎21‎-‎2013 17:59:19
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{D10E81FE-A9D1-413D-81EC-219CF3613EAC}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:59:31
End Time:‎05‎-‎21‎-‎2013 17:59:31
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{54A28683-E220-42A2-9E00-5A26002209FF}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:59:43
End Time:‎05‎-‎21‎-‎2013 17:59:43
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{A72230B4-E959-4958-9E42-4CF5EE0635D6}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 17:59:55
End Time:‎05‎-‎21‎-‎2013 17:59:55
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{00F14FA5-9922-41D9-B5F0-8BACA0104818}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 18:00:07
End Time:‎05‎-‎21‎-‎2013 18:00:07
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

2013-05-21T16:00:15.769Z DETECTION_MERGE Worm:VBS/Linxer.A startup:C:\Users\Freundin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
2013-05-21T16:00:15.769Z DETECTIONEVENT Worm:VBS/Linxer.A file:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs;file:C:\Users\Freundin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk;regkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs;runkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs;startup:C:\Users\Freundin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk;
Begin Resource Scan
Scan ID:{6D3657B9-56DC-4867-B150-EBB626EDF602}
Scan Source:6
Start Time:‎05‎-‎21‎-‎2013 18:00:09
End Time:‎05‎-‎21‎-‎2013 18:00:15
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Explicit resource to scan
Resource Schema:runkey
Resource Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:5
Resource Schema:regkey
Resource Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Extended Info:0
Resource Schema:runkey
Resource Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Extended Info:0
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
Extended Info:24600314983586
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
Resource Schema:startup
Resource Path:C:\Users\Freundin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
Extended Info:0
End Scan
************************************************************

Beginning threat actions
Start time:‎05‎-‎21‎-‎2013 18:00:15
Threat Name:Worm:VBS/Linxer.A
Threat ID:2147681518
Action:remove
Registry value to be removed:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Type:1
Value:"C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs"
Action remove successful on regkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Resource action complete:Removal
Schema:regkey
Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Threat ID:2147681518
Resource refcount:1
Result:0
Resource action complete:Removal
Schema:runkey
Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Threat ID:2147681518
Resource refcount:1
Result:0
File to act on SHA1:09FB8C40A32B7230C7B2707E38C7EEF8B561CFBF
File owner:Cyberport-PC\Freundin
File cleaned/removed successfully
File Name:C:\Users\Freundin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\Freundin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
Threat ID:2147681518
Resource refcount:1
Result:0
File to act on SHA1:B47AA09DCB23CB09987B7AF11C97CC51787A7F2D
File scheduled for removal on reboot
File Name:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Threat ID:2147681518
Resource refcount:1
Result:3010
Resource action complete:Removal
Schema:startup
Path:\\?\C:\Users\Freundin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk
Threat ID:2147681518
Resource refcount:1
Result:0
Finished threat ID:2147681518
Threat result:0
Threat status flags:386
Finished threat actions
End time:‎05‎-‎21‎-‎2013 18:00:16
Result:0
2013-05-21T16:00:16.607Z Task(SpyNetService -RestrictPrivileges -AccessKey E1C832A1-1CC9-A28C-585E-E0478F58866C) launched
DSS Timeout:Received results after timeout
2013-05-21T16:00:18.104Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2013-05-21T16:00:18.116Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
Begin Resource Scan
Scan ID:{4F3629F0-201D-4AE1-A2AE-29FED1B41FDC}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 18:00:19
End Time:‎05‎-‎21‎-‎2013 18:00:19
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

2013-05-21T16:00:19.985Z DETECTIONEVENT Worm:VBS/Linxer.A file:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs;
2013-05-21T16:00:19.985Z DETECTION_ADD Worm:VBS/Linxer.A file:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Begin Resource Scan
Scan ID:{C87D2423-76D7-47D7-A0EE-B07280D12049}
Scan Source:6
Start Time:‎05‎-‎21‎-‎2013 18:00:24
End Time:‎05‎-‎21‎-‎2013 18:00:24
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

2013-05-21T16:00:26.997Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2013-05-21T16:00:26.999Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2013-05-21T16:00:30.753Z DETECTION_MERGE Worm:VBS/Linxer.A regkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
2013-05-21T16:00:30.753Z DETECTION_MERGE Worm:VBS/Linxer.A runkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
2013-05-21T16:00:30.754Z DETECTIONEVENT Worm:VBS/Linxer.A file:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs;regkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs;runkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs;
Begin Resource Scan
Scan ID:{A2A546D7-30C4-43BF-80CF-AD4A19D524D4}
Scan Source:6
Start Time:‎05‎-‎21‎-‎2013 18:00:24
End Time:‎05‎-‎21‎-‎2013 18:00:30
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:3
Resource Schema:regkey
Resource Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Extended Info:0
Resource Schema:runkey
Resource Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Extended Info:0
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

Begin Resource Scan
Scan ID:{6ADC3F3C-93D2-4FA1-B65D-7B4A78FFCBAD}
Scan Source:10
Start Time:‎05‎-‎21‎-‎2013 18:00:30
End Time:‎05‎-‎21‎-‎2013 18:00:30
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Explicit resource to scan
Resource Schema:runkey
Resource Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:3
Resource Schema:regkey
Resource Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Extended Info:0
Resource Schema:runkey
Resource Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Extended Info:0
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

2013-05-21T16:00:30.999Z DETECTIONEVENT Worm:VBS/Linxer.A file:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs;regkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs;runkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs;
2013-05-21T16:00:31.000Z DETECTION_ADD Worm:VBS/Linxer.A file:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
2013-05-21T16:00:31.000Z DETECTION_ADD Worm:VBS/Linxer.A regkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
2013-05-21T16:00:31.000Z DETECTION_ADD Worm:VBS/Linxer.A runkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Beginning threat actions
Start time:‎05‎-‎21‎-‎2013 18:00:30
Threat Name:Worm:VBS/Linxer.A
Threat ID:2147681518
Action:quarantine
Resource action complete:Quarantine
Schema:regkey
Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Threat ID:2147681518
Resource refcount:1
Result:0
Resource action complete:Quarantine
Schema:runkey
Path:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs
Threat ID:2147681518
Resource refcount:1
Result:0
!ERROR
Resource action complete:Quarantine
Schema:file
Path:\\?\C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Threat ID:2147681518
Resource refcount:1
Result:32
!ERROR
Finished threat ID:2147681518
Threat result:32
Threat status flags:385
Finished threat actions
End time:‎05‎-‎21‎-‎2013 18:00:30
Result:0
DSS Timeout:Received results after timeout
Begin Resource Scan
Scan ID:{D62F18F3-696C-4CB5-AE08-7BE520EDF406}
Scan Source:3
Start Time:‎05‎-‎21‎-‎2013 18:00:32
End Time:‎05‎-‎21‎-‎2013 18:00:32
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Result Count:1
Threat Name:Worm:VBS/Linxer.A
ID:2147681518
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs
Extended Info:12262773050377
End Scan
************************************************************

2013-05-21T16:00:32.010Z DETECTIONEVENT Worm:VBS/Linxer.A file:C:\Users\Freundin\AppData\Local\Temp\Facebook.vbs;regkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs;runkey:HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs;
2013-05-21T16:00:33.006Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2013-05-21T16:00:33.009Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Log
Stopped On ‎05‎-‎21‎-‎2013 18:00:36 (Exit Code = 0x0)
************************************************************
****************************RTP Perf Log***************************
RTP Start:‎05‎-‎21‎-‎2013 17:37:51
Last Perf:‎05‎-‎21‎-‎2013 17:37:51
First RTP Scan:‎05‎-‎21‎-‎2013 17:37:51
Plugin States:  AV:1  AS:1  RTP:1  OA:1  BM:1
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
  AM:19
  Async:4
Cache Flushes:
  RTP:1
System File Cache:
  Hits:634
  Misses:626
BM Queue:73,239,0
  Proc:50,150,0
  File:23,238,0
Plugin Queue:0,1,0
  Threat:0,1,0
  Susp:0,0,0
  Unknown:0,0,0
  Error:0,0,0
Request Queue:1,1,0
  SetEngine:1,1,0
  SetState:0,0,0
  SetUser:0,0,0
  Config:0,0,0
  ProcExcl:0,0,0
  FilterReload:0,0,0
  FilterUnload:0,0,0
MpFilter:
  Scans:7738
  Pending:0
  RegSize:28920
  AsyncQNotif:0
  AsyncQMissed:0
  AsyncQTotalSent:3505646
  AsyncQCurrent:0
  BMFlags:3
  ServiceMaj:0
  ServiceMin:0
  ProcBitmap:0
  NumInstance:8
  TotalStreamCon:5699
  TotalBitmap:57440
  NTFS Cache Statistics:
   TotalMisses:11824
   TotalHits:132022
   InstanceCacheHits:6
  CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
   TotalMisses:0
   TotalHits:0
   InstanceCacheInserts:0
   InstanceCacheUpdates:0
   InstanceCacheDeletes:0
   InstanceCacheHits:0
   InstanceCacheMisses:0
   InstanceCacheOverflows:0
  REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
   TotalMisses:0
   TotalHits:0
   InstanceCacheInserts:0
   InstanceCacheUpdates:0
   InstanceCacheDeletes:0
   InstanceCacheHits:0
   InstanceCacheMisses:0
   InstanceCacheOverflows:0
 
