| |
| |||||||
Log-Analyse und Auswertung: Facebook VirenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.08.2011, 09:35
| #1 |
 |  Facebook Viren Hallo! Bin neu hier, ich hoffe ihr könnt mir helfen. Habe eure Checkliste ausgeführt und diese Logdatei erstellt. Mein Facebookaccount verschickt Nachrichten mit einem Link, der einen Virus enthält. Hallo, den Scan den ich durch geführt habe, hat der jetzt alle Viren/trojaner entfernt oder muss ich noch einen weiteren Schritt machen. Danke sagt Lia Hallo, ich habe jetzt noch Maleware laufen lassen Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Datenbank Version: 7480 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 16.08.2011 20:09:15 mbam-log-2011-08-16 (20-09-15).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 167659 Laufzeit: 2 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 61 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Lia\AppData\Local\Temp\0110869.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\0172002.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\0192215.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\0541843.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\0699965.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\1220679.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\1231087.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\1311722.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\1470390.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\1567401.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\1754388.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\1773753.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\1843171.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\1888676.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\2132108.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\2673754.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\2697859.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\2724174.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\3071781.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\3398514.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\3962979.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\4189014.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\4650154.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\4826902.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\5010279.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\5250337.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\6105724.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\6216395.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\6239418.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\6496131.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\6497967.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\6705731.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\6829317.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\6951573.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\7127324.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\7393057.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\7687291.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\7779816.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\7991283.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\7991731.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\8065306.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\8119215.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\8358573.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\8749273.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\8794957.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\9139875.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\9146637.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\9153643.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\9319543.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\9464327.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\9531070.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\9666571.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\9738445.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\9743474.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\9745229.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\9781810.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\9789671.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\9818584.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\9963238.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Local\Temp\9987863.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Lia\AppData\Roaming\msnsvconfig.txt (Malware.Trace) -> Quarantined and deleted successfully. |
|
17.08.2011, 10:59
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Facebook Viren Hallo und
__________________ Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL-Custom: CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ |
|
17.08.2011, 16:46
| #3 |
| | Facebook Viren Hallo,
__________________ich hoffe doch, das ich alles richtig gemacht habe. Hier kommt das Ergebnis. LiaOTL Logfile: Code:
ATTFilter OTL logfile created on: 17.08.2011 17:32:24 - Run 1 OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Lia\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 63,48% Memory free 8,00 Gb Paging File | 6,32 Gb Available in Paging File | 79,09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 424,66 Gb Total Space | 325,03 Gb Free Space | 76,54% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 29,19 Gb Free Space | 72,98% Space Free | Partition Type: NTFS Computer Name: LIA-PC | User Name: Lia Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.08.17 15:57:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Lia\Desktop\OTL.exe PRC - [2011.07.06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.07.01 08:05:54 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.26 12:26:14 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011.05.20 16:56:18 | 000,724,536 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe PRC - [2011.04.30 09:42:38 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.31 16:48:36 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe PRC - [2011.03.31 14:38:26 | 000,140,288 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe PRC - [2011.03.21 13:21:24 | 000,632,832 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe PRC - [2011.03.21 13:19:36 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2011.03.04 14:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2007.11.02 14:52:40 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\hppusg.exe ========== Modules (No Company Name) ========== MOD - [2011.08.15 13:20:54 | 000,076,288 | ---- | M] () -- C:\Users\Lia\AppData\Roaming\Mozilla\Firefox\Profiles\0yswwm0m.