**************************END RTP Perf Log*************************

 
 

****************************RTP Perf Log***************************
RTP Start:‎05‎-‎21‎-‎2013 18:00:36
Last Perf:‎05‎-‎21‎-‎2013 18:00:36
First RTP Scan:N/A
Plugin States:  AV:1  AS:1  RTP:1  OA:1  BM:1
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
  AM:19
  Async:4
Cache Flushes:
  RTP:1
System File Cache:
  Hits:0
  Misses:0
BM Queue:73,0,0
  Proc:50,0,0
  File:23,0,0
Plugin Queue:0,0,0
  Threat:0,0,0
  Susp:0,0,0
  Unknown:0,0,0
  Error:0,0,0
Request Queue:0,1,0
  SetEngine:0,1,0
  SetState:0,0,0
  SetUser:0,0,0
  Config:0,0,0
  ProcExcl:0,0,0
  FilterReload:0,0,0
  FilterUnload:0,0,0
MpFilter:
  Scans:7738
  Pending:0
  RegSize:0
  AsyncQNotif:0
  AsyncQMissed:0
  AsyncQTotalSent:3505646
  AsyncQCurrent:0
  BMFlags:0
  ServiceMaj:0
  ServiceMin:0
  ProcBitmap:0
  NumInstance:8
  TotalStreamCon:5699
  TotalBitmap:57440
  NTFS Cache Statistics:
   TotalMisses:11825
   TotalHits:132022
   InstanceCacheHits:6
  CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
   TotalMisses:0
   TotalHits:0
   InstanceCacheInserts:0
   InstanceCacheUpdates:0
   InstanceCacheDeletes:0
   InstanceCacheHits:0
   InstanceCacheMisses:0
   InstanceCacheOverflows:0
  REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
   TotalMisses:0
   TotalHits:0
   InstanceCacheInserts:0
   InstanceCacheUpdates:0
   InstanceCacheDeletes:0
   InstanceCacheHits:0
   InstanceCacheMisses:0
   InstanceCacheOverflows:0
 
**************************END RTP Perf Log*************************
         
__________________

Geändert von Shakka (21.05.2013 um 17:37 Uhr)

Alt 21.05.2013, 20:09   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Facebook.vbs auf USB-Stick - Standard

Facebook.vbs auf USB-Stick



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.05.2013, 02:31   #5
Shakka
 
Facebook.vbs auf USB-Stick - Standard

Facebook.vbs auf USB-Stick



Die Scans habe ich ohne angeschlossenen USB Stick durchgeführt. Ich hoffe, das war okay so. Ohnehin habe ich den USB Stick seitdem ich hier gepostet habe nicht mehr angeschlossen.

Leider hatte ich beim ersten OTL Scan vergessen, den Haken bei "Scanne alle Benutzer" zu setzen, daher hier zuerst die Logs ohne Haken:

OTL.txt:

Code:
ATTFilter
OTL logfile created on: 22.05.2013 02:57:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,92 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 43,08% Memory free
7,83 Gb Paging File | 5,11 Gb Available in Paging File | 65,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684,31 Gb Total Space | 577,81 Gb Free Space | 84,44% Space Free | Partition Type: NTFS
Drive D: | 29,30 Gb Total Space | 0,02 Gb Free Space | 0,05% Space Free | Partition Type: NTFS
 
Computer Name: CYBERPORT-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Lenovo\Intelligent Touchpad\TouchZone.exe ()
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3abd733e8fa28fafbfc99458fdf691da\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Lenovo\Intelligent Touchpad\TouchZone.exe ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (Intel(R) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.)
SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AMPPALR3) -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (BTHSSecurityMgr) -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (cymfltrService) -- C:\Windows\SysNative\drivers\cymfltr.sys (Cypress Semiconductor, Inc.)
DRV:64bit: - (cykbfltrService) -- C:\Windows\SysNative\drivers\cykbfltr.sys (Cypress Semiconductor, Inc.)
DRV:64bit: - (cyhid) -- C:\Windows\SysNative\drivers\cyhid.sys (Cypress Semiconductor, Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (btmaudio) -- C:\Windows\SysNative\drivers\btmaud.sys (Intel Corporation)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys (Sonix Technology Co., Ltd.)
DRV:64bit: - (HybridDisk) -- C:\Windows\SysNative\drivers\HybridDiskX64.sys (Lenovo.)
DRV:64bit: - (hybridcfile) -- C:\Windows\SysNative\drivers\HybridCFileX64.sys (Lenovo.)
DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_deDE474
IE - HKCU\..\SearchScopes\{77AA7A54-D746-423B-A319-98827EBD25F9}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=a16111de-1c77-4f07-ad87-c12a8cafb25c&apn_sauid=BAD49594-8693-4785-8314-9006357B5ACC
IE - HKCU\..\SearchScopes\{93E68F95-737E-4018-95D7-789C9E960C24}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT2801948
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=48
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: NCH EN = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\10.16.2.506_0\
CHR - Extension: Google Mail = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [CyCpIo] C:\Programme\Cypress\TrackPad\CyCpIo.exe (Cypress Semiconductor Corporation)
O4:64bit: - HKLM..\Run: [CyHidWin] C:\Programme\Cypress\TrackPad\CyHidWin.exe (Cypress Semiconductor, Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Programme\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Intelligent Touchpad] C:\Program Files (x86)\Lenovo\Intelligent Touchpad\TouchZone.exe ()
O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Facebook.vbs] "C:\Users\****\AppData\Local\Temp\Facebook.vbs" File not found
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook.vbs ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E9FFE70-9FB6-414F-BAAA-45D98D1F7475}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DD66717-2FB1-4B77-A070-A48135AFF3AE}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f557c26f-5747-11e2-90aa-4c8093451261}\Shell - "" = AutoRun
O33 - MountPoints2\{f557c26f-5747-11e2-90aa-4c8093451261}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{f557c306-5747-11e2-90aa-4c8093451261}\Shell - "" = AutoRun
O33 - MountPoints2\{f557c306-5747-11e2-90aa-4c8093451261}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.22 02:55:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2013.05.21 18:29:09 | 008,534,408 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013.05.13 12:45:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.05.13 12:45:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.05.13 12:41:11 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013.05.13 12:41:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013.05.13 12:41:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013.05.13 12:41:10 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013.05.13 12:41:10 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2013.05.13 12:41:10 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013.05.13 12:41:09 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013.05.13 12:41:09 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013.05.13 12:41:09 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.05.13 12:41:09 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.05.13 12:41:09 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013.05.13 12:41:09 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013.05.13 12:41:09 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013.05.13 12:41:09 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013.05.13 12:41:09 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013.05.13 12:41:09 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013.05.13 12:41:09 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.05.13 12:41:09 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013.05.13 12:41:09 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.05.13 12:41:09 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013.05.13 12:41:09 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013.05.13 12:41:08 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.05.13 12:41:08 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.05.13 12:41:08 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013.05.13 12:41:08 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013.05.13 12:40:24 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013.05.13 12:40:23 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013.05.13 12:40:23 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013.05.13 12:32:18 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2013.05.13 12:32:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.13 12:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.13 12:31:59 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.13 12:31:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.13 12:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2013.05.13 12:26:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013.04.29 11:40:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AB Frühlingswerkstatt
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.22 03:00:22 | 000,031,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 03:00:22 | 000,031,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 02:58:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.22 02:57:47 | 001,614,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.22 02:57:47 | 000,697,322 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.22 02:57:47 | 000,652,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.22 02:57:47 | 000,148,328 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.22 02:57:47 | 000,121,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.22 02:56:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2013.05.22 02:53:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.22 02:52:58 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.22 02:52:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.22 02:52:50 | 3153,268,736 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.21 18:29:21 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.21 18:29:21 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.21 18:29:10 | 008,534,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013.05.15 20:07:02 | 000,067,928 | ---- | M] () -- C:\Users\Public\Documents\Unterrichtsplanung Symmetrie.pdf
[2013.05.15 20:07:02 | 000,067,928 | ---- | M] () -- C:\Users\****\Desktop\Unterrichtsplanung Symmetrie.pdf
[2013.05.15 20:06:52 | 000,022,775 | ---- | M] () -- C:\Users\Public\Documents\Unterrichtsplanung Symmetrie.odt
[2013.05.15 20:06:52 | 000,022,775 | ---- | M] () -- C:\Users\****\Desktop\Unterrichtsplanung Symmetrie.odt
[2013.05.13 12:45:32 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.04.30 18:18:27 | 000,119,124 | ---- | M] () -- C:\Users\****\Documents\Werkstatt 3.pdf
 
========== Files Created - No Company Name ==========
 
[2013.05.15 20:18:28 | 000,067,928 | ---- | C] () -- C:\Users\****\Desktop\Unterrichtsplanung Symmetrie.pdf
[2013.05.15 20:18:28 | 000,022,775 | ---- | C] () -- C:\Users\****\Desktop\Unterrichtsplanung Symmetrie.odt
[2013.05.13 12:45:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.05.13 12:45:32 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.05.11 22:31:34 | 000,067,928 | ---- | C] () -- C:\Users\Public\Documents\Unterrichtsplanung Symmetrie.pdf
[2013.05.11 19:56:17 | 000,022,775 | ---- | C] () -- C:\Users\Public\Documents\Unterrichtsplanung Symmetrie.odt
[2013.04.30 18:18:27 | 000,119,124 | ---- | C] () -- C:\Users\****\Documents\Werkstatt 3.pdf
[2012.03.06 15:07:13 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat
[2012.01.06 19:04:29 | 001,591,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.06 19:03:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.01.06 18:58:13 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2012.01.06 18:57:48 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.12.23 07:44:14 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.12.23 07:44:09 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.12.23 07:44:06 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.12.23 07:44:02 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.12.23 07:43:58 | 013,903,360 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.12.23 07:43:33 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.11.05 23:29:16 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2008.03.07 17:43:56 | 000,084,734 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008.03.07 14:47:30 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 22.05.2013 02:57:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,92 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 43,08% Memory free
7,83 Gb Paging File | 5,11 Gb Available in Paging File | 65,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684,31 Gb Total Space | 577,81 Gb Free Space | 84,44% Space Free | Partition Type: NTFS
Drive D: | 29,30 Gb Total Space | 0,02 Gb Free Space | 0,05% Space Free | Partition Type: NTFS
 
Computer Name: CYBERPORT-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DE5E1F-5522-469B-917B-735606214F37}" = lport=139 | protocol=6 | dir=in | app=system | 
"{11898D98-6C8B-449D-A2B7-3260E7A42A89}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1440C683-D216-4C0F-B0AB-E11A798B22BA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{22A0B024-E877-46CC-9035-C09744F296FA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3B9C5270-05F2-424F-93E7-460FE768F2F9}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5433E419-3F1B-4924-9093-C25B6EC82F1E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5909DC2D-11D5-473E-A8FA-8F10686C3C7A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{596BDC4F-B34E-49F2-A66E-9CBA525CDBD6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5FC741AF-EB3B-4B71-A64F-22B4F98E5A92}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{6FC2ED6D-274F-4062-87F0-C376B8FBBDCB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7F50513E-DB7E-46A2-83C6-403FE54DF2E0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{887ADCD7-2DC2-4801-BDDC-1F7847B60183}" = rport=445 | protocol=6 | dir=out | app=system | 
"{91603165-A76E-407D-88A0-F1CA0BACBB97}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9B49EB6C-7BAC-4953-97B2-C3AC9DF3D204}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{A9133D80-F58F-4337-8B0B-BBB9B17D4086}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B31C9C55-75B5-4B60-875E-7DF121B1F1B9}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{BEC36110-393E-4342-ACF3-06C77AE80918}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CC5DCA69-A3B4-454F-A91B-23213A542967}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D0B0E9D9-824E-496B-AEE3-81CB471BA91D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D1D0B992-25A1-4FFB-BF8B-D019D34F935E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D7720F69-4039-4C4E-A54D-EB8F55E102DB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DF53888D-69C8-419F-9867-47F95F427FE9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E591F36F-FF0D-41F9-8A00-C4608A75BAE4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E7731312-E65B-4832-9CF7-BEFEC9BA8F4C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{F103313D-9BFC-4DF6-9AF7-CCAD53764491}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02FF825F-715D-4F2B-BF72-E79E6F3CCF0F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0754AF5F-E2CB-421F-828D-90BC5E1DB4D0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{121CC999-B044-4204-A718-718E511F7F0F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{16934280-B72C-40B8-BEE1-8BF40460F2F8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{16FD38D6-C784-47B2-9307-5751384A6D51}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | 
"{21804C10-A4B8-4D5B-90C5-46A2BC93FC2B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2EC7E695-F050-4D50-BFFD-8C6F27B00795}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3881C58D-8CBE-457E-8E9A-AB4B93805563}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd10.exe | 
"{3CCF642E-12F4-4540-8768-9AD7F8D57657}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{46872405-394C-449D-8754-AE9E6AA3C726}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{4C96B856-39D4-4974-9F6C-C15348BA42A9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5CBA1D4E-AFE1-4CC2-A62C-4F07FFEB96C6}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{63DB3F01-26AF-4A15-AD17-9A391B16B6B0}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{6935D317-D3DF-45C8-9485-8FDA3A138335}" = protocol=6 | dir=out | app=system | 
"{6CB7D10D-9DAC-4335-BE32-D1A5D11A5114}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6E9C5116-E7AC-45BA-AAFC-CF2163E3E378}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{7AA820E0-C10B-4A1C-93C6-C823BBF0C719}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{7E89FA16-1E44-4403-9655-02C4CECDB305}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8AEFB76F-6542-4190-A08A-3F5D866A1652}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{920A9F42-B17E-407B-9900-9C04C2763592}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{932DE051-58E1-4954-B8BD-55448E28AD0B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AA494033-0955-4A8E-97A6-EF9022F11C8E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{B3D830B1-E70C-42BE-A5FB-DABD4B93B643}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B3F237AB-4E86-4D05-BC12-811FEEDBC937}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BA973E0E-DCEA-4303-B698-C47BA3214D37}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BB21EA61-C609-4C7E-BF4D-C628D6FAF8CB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CF6141CB-8DB6-4F58-BB05-4C19CC831999}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{E19CABA1-B198-4DCE-8B39-FCD52389DA8E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F7D8F07F-2EC0-42B8-99E3-113033705B65}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F816EDEB-A1B2-4AE1-8984-785DDF5A0761}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{216EFEDD-6665-1A06-BC5E-D66DB0F63E94}" = AMD Catalyst Install Manager
"{25EE6AF4-8FD6-4E09-AD9B-3ACC0B81D902}" = SRS Premium Sound Control Panel
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi-Software
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{44663264-E108-4938-BF9E-A767315072C9}" = Intel(R) Network Connections 16.3.48.0
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{7F2F6CC5-434B-4311-9DE2-60C7CAF50B73}_is1" = Cypress TrackPad
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B3B521D0-C0B9-F9FB-2F87-FAFBC23C131E}" = AMD Media Foundation Decoders
"{BF220B74-FCAE-2674-8939-CA8AC138278B}" = ccc-utility64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"03A1C6133CBCFD1D944CAC45762E2EC5CD524136" = Windows-Treiberpaket - Lenovo (ACPIVPC) System  (08/04/2011 6.1.0.1)
"ATI Uninstaller" = ATI Uninstaller
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"PROSetDX" = Intel(R) Network Connections 16.3.48.0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{09A7C56F-3131-FA22-5D0A-6026D5AB5733}" = Catalyst Control Center Localization All
"{0A29AAE4-08D8-D865-E468-8CF1B4E2C0E4}" = CCC Help Norwegian
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13FCE396-40F7-C93F-F79B-2215627A76D2}" = PX Profile Update
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DEB3E6-87BA-28B7-E7C3-BA7305E91DFD}" = CCC Help Portuguese
"{233A7E16-A21A-3970-A0F1-1E84712A529E}" = CCC Help Russian
"{267BA0D6-1405-1181-0601-75133559A44E}" = CCC Help Greek
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Lenovo EasyCamera
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40F4FF7A-B214-4453-B973-080B09CED019}" = Absolute Reminder
"{4171D296-832D-D6C7-1A24-DB80A9D16A31}" = CCC Help Chinese Standard
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{52FDA874-17C5-18EC-1753-A389BC9FD155}" = CCC Help Japanese
"{53F80399-2F41-9067-4131-44253FF14881}" = CCC Help Thai
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{557100D3-1016-1409-FC90-D9C50F9D32E4}" = CCC Help Czech
"{56C9B0FB-3080-651E-7C80-C422CB3D27BF}" = CCC Help Hungarian
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5F75710E-3D36-B3AF-D2FB-48875CD10D0B}" = CCC Help German
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66DDDCFD-14D6-F579-C21B-87B12149991A}" = CCC Help Korean
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{81B13DC5-800B-1F1B-30B0-DC5D3083E4A1}" = CCC Help Italian
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9143971E-6162-804D-319A-6B9280C976E8}" = CCC Help Spanish
"{921DF4FA-FCCB-F72D-E625-B9634DDCC797}" = Catalyst Control Center
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94D24AEA-D6DB-70AE-C560-E346F9EFAA5C}" = CCC Help English
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96D35AEA-E736-DB41-B600-C427A3137B29}" = CCC Help Dutch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1F6929-ECAF-9F73-E8BB-B3176925E5AF}" = CCC Help Finnish
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E292145-51DD-2B95-B04C-3D90F0A4BF6B}" = CCC Help Chinese Traditional
"{A1A2D971-FD11-A5E6-B6FD-57822E2DF67A}" = CCC Help French
"{A4D65972-71A0-1C92-AECC-BB8017E51C8D}" = CCC Help Danish
"{A5FE05E7-8EB8-452E-6D5F-5D9453EB7855}" = CCC Help Polish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB044210-33FB-CFB2-3962-B6BC770B3A56}" = Catalyst Control Center Graphics Previews Common
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B5DF52CC-6A6C-8FF4-867B-0F2759DB144F}" = CCC Help Swedish
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF3637CF-C793-4842-A653-3C1DA2AE2853}" = Catalyst Control Center - Branding
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0C90720-0243-0886-B9E0-FC59F9B1A29B}" = Catalyst Control Center Profiles Mobile
"{D159483E-93B4-7072-2AE5-0C771481FEC5}" = CCC Help Turkish
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1B934BB-6AFA-429F-98E4-76F9CBC72BF6}" = Intel(R) WiDi
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E6A03223-47BC-F37E-AD0C-A98B821A3C21}" = Catalyst Control Center InstallProxy
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F493761C-E465-4B9E-9FC1-A312F161DE0A}" = Active Protection System
"{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF}" = Vodafone Mobile Connect Lite Huawei
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDB0A81A-1173-4B15-BEA4-89FEA0474F17}" = Intelligent Touchpad
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"f42012" = f4 2012
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD 10
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PitchPerfect" = PitchPerfect Musical Instrument Tuner
"ProInst" = Intel PROSet Wireless
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.04.2013 04:31:48 | Computer Name = Cyberport-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 30.04.2013 06:09:04 | Computer Name = Cyberport-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.04.2013 07:05:23 | Computer Name = Cyberport-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WScript.exe, Version: 5.8.7600.16385,
 Zeitstempel: 0x4a5bca28  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000374  Fehleroffset: 0x00000000000c40f2
ID
 des fehlerhaften Prozesses: 0x1308  Startzeit der fehlerhaften Anwendung: 0x01ce458ad33e22a4
Pfad
 der fehlerhaften Anwendung: C:\Windows\System32\WScript.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: da0a577a-b185-11e2-8c15-4c8093451261
 