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCoreGecko5.dll MOD - [2011.08.12 14:47:19 | 000,310,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e47bab16c150f9697594d8fd65532578\System.Runtime.Serialization.Formatters.Soap.ni.dll MOD - [2011.08.12 14:47:18 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll MOD - [2011.08.12 14:46:47 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll MOD - [2011.08.12 14:46:23 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll MOD - [2011.08.12 14:46:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll MOD - [2011.08.12 14:46:15 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll MOD - [2011.08.12 14:46:03 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll MOD - [2011.06.26 12:26:14 | 001,850,328 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.05.20 16:54:16 | 010,837,504 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtWebKit4.dll MOD - [2011.05.20 16:54:16 | 008,166,912 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtGui4.dll MOD - [2011.05.20 16:54:16 | 002,551,296 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtXmlPatterns4.dll MOD - [2011.05.20 16:54:16 | 002,282,496 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtCore4.dll MOD - [2011.05.20 16:54:16 | 002,246,656 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtDeclarative4.dll MOD - [2011.05.20 16:54:16 | 001,288,192 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtScript4.dll MOD - [2011.05.20 16:54:16 | 000,913,920 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtNetwork4.dll MOD - [2011.05.20 16:54:16 | 000,676,864 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtOpenGL4.dll MOD - [2011.05.20 16:54:16 | 000,340,480 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtXml4.dll MOD - [2011.05.20 16:54:16 | 000,266,752 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\phonon4.dll MOD - [2011.05.20 16:54:16 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Imageformats\qjpeg4.dll MOD - [2011.05.20 16:54:16 | 000,190,464 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtSql4.dll MOD - [2011.05.20 16:54:16 | 000,026,624 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Imageformats\qgif4.dll MOD - [2011.05.20 16:30:06 | 000,508,416 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtMultimediaKit1.dll MOD - [2011.05.20 16:30:04 | 000,109,568 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\mediaservice\dsengine.dll MOD - [2011.05.20 16:29:34 | 000,924,672 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Maps Service API.dll MOD - [2011.05.20 16:29:18 | 000,422,800 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\ssoengine.dll MOD - [2011.05.20 16:29:18 | 000,387,976 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\OviShareLib.dll MOD - [2011.05.20 16:29:18 | 000,060,816 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\securestorage.dll MOD - [2011.05.20 16:28:18 | 000,687,616 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\CommonUpdateChecker.dll MOD - [2011.04.11 21:29:22 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\Interop.hpqusg.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.02.07 10:05:18 | 000,163,840 | ---- | M] () -- C:\Windows\SysWOW64\hppatusg01.dll MOD - [2007.11.02 14:52:40 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\HPUsageTracking.dll MOD - [2007.11.02 14:52:40 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\hppusg.exe MOD - [2007.11.02 14:52:38 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\HPToolkit.dll MOD - [2007.11.02 14:52:38 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\Enumeration.dll MOD - [2007.11.02 14:52:22 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\HPTools.dll MOD - [2007.11.02 14:52:16 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\HPStreamsInterface.dll MOD - [2005.07.20 11:48:10 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\zlib1.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.04.12 11:18:14 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2009.08.18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.07.01 08:05:54 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.15 13:23:20 | 000,607,040 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2011.04.30 09:42:38 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.04.12 11:22:46 | 001,403,200 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.04.12 11:18:06 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2011.03.21 13:21:24 | 000,632,832 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.07.06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.07.01 08:05:54 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.01 08:05:54 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.02 15:14:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2010.12.02 15:14:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2010.12.02 15:14:22 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2010.12.02 15:14:18 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.10.09 08:49:52 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:64bit: - [2010.08.31 12:09:00 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2010.08.07 11:49:04 