Error - 30.04.2013 07:37:01 | Computer Name = Cyberport-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.04.2013 07:47:57 | Computer Name = Cyberport-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 30.04.2013 12:52:18 | Computer Name = Cyberport-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.04.2013 14:53:10 | Computer Name = Cyberport-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.05.2013 03:48:23 | Computer Name = Cyberport-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.05.2013 04:23:19 | Computer Name = Cyberport-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 01.05.2013 16:00:17 | Computer Name = Cyberport-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 17.05.2013 12:15:59 | Computer Name = Cyberport-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.149.1816.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%852     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.9402.0     Fehlercode: 0x8024402c     Fehlerbeschreibung: Unerwartetes
 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 
 
Error - 18.05.2013 16:33:56 | Computer Name = Cyberport-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Google Update-Dienst (gupdate)" wurde unerwartet beendet. 
Dies ist bereits 1 Mal passiert.
 
Error - 18.05.2013 16:34:26 | Computer Name = Cyberport-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 18.05.2013 16:35:15 | Computer Name = Cyberport-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 21.05.2013 11:25:40 | Computer Name = Cyberport-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.149.1816.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%852     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.9402.0     Fehlercode: 0x8024402c     Fehlerbeschreibung: Unerwartetes
 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 
 
Error - 21.05.2013 11:25:40 | Computer Name = Cyberport-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.149.1816.0     Aktualisierungsquelle: 
%%851     Aktualisierungsphase: %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9402.0&avdelta=1.149.1816.0&asdelta=1.149.1816.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.9402.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 21.05.2013 11:25:40 | Computer Name = Cyberport-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.149.1816.0     Aktualisierungsquelle: 
%%851     Aktualisierungsphase: %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9402.0&avdelta=1.149.1816.0&asdelta=1.149.1816.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%801     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.9402.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 21.05.2013 11:25:41 | Computer Name = Cyberport-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 101.4.0.0     Aktualisierungsquelle: %%851

	Aktualisierungsphase:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=2.1.9402.0&sig=101.4.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%886     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 2.1.9402.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 21.05.2013 11:38:07 | Computer Name = Cyberport-PC | Source = Microsoft Antimalware | ID = 1119
Description = Beim Anwenden von Aktionen auf Schadsoftware und potenziell unerwünschte
 Software wurde von %%860 ein schwerwiegender Fehler festgestellt.    Weitere Informationen
 finden Sie hier:  hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Worm:VBS/Linxer.A&threatid=2147681518

	Name:
 Worm:VBS/Linxer.A     ID: 2147681518     Schweregrad: Schwerwiegend     Kategorie: Wurm     Pfad: file:_C:\Users\****\AppData\Local\Temp\Facebook.vbs;file:_C:\Users\****\AppData\Roaming\Microsoft\Windows\Start
 Menu\Programs\Startup\FlashPlayerPlug.lnk;regkey:_HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs;runkey:_HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs

	Ursprung
 der Erkennung: %%845     Typ der Erkennung: %%822     Quelle der Erkennung: %%818     Benutzer:
 NT-AUTORITÄT\SYSTEM     Prozessname: C:\Windows\System32\wscript.exe     Aktion: %%809     Aktionsstatus:
  No additional actions required     Fehlercode: 0x80070020     Fehlerbeschreibung: Der Prozess
 kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet 
wird.      Signaturversion: AV: 1.151.563.0, AS: 1.151.563.0, NIS: 104.0.0.0     Modulversion:
 AM: 1.1.9506.0, NIS: 2.1.9510.0
 
Error - 21.05.2013 12:00:30 | Computer Name = Cyberport-PC | Source = Microsoft Antimalware | ID = 1119
Description = Beim Anwenden von Aktionen auf Schadsoftware und potenziell unerwünschte
 Software wurde von %%860 ein schwerwiegender Fehler festgestellt.    Weitere Informationen
 finden Sie hier:  hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Worm:VBS/Linxer.A&threatid=2147681518

	Name:
 Worm:VBS/Linxer.A     ID: 2147681518     Schweregrad: Schwerwiegend     Kategorie: Wurm     Pfad: file:_C:\Users\****\AppData\Local\Temp\Facebook.vbs;regkey:_HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs;runkey:_HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs

	Ursprung
 der Erkennung: %%845     Typ der Erkennung: %%822     Quelle der Erkennung: %%818     Benutzer:
 NT-AUTORITÄT\SYSTEM     Prozessname: C:\Windows\System32\wscript.exe     Aktion: %%809     Aktionsstatus:
  No additional actions required     Fehlercode: 0x80070020     Fehlerbeschreibung: Der Prozess
 kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet 
wird.      Signaturversion: AV: 1.151.563.0, AS: 1.151.563.0, NIS: 104.0.0.0     Modulversion:
 AM: 1.1.9506.0, NIS: 2.1.9510.0
 
 
< End of report >
         


Alt 22.05.2013, 02:33   #6
Shakka
 
Facebook.vbs auf USB-Stick - Standard

Facebook.vbs auf USB-Stick



Und nun nochmal mit gesetztem Haken bei "Scanne alle Benutzer":

OTL.txt:

Code:
ATTFilter
OTL logfile created on: 22.05.2013 03:16:08 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,92 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 44,21% Memory free
7,83 Gb Paging File | 4,98 Gb Available in Paging File | 63,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684,31 Gb Total Space | 577,46 Gb Free Space | 84,39% Space Free | Partition Type: NTFS
Drive D: | 29,30 Gb Total Space | 0,02 Gb Free Space | 0,05% Space Free | Partition Type: NTFS
 
Computer Name: CYBERPORT-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Lenovo\Intelligent Touchpad\TouchZone.exe ()
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3abd733e8fa28fafbfc99458fdf691da\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Program Files (x86)\Lenovo\Intelligent Touchpad\TouchZone.exe ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (Intel(R) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.)
SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AMPPALR3) -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (BTHSSecurityMgr) -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (cymfltrService) -- C:\Windows\SysNative\drivers\cymfltr.sys (Cypress Semiconductor, Inc.)
DRV:64bit: - (cykbfltrService) -- C:\Windows\SysNative\drivers\cykbfltr.sys (Cypress Semiconductor, Inc.)
DRV:64bit: - (cyhid) -- C:\Windows\SysNative\drivers\cyhid.sys (Cypress Semiconductor, Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (btmaudio) -- C:\Windows\SysNative\drivers\btmaud.sys (Intel Corporation)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys (Sonix Technology Co., Ltd.)
DRV:64bit: - (HybridDisk) -- C:\Windows\SysNative\drivers\HybridDiskX64.sys (Lenovo.)
DRV:64bit: - (hybridcfile) -- C:\Windows\SysNative\drivers\HybridCFileX64.sys (Lenovo.)
DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
IE - HKU\S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2351051258-829387-1154746032-1001\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKU\S-1-5-21-2351051258-829387-1154746032-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2351051258-829387-1154746032-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-2351051258-829387-1154746032-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_deDE474
IE - HKU\S-1-5-21-2351051258-829387-1154746032-1001\..\SearchScopes\{77AA7A54-D746-423B-A319-98827EBD25F9}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=a16111de-1c77-4f07-ad87-c12a8cafb25c&apn_sauid=BAD49594-8693-4785-8314-9006357B5ACC
IE - HKU\S-1-5-21-2351051258-829387-1154746032-1001\..\SearchScopes\{93E68F95-737E-4018-95D7-789C9E960C24}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
IE - HKU\S-1-5-21-2351051258-829387-1154746032-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT2801948
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=48
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: NCH EN = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\10.16.2.506_0\
CHR - Extension: Google Mail = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2351051258-829387-1154746032-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2351051258-829387-1154746032-1001\..\Toolbar\WebBrowser: (no name) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No CLSID value found.
O3 - HKU\S-1-5-21-2351051258-829387-1154746032-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [CyCpIo] C:\Programme\Cypress\TrackPad\CyCpIo.exe (Cypress Semiconductor Corporation)
O4:64bit: - HKLM..\Run: [CyHidWin] C:\Programme\Cypress\TrackPad\CyHidWin.exe (Cypress Semiconductor, Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Programme\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Intelligent Touchpad] C:\Program Files (x86)\Lenovo\Intelligent Touchpad\TouchZone.exe ()
O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2351051258-829387-1154746032-1001..\Run: [Facebook.vbs] "C:\Users\****\AppData\Local\Temp\Facebook.vbs" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E9FFE70-9FB6-414F-BAAA-45D98D1F7475}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DD66717-2FB1-4B77-A070-A48135AFF3AE}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f557c26f-5747-11e2-90aa-4c8093451261}\Shell - "" = AutoRun
O33 - MountPoints2\{f557c26f-5747-11e2-90aa-4c8093451261}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{f557c306-5747-11e2-90aa-4c8093451261}\Shell - "" = AutoRun
O33 - MountPoints2\{f557c306-5747-11e2-90aa-4c8093451261}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.22 02:55:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2013.05.21 18:29:09 | 008,534,408 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013.05.13 12:45:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.05.13 12:45:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.05.13 12:41:11 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013.05.13 12:41:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013.05.13 12:41:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013.05.13 12:41:10 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013.05.13 12:41:10 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2013.05.13 12:41:10 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013.05.13 12:41:09 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013.05.13 12:41:09 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013.05.13 12:41:09 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.05.13 12:41:09 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.05.13 12:41:09 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013.05.13 12:41:09 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013.05.13 12:41:09 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013.05.13 12:41:09 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013.05.13 12:41:09 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013.05.13 12:41:09 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013.05.13 12:41:09 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.05.13 12:41:09 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013.05.13 12:41:09 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.05.13 12:41:09 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013.05.13 12:41:09 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013.05.13 12:41:08 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.05.13 12:41:08 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.05.13 12:41:08 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013.05.13 12:41:08 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013.05.13 12:40:24 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013.05.13 12:40:23 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013.05.13 12:40:23 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013.05.13 12:32:18 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2013.05.13 12:32:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.13 12:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.13 12:31:59 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.13 12:31:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.13 12:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2013.05.13 12:26:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013.04.29 11:40:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AB Frühlingswerkstatt
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.22 03:02:48 | 001,636,028 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.22 03:02:48 | 000,697,322 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.22 03:02:48 | 000,652,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.22 03:02:48 | 000,148,328 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.22 03:02:48 | 000,121,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.22 03:00:22 | 000,031,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 03:00:22 | 000,031,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 02:58:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.22 02:56:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2013.05.22 02:53:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.22 02:52:58 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.22 02:52:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.22 02:52:50 | 3153,268,736 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.21 18:29:21 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.21 18:29:21 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.21 18:29:10 | 008,534,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013.05.15 20:07:02 | 000,067,928 | ---- | M] () -- C:\Users\Public\Documents\Unterrichtsplanung Symmetrie.pdf
[2013.05.15 20:07:02 | 000,067,928 | ---- | M] () -- C:\Users\****\Desktop\Unterrichtsplanung Symmetrie.pdf
[2013.05.15 20:06:52 | 000,022,775 | ---- | M] () -- C:\Users\Public\Documents\Unterrichtsplanung Symmetrie.odt
[2013.05.15 20:06:52 | 000,022,775 | ---- | M] () -- C:\Users\****\Desktop\Unterrichtsplanung Symmetrie.odt
[2013.05.13 12:45:32 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.04.30 18:18:27 | 000,119,124 | ---- | M] () -- C:\Users\****\Documents\Werkstatt 3.pdf
 
========== Files Created - No Company Name ==========
 
[2013.05.15 20:18:28 | 000,067,928 | ---- | C] () -- C:\Users\****\Desktop\Unterrichtsplanung Symmetrie.pdf
[2013.05.15 20:18:28 | 000,022,775 | ---- | C] () -- C:\Users\****\Desktop\Unterrichtsplanung Symmetrie.odt
[2013.05.13 12:45:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.05.13 12:45:32 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.05.11 22:31:34 | 000,067,928 | ---- | C] () -- C:\Users\Public\Documents\Unterrichtsplanung Symmetrie.pdf
[2013.05.11 19:56:17 | 000,022,775 | ---- | C] () -- C:\Users\Public\Documents\Unterrichtsplanung Symmetrie.odt
[2013.04.30 18:18:27 | 000,119,124 | ---- | C] () -- C:\Users\****\Documents\Werkstatt 3.pdf
[2012.03.06 15:07:13 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat
[2012.01.06 19:04:29 | 001,591,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.06 19:03:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.01.06 18:58:13 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2012.01.06 18:57:48 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.12.23 07:44:14 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.12.23 07:44:09 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.12.23 07:44:06 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.12.23 07:44:02 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.12.23 07:43:58 | 013,903,360 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.12.23 07:43:33 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.11.05 23:29:16 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2008.03.07 17:43:56 | 000,084,734 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008.03.07 14:47:30 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Und die Extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 22.05.2013 03:16:08 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,92 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 44,21% Memory free
7,83 Gb Paging File | 4,98 Gb Available in Paging File | 63,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684,31 Gb Total Space | 577,46 Gb Free Space | 84,39% Space Free | Partition Type: NTFS
Drive D: | 29,30 Gb Total Space | 0,02 Gb Free Space | 0,05% Space Free | Partition Type: NTFS
 