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2010.07.27 03:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2009.09.10 16:50:06 | 000,923,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se) DRV:64bit: - [2009.08.18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials) DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2010.02.24 14:41:50 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.06.12 16:26:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.26 12:26:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.07.18 10:01:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.06.12 16:26:49 | 000,000,000 | ---D | M] [2011.03.15 13:21:54 | 000,000,931 | ---- | M] () -- \Users\Lia\AppData\Roaming\Mozilla\Firefox\Profiles\0yswwm0m.default\searchplugins\conduit.xml [2011.06.13 10:33:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011.06.13 10:33:00 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} File not found (No name found) -- [2011.08.16 06:20:06 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\USERS\LIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0YSWWM0M.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} [2011.08.16 20:55:35 | 000,000,000 | ---D | M] (WOT) -- C:\USERS\LIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0YSWWM0M.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7} [2011.04.04 21:49:41 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\USERS\LIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0YSWWM0M.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C} () (No name found) -- C:\USERS\LIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0YSWWM0M.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.08.12 19:33:39 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\USERS\LIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0YSWWM0M.DEFAULT\EXTENSIONS\{E001C731-5E37-4538-A5CB-8168736A2360} [2011.04.13 22:51:35 | 000,000,000 | ---D | M] (AdblockPro) -- C:\USERS\LIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0YSWWM0M.DEFAULT\EXTENSIONS\ADBLOCK@ADBLOCKPRO.COM [2011.04.13 22:51:35 | 000,000,000 | ---D | M] (AdobeReader) -- C:\USERS\LIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0YSWWM0M.DEFAULT\EXTENSIONS\PDFREADER@ADOBE.COM [2011.06.26 12:26:14 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (AdblockPro) - {04F2568A-3E7A-422D-A71E-DC088A635F7D} - C:\Users\Lia\AppData\Roaming\AdblockPro\IE\AdblockPro.dll (Adblock Pro Inc.) O2 - BHO: (AdobeReader) - {AC6401E9-813B-46DA-B06F-A4FFA2F9AE6D} - C:\Users\Lia\AppData\Roaming\AdobeReader\IE\AdobeReader.dll (Adobe Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4:64bit: - HKLM..\Run: [PrnStatusMX] C:\Programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\hppusg.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [mctadmin] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.08.17 15:57:25 | 000,000,000 | R--D | C] -- C:\Users\Lia Admin\Videos [2011.08.17 15:57:25 | 000,000,000 | R--D | C] -- C:\Users\Lia Admin\Pictures [2011.08.17 15:57:25 | 000,000,000 | R--D | C] -- C:\Users\Lia Admin\Music [2011.08.17 15:57:25 | 000,000,000 | R--D | C] -- C:\Users\Lia Admin\Links [2011.08.17 15:57:25 | 000,000,000 | R--D | C] -- C:\Users\Lia Admin\Favorites [2011.08.17 15:57:25 | 000,000,000 | R--D | C] -- C:\Users\Lia Admin\Downloads [2011.08.17 15:57:25 | 000,000,000 | R--D | C] -- C:\Users\Lia Admin\Documents [2011.08.17 15:57:25 | 000,000,000 | R--D | C] -- C:\Users\Lia Admin\Desktop [2011.08.17 15:57:25 | 000,000,000 | -HSD | C] -- C:\Users\Lia Admin\Vorlagen [2011.08.17 15:57:25 | 000,000,000 | -HSD | C] -- C:\Users\Lia Admin\Startmenü [2011.08.17 15:57:25 | 000,000,000 | -HSD | C] -- C:\Users\Lia Admin\SendTo [2011.08.17 15:57:25 | 000,000,000 | -HSD | C] -- C:\Users\Lia Admin\Recent [2011.08.17 15:57:25 | 000,000,000 | -HSD | C] -- C:\Users\Lia Admin\Netzwerkumgebung [2011.08.17 15:57:25 | 000,000,000 | -HSD | C] -- C:\Users\Lia Admin\Lokale Einstellungen [2011.08.17 15:57:25 | 000,000,000 | -HSD | C] -- C:\Users\Lia Admin\Eigene Dateien [2011.08.17 15:57:25 | 000,000,000 | -HSD | C] -- C:\Users\Lia Admin\Druckumgebung [2011.08.17 15:57:25 | 000,000,000 | -HSD | C] -- C:\Users\Lia Admin\Cookies [2011.08.17 15:57:25 | 000,000,000 | -HSD | C] -- C:\Users\Lia Admin\Anwendungsdaten [2011.08.17 15:57:25 | 000,000,000 | -H-D | C] -- C:\Users\Lia Admin\AppData [2011.08.17 15:57:25 | 000,000,000 | ---D | C] -- C:\Users\Lia Admin\Saved Games [2011.08.16 19:54:18 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.08.16 19:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.08.16 19:54:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.08.16 19:54:13 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.08.16 19:54:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.08.15 22:35:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET ========== Files - Modified Within 30 Days ========== [2011.08.17 16:52:52 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.08.17 16:52:52 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.08.17 09:16:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.08.17 09:15:53 | 3220,561,920 | -HS- | M] () -- C:\hiberfil.sys [2011.08.16 21:03:27 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI [2011.08.16 19:54:18 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.12 14:03:53 | 001,519,874 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.08.12 14:03:53 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.08.12 14:03:53 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.08.12 14:03:53 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.08.12 14:03:53 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.08.10 09:24:14 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.08.06 20:48:24 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.08.06 20:48:24 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job ========== Files Created - No Company Name ========== [2011.08.16 19:54:18 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.14 