Computer Name: CYBERPORT-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DE5E1F-5522-469B-917B-735606214F37}" = lport=139 | protocol=6 | dir=in | app=system | 
"{11898D98-6C8B-449D-A2B7-3260E7A42A89}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1440C683-D216-4C0F-B0AB-E11A798B22BA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{22A0B024-E877-46CC-9035-C09744F296FA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3B9C5270-05F2-424F-93E7-460FE768F2F9}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5433E419-3F1B-4924-9093-C25B6EC82F1E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5909DC2D-11D5-473E-A8FA-8F10686C3C7A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{596BDC4F-B34E-49F2-A66E-9CBA525CDBD6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5FC741AF-EB3B-4B71-A64F-22B4F98E5A92}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{6FC2ED6D-274F-4062-87F0-C376B8FBBDCB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7F50513E-DB7E-46A2-83C6-403FE54DF2E0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{887ADCD7-2DC2-4801-BDDC-1F7847B60183}" = rport=445 | protocol=6 | dir=out | app=system | 
"{91603165-A76E-407D-88A0-F1CA0BACBB97}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9B49EB6C-7BAC-4953-97B2-C3AC9DF3D204}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{A9133D80-F58F-4337-8B0B-BBB9B17D4086}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B31C9C55-75B5-4B60-875E-7DF121B1F1B9}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{BEC36110-393E-4342-ACF3-06C77AE80918}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CC5DCA69-A3B4-454F-A91B-23213A542967}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D0B0E9D9-824E-496B-AEE3-81CB471BA91D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D1D0B992-25A1-4FFB-BF8B-D019D34F935E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D7720F69-4039-4C4E-A54D-EB8F55E102DB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DF53888D-69C8-419F-9867-47F95F427FE9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E591F36F-FF0D-41F9-8A00-C4608A75BAE4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E7731312-E65B-4832-9CF7-BEFEC9BA8F4C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{F103313D-9BFC-4DF6-9AF7-CCAD53764491}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02FF825F-715D-4F2B-BF72-E79E6F3CCF0F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0754AF5F-E2CB-421F-828D-90BC5E1DB4D0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{121CC999-B044-4204-A718-718E511F7F0F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{16934280-B72C-40B8-BEE1-8BF40460F2F8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{16FD38D6-C784-47B2-9307-5751384A6D51}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | 
"{21804C10-A4B8-4D5B-90C5-46A2BC93FC2B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2EC7E695-F050-4D50-BFFD-8C6F27B00795}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3881C58D-8CBE-457E-8E9A-AB4B93805563}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd10.exe | 
"{3CCF642E-12F4-4540-8768-9AD7F8D57657}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{46872405-394C-449D-8754-AE9E6AA3C726}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{4C96B856-39D4-4974-9F6C-C15348BA42A9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5CBA1D4E-AFE1-4CC2-A62C-4F07FFEB96C6}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{63DB3F01-26AF-4A15-AD17-9A391B16B6B0}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{6935D317-D3DF-45C8-9485-8FDA3A138335}" = protocol=6 | dir=out | app=system | 
"{6CB7D10D-9DAC-4335-BE32-D1A5D11A5114}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6E9C5116-E7AC-45BA-AAFC-CF2163E3E378}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{7AA820E0-C10B-4A1C-93C6-C823BBF0C719}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{7E89FA16-1E44-4403-9655-02C4CECDB305}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8AEFB76F-6542-4190-A08A-3F5D866A1652}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{920A9F42-B17E-407B-9900-9C04C2763592}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{932DE051-58E1-4954-B8BD-55448E28AD0B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AA494033-0955-4A8E-97A6-EF9022F11C8E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{B3D830B1-E70C-42BE-A5FB-DABD4B93B643}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B3F237AB-4E86-4D05-BC12-811FEEDBC937}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BA973E0E-DCEA-4303-B698-C47BA3214D37}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BB21EA61-C609-4C7E-BF4D-C628D6FAF8CB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CF6141CB-8DB6-4F58-BB05-4C19CC831999}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{E19CABA1-B198-4DCE-8B39-FCD52389DA8E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F7D8F07F-2EC0-42B8-99E3-113033705B65}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F816EDEB-A1B2-4AE1-8984-785DDF5A0761}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{216EFEDD-6665-1A06-BC5E-D66DB0F63E94}" = AMD Catalyst Install Manager
"{25EE6AF4-8FD6-4E09-AD9B-3ACC0B81D902}" = SRS Premium Sound Control Panel
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi-Software
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{44663264-E108-4938-BF9E-A767315072C9}" = Intel(R) Network Connections 16.3.48.0
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{7F2F6CC5-434B-4311-9DE2-60C7CAF50B73}_is1" = Cypress TrackPad
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B3B521D0-C0B9-F9FB-2F87-FAFBC23C131E}" = AMD Media Foundation Decoders
"{BF220B74-FCAE-2674-8939-CA8AC138278B}" = ccc-utility64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"03A1C6133CBCFD1D944CAC45762E2EC5CD524136" = Windows-Treiberpaket - Lenovo (ACPIVPC) System  (08/04/2011 6.1.0.1)
"ATI Uninstaller" = ATI Uninstaller
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"PROSetDX" = Intel(R) Network Connections 16.3.48.0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{09A7C56F-3131-FA22-5D0A-6026D5AB5733}" = Catalyst Control Center Localization All
"{0A29AAE4-08D8-D865-E468-8CF1B4E2C0E4}" = CCC Help Norwegian
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13FCE396-40F7-C93F-F79B-2215627A76D2}" = PX Profile Update
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DEB3E6-87BA-28B7-E7C3-BA7305E91DFD}" = CCC Help Portuguese
"{233A7E16-A21A-3970-A0F1-1E84712A529E}" = CCC Help Russian
"{267BA0D6-1405-1181-0601-75133559A44E}" = CCC Help Greek
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Lenovo EasyCamera
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40F4FF7A-B214-4453-B973-080B09CED019}" = Absolute Reminder
"{4171D296-832D-D6C7-1A24-DB80A9D16A31}" = CCC Help Chinese Standard
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{52FDA874-17C5-18EC-1753-A389BC9FD155}" = CCC Help Japanese
"{53F80399-2F41-9067-4131-44253FF14881}" = CCC Help Thai
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{557100D3-1016-1409-FC90-D9C50F9D32E4}" = CCC Help Czech
"{56C9B0FB-3080-651E-7C80-C422CB3D27BF}" = CCC Help Hungarian
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5F75710E-3D36-B3AF-D2FB-48875CD10D0B}" = CCC Help German
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66DDDCFD-14D6-F579-C21B-87B12149991A}" = CCC Help Korean
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{81B13DC5-800B-1F1B-30B0-DC5D3083E4A1}" = CCC Help Italian
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9143971E-6162-804D-319A-6B9280C976E8}" = CCC Help Spanish
"{921DF4FA-FCCB-F72D-E625-B9634DDCC797}" = Catalyst Control Center
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94D24AEA-D6DB-70AE-C560-E346F9EFAA5C}" = CCC Help English
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96D35AEA-E736-DB41-B600-C427A3137B29}" = CCC Help Dutch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1F6929-ECAF-9F73-E8BB-B3176925E5AF}" = CCC Help Finnish
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E292145-51DD-2B95-B04C-3D90F0A4BF6B}" = CCC Help Chinese Traditional
"{A1A2D971-FD11-A5E6-B6FD-57822E2DF67A}" = CCC Help French
"{A4D65972-71A0-1C92-AECC-BB8017E51C8D}" = CCC Help Danish
"{A5FE05E7-8EB8-452E-6D5F-5D9453EB7855}" = CCC Help Polish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB044210-33FB-CFB2-3962-B6BC770B3A56}" = Catalyst Control Center Graphics Previews Common
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B5DF52CC-6A6C-8FF4-867B-0F2759DB144F}" = CCC Help Swedish
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF3637CF-C793-4842-A653-3C1DA2AE2853}" = Catalyst Control Center - Branding
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0C90720-0243-0886-B9E0-FC59F9B1A29B}" = Catalyst Control Center Profiles Mobile
"{D159483E-93B4-7072-2AE5-0C771481FEC5}" = CCC Help Turkish
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1B934BB-6AFA-429F-98E4-76F9CBC72BF6}" = Intel(R) WiDi
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E6A03223-47BC-F37E-AD0C-A98B821A3C21}" = Catalyst Control Center InstallProxy
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F493761C-E465-4B9E-9FC1-A312F161DE0A}" = Active Protection System
"{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF}" = Vodafone Mobile Connect Lite Huawei
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDB0A81A-1173-4B15-BEA4-89FEA0474F17}" = Intelligent Touchpad
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"f42012" = f4 2012
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD 10
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PitchPerfect" = PitchPerfect Musical Instrument Tuner
"ProInst" = Intel PROSet Wireless
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.04.2013 04:31:48 | Computer Name = Cyberport-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 30.04.2013 06:09:04 | Computer Name = Cyberport-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.04.2013 07:05:23 | Computer Name = Cyberport-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WScript.exe, Version: 5.8.7600.16385,
 Zeitstempel: 0x4a5bca28  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000374  Fehleroffset: 0x00000000000c40f2
ID
 des fehlerhaften Prozesses: 0x1308  Startzeit der fehlerhaften Anwendung: 0x01ce458ad33e22a4
Pfad
 der fehlerhaften Anwendung: C:\Windows\System32\WScript.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: da0a577a-b185-11e2-8c15-4c8093451261
 
Error - 30.04.2013 07:37:01 | Computer Name = Cyberport-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.04.2013 07:47:57 | Computer Name = Cyberport-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 30.04.2013 12:52:18 | Computer Name = Cyberport-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.04.2013 14:53:10 | Computer Name = Cyberport-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.05.2013 03:48:23 | Computer Name = Cyberport-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.05.2013 04:23:19 | Computer Name = Cyberport-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 01.05.2013 16:00:17 | Computer Name = Cyberport-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 17.05.2013 12:15:59 | Computer Name = Cyberport-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.149.1816.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%852     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.9402.0     Fehlercode: 0x8024402c     Fehlerbeschreibung: Unerwartetes
 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 
 
Error - 18.05.2013 16:33:56 | Computer Name = Cyberport-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Google Update-Dienst (gupdate)" wurde unerwartet beendet. 
Dies ist bereits 1 Mal passiert.
 
Error - 18.05.2013 16:34:26 | Computer Name = Cyberport-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 18.05.2013 16:35:15 | Computer Name = Cyberport-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 21.05.2013 11:25:40 | Computer Name = Cyberport-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.149.1816.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%852     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.9402.0     Fehlercode: 0x8024402c     Fehlerbeschreibung: Unerwartetes
 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 
 
Error - 21.05.2013 11:25:40 | Computer Name = Cyberport-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.149.1816.0     Aktualisierungsquelle: 
%%851     Aktualisierungsphase: %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9402.0&avdelta=1.149.1816.0&asdelta=1.149.1816.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.9402.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 21.05.2013 11:25:40 | Computer Name = Cyberport-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.149.1816.0     Aktualisierungsquelle: 
%%851     Aktualisierungsphase: %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9402.0&avdelta=1.149.1816.0&asdelta=1.149.1816.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%801     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.9402.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 21.05.2013 11:25:41 | Computer Name = Cyberport-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 101.4.0.0     Aktualisierungsquelle: %%851

	Aktualisierungsphase:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=2.1.9402.0&sig=101.4.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%886     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 2.1.9402.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 21.05.2013 11:38:07 | Computer Name = Cyberport-PC | Source = Microsoft Antimalware | ID = 1119
Description = Beim Anwenden von Aktionen auf Schadsoftware und potenziell unerwünschte
 Software wurde von %%860 ein schwerwiegender Fehler festgestellt.    Weitere Informationen
 finden Sie hier:  hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Worm:VBS/Linxer.A&threatid=2147681518

	Name:
 Worm:VBS/Linxer.A     ID: 2147681518     Schweregrad: Schwerwiegend     Kategorie: Wurm     Pfad: file:_C:\Users\****\AppData\Local\Temp\Facebook.vbs;file:_C:\Users\****\AppData\Roaming\Microsoft\Windows\Start
 Menu\Programs\Startup\FlashPlayerPlug.lnk;regkey:_HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs;runkey:_HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs

	Ursprung
 der Erkennung: %%845     Typ der Erkennung: %%822     Quelle der Erkennung: %%818     Benutzer:
 NT-AUTORITÄT\SYSTEM     Prozessname: C:\Windows\System32\wscript.exe     Aktion: %%809     Aktionsstatus:
  No additional actions required     Fehlercode: 0x80070020     Fehlerbeschreibung: Der Prozess
 kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet 
wird.      Signaturversion: AV: 1.151.563.0, AS: 1.151.563.0, NIS: 104.0.0.0     Modulversion:
 AM: 1.1.9506.0, NIS: 2.1.9510.0
 
Error - 21.05.2013 12:00:30 | Computer Name = Cyberport-PC | Source = Microsoft Antimalware | ID = 1119
Description = Beim Anwenden von Aktionen auf Schadsoftware und potenziell unerwünschte
 Software wurde von %%860 ein schwerwiegender Fehler festgestellt.    Weitere Informationen
 finden Sie hier:  hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Worm:VBS/Linxer.A&threatid=2147681518

	Name:
 Worm:VBS/Linxer.A     ID: 2147681518     Schweregrad: Schwerwiegend     Kategorie: Wurm     Pfad: file:_C:\Users\****\AppData\Local\Temp\Facebook.vbs;regkey:_HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs;runkey:_HKCU@S-1-5-21-2351051258-829387-1154746032-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Facebook.vbs

	Ursprung
 der Erkennung: %%845     Typ der Erkennung: %%822     Quelle der Erkennung: %%818     Benutzer:
 NT-AUTORITÄT\SYSTEM     Prozessname: C:\Windows\System32\wscript.exe     Aktion: %%809     Aktionsstatus:
  No additional actions required     Fehlercode: 0x80070020     Fehlerbeschreibung: Der Prozess
 kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet 
wird.      Signaturversion: AV: 1.151.563.0, AS: 1.151.563.0, NIS: 104.0.0.0     Modulversion:
 AM: 1.1.9506.0, NIS: 2.1.9510.0
 
 
< End of report >
         
Vielen Dank für deine weitere Hilfe.

Alt 22.05.2013, 09:36   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Facebook.vbs auf USB-Stick - Standard

Facebook.vbs auf USB-Stick



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.05.2013, 19:20   #8
Shakka
 
Facebook.vbs auf USB-Stick - Standard

Facebook.vbs auf USB-Stick



Combofix.txt:

Code:
ATTFilter
ComboFix 13-05-22.01 - **** 22.05.2013  20:10:36.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4010.1714 [GMT 2:00]
ausgeführt von:: c:\users\****\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\SecureW2
c:\program files (x86)\SecureW2\Uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
c:\programdata\Roaming
c:\users\****\AppData\Local\TempDIR
c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-22 bis 2013-05-22  ))))))))))))))))))))))))))))))
.
.
2013-05-22 18:14 . 2013-05-22 18:14	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-22 18:05 . 2013-05-22 18:05	76232	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5B5F3CFD-8F99-4F49-A8F3-127AC701F16C}\offreg.dll
2013-05-22 17:58 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5B5F3CFD-8F99-4F49-A8F3-127AC701F16C}\mpengine.dll
2013-05-22 01:01 . 2013-05-05 21:36	17818624	----a-w-	c:\windows\system32\mshtml.dll
2013-05-22 01:01 . 2013-05-05 21:16	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-05-22 01:01 . 2013-05-05 19:12	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-05-21 16:29 . 2013-05-21 16:29	8534408	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-21 15:37 . 2013-05-21 15:36	964552	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{684E25EB-482C-46FF-9A8D-B9D56650F3ED}\gapaengine.dll
2013-05-13 10:45 . 2013-05-13 10:45	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2013-05-13 10:40 . 2013-04-10 03:46	9317456	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-13 10:40 . 2012-08-24 18:13	154480	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2013-05-13 10:40 . 2012-08-24 18:09	458712	----a-w-	c:\windows\system32\drivers\cng.sys
2013-05-13 10:40 . 2012-08-24 18:05	340992	----a-w-	c:\windows\system32\schannel.dll
2013-05-13 10:40 . 2012-08-24 18:03	1448448	----a-w-	c:\windows\system32\lsasrv.dll
2013-05-13 10:40 . 2012-08-24 16:57	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2013-05-13 10:40 . 2012-08-24 16:57	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2013-05-13 10:40 . 2012-08-24 16:53	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2013-05-13 10:40 . 2012-05-04 11:00	366592	----a-w-	c:\windows\system32\qdvd.dll
2013-05-13 10:40 . 2012-05-04 09:59	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2013-05-13 10:32 . 2013-05-13 10:32	--------	d-----w-	c:\users\****\AppData\Roaming\Malwarebytes
2013-05-13 10:32 . 2013-05-13 10:32	--------	d-----w-	c:\programdata\Malwarebytes
2013-05-13 10:31 . 2013-05-13 10:32	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-13 10:31 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-05-13 10:26 . 2013-05-13 10:26	--------	d-----w-	c:\program files (x86)\Microsoft
2013-04-25 18:02 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-22 18:00 . 2012-11-01 21:12	75016696	----a-w-	c:\windows\system32\MRT.exe
2013-05-21 16:29 . 2013-04-07 20:42	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-21 16:29 . 2013-04-07 20:42	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-13 10:44 . 2010-06-24 10:33	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:29 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-25 18:12 . 2012-06-13 07:52	905296	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-13 05:49 . 2013-05-22 01:05	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-22 01:05	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-22 01:05	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-22 01:05	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-22 01:05	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-22 01:05	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-03-19 06:04 . 2013-04-10 11:31	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 11:31	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 11:31	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 11:31	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 11:31	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 11:31	112640	----a-w-	c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-06 343168]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"RemoteControl10"="c:\program files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"Intelligent Touchpad"="c:\program files (x86)\Lenovo\Intelligent Touchpad\TouchZone.exe" [2011-08-01 291272]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
"MobileConnect"="c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-03-13 2060288]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SRS Premium Surround Sound.lnk - c:\program files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2011-11-7 2153344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-05-19 995392]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-05-19 1335360]
R3 cpuz135;cpuz135;c:\users\CYBERP~1\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-09-08 34200]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-27 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 HybridDisk;HybridDisk;c:\windows\System32\DRIVERS\HybridDiskX64.sys [2010-03-02 38496]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2012-01-06 39008]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2009-12-09 23648]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-07-18 27760]
S1 hybridcfile;hybridcfile;c:\windows\system32\DRIVERS\HybridCFileX64.sys [2010-03-02 13920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-06 204288]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-31 1166848]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-07-18 86224]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-05-19 921664]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-17 198784]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-04-11 171176]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-03-13 24576]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2012-01-06 30816]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-05-19 51712]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-05-19 53248]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-07-19 282624]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-01-28 31088]
S3 cyhid;Cypress Input Device;c:\windows\system32\DRIVERS\cyhid.sys [2011-09-29 116736]
S3 cykbfltrService;Cypress Keyboard Filter Driver;c:\windows\system32\DRIVERS\cykbfltr.sys [2011-09-29 13312]
S3 cymfltrService;Cypress Trackpad Filter Driver;c:\windows\system32\DRIVERS\cymfltr.sys [2011-09-29 77312]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-07-19 59904]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-09-26 12309440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-09-08 25496]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-12 12:16	1642448	----a-w-	c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-07 16:29]
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-06 17:13]
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-06 17:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-26 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-26 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-26 416024]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-06-03 524928]
"CyCpIo"="c:\program files\Cypress\TrackPad\CyCpIo.exe" [2011-09-29 2366976]
"CyHidWin"="c:\program files\Cypress\TrackPad\CyHidWin.exe" [2011-09-29 2353664]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-27 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952]
"TpShocks"="c:\windows\System32\TpShocks.exe" [2010-03-15 231328]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-01-06 9768352]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-01-06 5940128]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
Toolbar-Locked - (no file)
WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)
AddRemove-f42012 - c:\program files (x86)\f4_2012\uninstall.exe
AddRemove-SecureW2 EAP Suite - c:\program files (x86)\SecureW2\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-22  20:17:16
ComboFix-quarantined-files.txt  2013-05-22 18:17
.
Vor Suchlauf: 8 Verzeichnis(se), 620.359.016.448 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 620.491.554.816 Bytes frei
.
- - End Of File - - 3C129E41A3C032B7898DCDEDC6984D2A
         