18:37:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.04.05 22:03:49 | 006,108,456 | R--- | C] () -- \hpcljcp1215drv32.cab [2011.04.05 22:03:49 | 001,712,128 | ---- | C] () -- \ProductInst.exe [2011.04.05 22:03:49 | 000,434,371 | R--- | C] () -- \hpcljcp1215_deww.cab [2011.04.05 22:03:49 | 000,434,371 | ---- | C] () -- \hpcljcp1215_enww.cab [2011.04.05 22:03:49 | 000,316,416 | R--- | C] () -- \DIFxAPI.dll [2011.04.05 22:03:49 | 000,208,896 | ---- | C] () -- \Strings.dll [2011.04.05 22:03:49 | 000,118,335 | R--- | C] () -- \hp121532.cat [2011.04.05 22:03:49 | 000,069,632 | ---- | C] () -- \WpInstall.exe [2011.04.05 22:03:49 | 000,015,212 | R--- | C] () -- \HPCP1215.INF [2011.04.05 22:03:49 | 000,000,736 | R--- | C] () -- \properties.ini [2011.04.05 22:03:49 | 000,000,039 | R--- | C] () -- \SUcp1215.VER [2011.03.31 20:17:08 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.03.21 21:04:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.03.21 21:02:09 | 3220,561,920 | -HS- | C] () -- \hiberfil.sys [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.02.07 10:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\hppatusg01.dll [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI ========== LOP Check ========== [2011.08.04 10:24:31 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < Malwarebytes' Anti-Malware 1.51.1.1800 > < Malwarebytes : Free anti-malware, anti-virus and spyware removal download > < > < Datenbank Version: 7480 > < > < Windows 6.1.7601 Service Pack 1 > < Internet Explorer 9.0.8112.16421 > < > < 17.08.2011 17:01:46 > < mbam-log-2011-08-17 (17-01-46).txt > < > < Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) > < Durchsuchte Objekte: 320112 > < Laufzeit: 1 Stunde(n), 1 Minute(n), 52 Sekunde(n) > < > < Infizierte Speicherprozesse: 0 > < Infizierte Speichermodule: 0 > < Infizierte Registrierungsschlüssel: 0 > < Infizierte Registrierungswerte: 0 > < Infizierte Dateiobjekte der Registrierung: 0 > < Infizierte Verzeichnisse: 0 > < Infizierte Dateien: 0 > < > < Infizierte Speicherprozesse: > < (Keine bösartigen Objekte gefunden) > < > < Infizierte Speichermodule: > < (Keine bösartigen Objekte gefunden) > < > < Infizierte Registrierungsschlüssel: > < (Keine bösartigen Objekte gefunden) > < > < Infizierte Registrierungswerte: > < (Keine bösartigen Objekte gefunden) > < > < Infizierte Dateiobjekte der Registrierung: > < (Keine bösartigen Objekte gefunden) > < > < Infizierte Verzeichnisse: > < (Keine bösartigen Objekte gefunden) > < > < Infizierte Dateien: > < (Keine bösartigen Objekte gefunden) > < End of report > |
|
17.08.2011, 21:12
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Facebook Viren Und der Vollscan mit Malwarebytes?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
17.08.2011, 21:19
| #5 |
| | Facebook Viren Hallo, hier kommt er :-), sorry Lia Malwarebytes' Anti-Malware 1.51.1.1800 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 7480 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 17.08.2011 17:01:46 mbam-log-2011-08-17 (17-01-46).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 320112 Laufzeit: 1 Stunde(n), 1 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
17.08.2011, 22:00
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Facebook Viren Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ --> Facebook Viren |
|
22.08.2011, 13:04
| #7 |
| | Facebook Viren Hallo, hier kommt die Datei. Lia ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=f81b7f478c9cae49b262e4f9663c113e # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-08-15 10:08:00 # local_time=2011-08-16 12:08:00 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1797 16775165 100 94 218782 49981766 263380 0 # compatibility_mode=5893 16776573 100 94 302986 65071195 0 0 # compatibility_mode=8192 67108863 100 0 812 812 0 0 # scanned=181306 # found=92 # cleaned=92 # scan_time=4735 C:\$Recycle.Bin\S-1-5-21-1084300786-1220908116-2246298836-1000\$RUH642I.scr a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4DV04SKF\ok[1].exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IW08VRRG\brun[1].exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MIE9ACIR\bz[1].zip a variant of Win32/Injector.IPE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MIE9ACIR\fac[1].exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MIE9ACIR\hi[1].exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YMXESO50\bc[1].zip a variant of Win32/Injector.IPF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YMXESO50\bzt[1].exe a variant of Win32/Kryptik.RRC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YMXESO50\ox[1].zip a variant of Win32/Injector.IPG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\0185664.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\0311589.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\03147.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\0330381.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\0442309.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\0503884.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\0618097.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\0650783.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\0876952.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\0889697.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\0954354.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\0998545.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\1100263.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\1202346.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\1312849.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\1327271.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\1505050.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\2007446.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\2012411.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\2070142.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\2077489.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\2206635.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\2231847.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\2291234.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\2737929.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\2949916.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\3029862.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\3039682.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\3362109.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\3437213.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\3443450.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\3484341.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\3742883.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\3891093.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\3896865.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\3930865.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\4109270.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\4548690.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\4632213.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\4784060.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\4979756.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\5197751.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\5239699.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\5326323.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\5358000.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\5382448.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\5610251.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\5891465.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\5916965.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\5927959.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\5929300.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\6016282.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\6118099.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\6227095.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\6257390.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\6335379.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\6385569.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\6511798.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\6514387.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\6536465.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\6802327.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\6856967.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\7009330.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\7057696.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\7469153.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\7605747.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\7665651.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\7828768.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\8438090.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\8821514.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\9020588.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\9169464.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\9176284.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\9220248.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\9222248.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\9728101.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\9798825.exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\9938686.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\tmp08.exe a variant of Win32/Injector.IPF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OY2DYDGG\kbc[1].exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\AppData\Local\Temp\Temporary Internet Files\Content.IE5\V1TF59AE\uh[1].exe a variant of Win32/Injector.IPH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\Cache\igfxdl32.exe a variant of Win32/Kryptik.RRC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Lia\M-1-54-6324-575-5275\winsvc.exe a variant of Win32/Kryptik.RMC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=f81b7f478c9cae49b262e4f9663c113e # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-08-16 08:17:53 # local_time=2011-08-16 10:17:53 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=1797 16775165 100 94 246352 50009336 290950 0 # compatibility_mode=5893 16776573 100 94 330556 65098765 0 0 # compatibility_mode=8192 67108863 100 0 28382 28382 0 0 # scanned=181213 # found=4 # cleaned=0 # scan_time=13779 C:\Users\Lia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MIE9ACIR\ok[1].exe a variant of Win32/Injector.IPH trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Lia\AppData\Local\Temp\5010279.exe a variant of Win32/Injector.IPH trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Lia\AppData\Local\Temp\6705731.exe a variant of Win32/Injector.IPH trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Lia\AppData\Local\Temp\7127324.exe a variant of Win32/Injector.IPH trojan (unable to clean) 00000000000000000000000000000000 I ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=f81b7f478c9cae49b262e4f9663c113e # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-08-22 10:47:05 # local_time=2011-08-22 12:47:05 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=1797 16775165 100 94 88407 50540559 81073 0 # compatibility_mode=5893 16776573 100 94 260916 65629988 0 0 # compatibility_mode=8192 67108863 100 0 559605 559605 0 0 # scanned=189322 # found=1 # cleaned=0 # scan_time=9907 C:\Users\Lia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MIE9ACIR\ok[1].exe a variant of Win32/Injector.IPH trojan (unable to clean) 00000000000000000000000000000000 I |
|
22.08.2011, 18:30
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Facebook Viren Beim OTL-CustomScan ist was schiefgelaufen, bitte nochmal richtig wiederholen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.08.2011, 07:04
| #9 |