Alt 22.05.2013, 20:36   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Facebook.vbs auf USB-Stick - Standard

Facebook.vbs auf USB-Stick



Zitat:
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
Das fällt mir ja jetzt erst auf
Warum betreibst du MSE und AntiVir gleichzeitig, noch nie davon gehört, dass man es tunlichst unterlassen sollte zwei oder mehr solcher Scanner parallel zu verwenden?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.05.2013, 21:36   #10
Shakka
 
Facebook.vbs auf USB-Stick - Standard

Facebook.vbs auf USB-Stick



Wie gesagt, es ist der PC meiner Freundin. Sie schien es wohl für sicherer zu halten, gleich zwei zu haben, keine Ahnung. Hast du eine Empfehlung, welcher der beiden entfernt werden soll?

Während des Combofix Scans hatte ich allerdings sowohl MSE als auch Antivir deaktiviert. Hat der Scan nicht funktioniert?

Alt 22.05.2013, 21:43   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Facebook.vbs auf USB-Stick - Standard

Facebook.vbs auf USB-Stick



Es ging eher um das Allgemeine, nicht jetzt um CF; zwei Virenscanner sollte man tunlichst meiden, also sowas wie MSE und AntiVir. Welchen ihr behaltet müsst ihr wissen. Ich würde zu MSE tendieren. Oder Avast allein. Wenn es einer sein muss - auf meinen Windows-VMs hab ich wenn überhaupt nur Malwarebytes drauf.

Deinstalliere einen der beiden und gib dann bitte Bescheid.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.05.2013, 22:04   #12
Shakka
 
Facebook.vbs auf USB-Stick - Standard

Facebook.vbs auf USB-Stick



So, Antivir habe ich entfernt, MSE ist nun der einzige noch installierte Echtzeitscanner.

Alt 22.05.2013, 22:07   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Facebook.vbs auf USB-Stick - Standard

Facebook.vbs auf USB-Stick



Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.05.2013, 23:35   #14
Shakka
 
Facebook.vbs auf USB-Stick - Standard

Facebook.vbs auf USB-Stick



Zuerst Gmer.txt:

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-23 00:18:10
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.AXM1 728,45GB
Running: nv6evsnh.exe; Driver: C:\Users\****\AppData\Local\Temp\pxrdruoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                                     fffff80002fac000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607                                                                                     fffff80002fac02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[2572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69               0000000076e21465 2 bytes [E2, 76]
.text     C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe[2572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155              0000000076e214bb 2 bytes [E2, 76]
.text     ...                                                                                                                                                    * 2
?         C:\Windows\system32\mssprxy.dll [2700] entry point in ".rdata" section                                                                                 000000006f4071e6
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076e21465 2 bytes [E2, 76]
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000076e214bb 2 bytes [E2, 76]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69            0000000076e21465 2 bytes [E2, 76]
.text     C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155           0000000076e214bb 2 bytes [E2, 76]
.text     ...                                                                                                                                                    * 2

---- Threads - GMER 2.1 ----

Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5332:5140]                                                                                 0000000076147587
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5332:5428]                                                                                 0000000074900cb3
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5332:2384]                                                                                 0000000077942e25
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5332:5748]                                                                                 0000000077943e45
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5332:6852]                                                                                 0000000077943e45

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4c8093451261                                                                            
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4c8093451261 (not active ControlSet)                                                        

---- EOF - GMER 2.1 ----
         

Und anschließend das MBAR Log:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.22.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
**** :: CYBERPORT-PC [administrator]

23.05.2013 00:30:56
mbar-log-2013-05-23 (00-30-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 9777
Time elapsed: 4 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Alt 23.05.2013, 09:50   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Facebook.vbs auf USB-Stick - Standard

Facebook.vbs auf USB-Stick



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Facebook.vbs auf USB-Stick
c:/windows/system32/cmd.exe/c, cmd.exe, dateien, dateiname, ebenfalls, explorer.exe, extension.mismatch, fenster, folgende, freundin, klicken, name:worm:vbs/linxer.a, problem, stick, usb stick, versteckte, verweisen, virus, worm:vbs/linxer.a, öffnen



Ähnliche Themen: Facebook.vbs auf USB-Stick


  1. VBS/LNK.Jenxcus.Gen auf USB-Stick
    Plagegeister aller Art und deren Bekämpfung - 13.11.2015 (9)
  2. Immer, wenn ich den USB Stick vom Fernseher abziehe und mit dem PC wieder verbinde, erscheint auf dem Stick eine CM0013 Datei.
    Plagegeister aller Art und deren Bekämpfung - 08.09.2014 (7)
  3. Windows 7: Facebook.vbs auf Rechner und USB-Stick
    Log-Analyse und Auswertung - 20.11.2013 (46)
  4. Facebook.vbs war auf usb-Stick
    Plagegeister aller Art und deren Bekämpfung - 16.08.2013 (21)
  5. Facebook.vbs Trojaner USB-Stick und auf Rechner
    Plagegeister aller Art und deren Bekämpfung - 26.07.2013 (15)
  6. Facebook.vbs auf USB Stick
    Log-Analyse und Auswertung - 29.05.2013 (17)
  7. Facebook-Trojaner: vinamost.net/images/facebook/get.php?image=IMG39348819.JPG
    Log-Analyse und Auswertung - 21.11.2011 (42)
  8. WORM/Phorpiex.B.64 auf USB-Stick - Datenrettung vom USB-Stick?
    Plagegeister aller Art und deren Bekämpfung - 09.11.2011 (32)
  9. Trojaner auf PC & USB-Stick
    Plagegeister aller Art und deren Bekämpfung - 08.03.2011 (3)
  10. Zuerst Facebook-Virus-Neu aufgesetzt,cpu Auslastung 100%,bei Facebook-Games extrem lahm!
    Log-Analyse und Auswertung - 03.02.2011 (11)
  11. Skype - Facebook Virus foto :P h**p://facebook.twitterbizzer.com/member_profile.php
    Plagegeister aller Art und deren Bekämpfung - 27.08.2010 (6)
  12. Virus auf USB-Stick? - USB-Stick wird beim Einstecken als Ordner angezeigt.
    Antiviren-, Firewall- und andere Schutzprogramme - 21.07.2010 (5)
  13. USB Stick
    Netzwerk und Hardware - 17.07.2009 (3)
  14. USB Stick
    Log-Analyse und Auswertung - 13.05.2009 (1)
  15. USB-Stick infiziert?
    Plagegeister aller Art und deren Bekämpfung - 24.03.2009 (36)
  16. usb stick streigt
    Netzwerk und Hardware - 14.02.2009 (23)
  17. Conficker auf USB-Stick
    Plagegeister aller Art und deren Bekämpfung - 17.01.2009 (0)

Zum Thema Facebook.vbs auf USB-Stick - Hallo, Meine Freundin hat sich auf ihrem Windows 7 Laptop einen Virus eingefangen. Zum ersten Mal hat sie ihn vor ca. drei Wochen bemerkt, als alle Dateien auf ihrem USB - Facebook.vbs auf USB-Stick...
Archiv
Du betrachtest: Facebook.vbs auf USB-Stick auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.