| | Facebook Viren OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.08.2011 07:51:21 - Run 2 OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Lia\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 64,67% Memory free 8,00 Gb Paging File | 6,35 Gb Available in Paging File | 79,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 424,66 Gb Total Space | 324,03 Gb Free Space | 76,30% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 29,19 Gb Free Space | 72,98% Space Free | Partition Type: NTFS Computer Name:***** | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Lia\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia) PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\hppusg.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\Lia\AppData\Roaming\Mozilla\Firefox\Profiles\0yswwm0m.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCoreGecko5.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e47bab16c150f9697594d8fd65532578\System.Runtime.Serialization.Formatters.Soap.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Maps Service API.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtWebKit4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtNetwork4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\sqldrivers\qsqlite4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Imageformats\qgif4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtGui4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtXmlPatterns4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtCore4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtDeclarative4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtScript4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtOpenGL4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtXml4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\phonon4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtSql4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtMultimediaKit1.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\mediaservice\dsengine.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QxtCore.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QxtWeb.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\qjson.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\ssoengine.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\OviShareLib.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\securestorage.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\CommonUpdateChecker.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\Interop.hpqusg.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\SysWOW64\hppatusg01.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\HPUsageTracking.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\hppusg.exe () MOD - C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\HPToolkit.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\Enumeration.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\HPTools.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\HPStreamsInterface.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\zlib1.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (acpials) -- C:\Windows\SysNative\drivers\acpials.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.26 12:26:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.07.18 10:01:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.08.22 17:10:28 | 000,000,000 | ---D | M] [2011.03.15 13:21:54 | 000,000,931 | ---- | M] () -- \Users\Lia\AppData\Roaming\Mozilla\Firefox\Profiles\0yswwm0m.default\searchplugins\conduit.xml [2011.06.13 10:33:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011.06.13 10:33:00 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} File not found (No name found) -- [2011.08.16 06:20:06 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\USERS\LIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0YSWWM0M.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} [2011.08.16 20:55:35 | 000,000,000 | ---D | M] (WOT) -- C:\USERS\LIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0YSWWM0M.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7} [2011.04.04 21:49:41 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\USERS\LIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0YSWWM0M.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C} () (No name found) -- C:\USERS\LIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0YSWWM0M.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.08.12 19:33:39 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\USERS\LIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0YSWWM0M.DEFAULT\EXTENSIONS\{E001C731-5E37-4538-A5CB-8168736A2360} [2011.04.13 22:51:35 | 000,000,000 | ---D | M] (AdblockPro) -- C:\USERS\LIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0YSWWM0M.DEFAULT\EXTENSIONS\ADBLOCK@ADBLOCKPRO.COM [2011.04.13 22:51:35 | 000,000,000 | ---D | M] (AdobeReader) -- C:\USERS\LIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0YSWWM0M.DEFAULT\EXTENSIONS\PDFREADER@ADOBE.COM [2011.06.26 12:26:14 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (AdblockPro) - {04F2568A-3E7A-422D-A71E-DC088A635F7D} - C:\Users\Lia\AppData\Roaming\AdblockPro\IE\AdblockPro.dll (Adblock Pro Inc.) O2 - BHO: (AdobeReader) - {AC6401E9-813B-46DA-B06F-A4FFA2F9AE6D} - C:\Users\Lia\AppData\Roaming\AdobeReader\IE\AdobeReader.dll (Adobe Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4:64bit: - HKLM..\Run: [PrnStatusMX] C:\Programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\hppusg.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [mctadmin] File not found O4 - HKCU..\RunOnce: [NokiaOviSuite.exe] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Lia Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lia Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Lia Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lia Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.08.22 17:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia [2011.08.22 17:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia [2011.08.22 17:10:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution [2011.08.17 15:57:25 | 000,000,000 | R--D | C] -- C:\Users\Lia Admin\Videos [2011.08.17 15:57:25 | 000,000,000 | R--D | C] -- C:\Users\Lia Admin\Pictures [2011.08.17 15:57:25 | 000,000,000 | R--D | C] -- C:\Users\Lia Admin\Music [2011.08.17 15:57:25 | 000,000,000 | R--D | C] -- C:\Users\Lia Admin\Links [2011.08.17 15:57:25 | 000,000,000 | R--D | C] -- C:\Users\Lia Admin\Favorites [2011.08.17 15:57:25 | 000,000,000 | R--D | C] -- C:\Users\Lia Admin\Downloads [2011.08.17 15:57:25 | 000,000,000 | R--D | C] -- C:\Users\Lia Admin\Documents [2011.08.17 15:57:25 | 000,000,000 | R--D | C] -- C:\Users\Lia Admin\Desktop [2011.08.17 15:57:25 | 000,000,000 | -HSD | C] -- C:\Users\Lia Admin\Vorlagen [2011.08.17 15:57:25 | 000,000,000 | -HSD | C] -- C:\Users\Lia Admin\Startmenü [2011.08.17 15:57:25 | 000,000,000 | -HSD | C] -- C:\Users\Lia Admin\SendTo [2011.08.17 15:57:25 | 000,000,000 | -HSD | C] -- C:\Users\Lia Admin\Recent [2011.08.17 15:57:25 | 000,000,000 | -HSD | C] -- C:\Users\Lia Admin\Netzwerkumgebung [2011.08.17 15:57:25 | 000,000,000 | -HSD | C] -- C:\Users\Lia Admin\Lokale Einstellungen [2011.08.17 15:57:25 | 000,000,000 | -HSD | C] -- C:\Users\Lia Admin\Eigene Dateien [2011.08.17 15:57:25 | 000,000,000 | -HSD | C] -- C:\Users\Lia Admin\Druckumgebung [2011.08.17 15:57:25 | 000,000,000 | -HSD | C] -- C:\Users\Lia Admin\Cookies [2011.08.17 15:57:25 | 000,000,000 | -HSD | C] -- C:\Users\Lia Admin\Anwendungsdaten [2011.08.17 15:57:25 | 000,000,000 | -H-D | C] -- C:\Users\Lia Admin\AppData [2011.08.17 15:57:25 | 000,000,000 | ---D | C] -- C:\Users\Lia Admin\Saved Games [2011.08.16 19:54:18 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.08.16 19:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.08.16 19:54:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.08.16 19:54:13 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.08.16 19:54:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.08.15 22:35:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.08.12 14:01:00 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.08.12 14:01:00 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.08.12 14:00:58 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.08.12 14:00:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.08.12 14:00:57 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2011.08.12 14:00:57 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.08.12 14:00:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.08.12 14:00:56 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.08.12 14:00:56 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.08.12 10:33:17 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2011.08.12 10:33:17 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2011.08.12 10:33:16 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2011.08.10 21:43:36 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2011.08.10 21:43:36 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2011.08.10 21:43:35 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2011.08.10 21:43:35 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2011.08.10 21:43:35 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2011.08.10 21:43:35 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2011.08.10 21:43:35 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2011.08.10 21:43:35 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2011.08.10 21:43:35 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2011.08.10 21:43:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2011.08.10 21:43:35 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2011.08.10 21:43:35 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2011.08.10 21:43:35 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2011.08.10 21:43:35 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2011.08.10 21:43:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2011.08.10 21:43:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2011.08.10 21:43:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2011.08.10 21:43:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2011.08.10 21:43:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2011.08.10 21:43:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2011.08.10 21:43:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2011.08.10 21:43:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2011.08.10 21:43:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2011.08.10 21:43:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2011.08.10 21:43:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2011.08.10 21:43:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2011.08.10 21:43:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2011.08.10 21:43:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2011.08.10 21:43:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2011.08.10 21:43:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2011.08.10 21:43:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2011.08.10 21:43:33 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2011.08.10 21:43:33 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2011.08.10 21:43:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2011.08.10 21:43:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2011.08.10 21:43:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2011.08.10 21:43:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2011.08.10 21:43:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2011.08.10 21:43:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2011.08.10 21:43:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2011.08.10 21:43:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2011.08.10 20:20:05 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll [2011.08.10 20:20:05 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll [2011.08.10 20:20:05 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll [2011.08.10 20:20:05 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll [2011.08.10 20:20:05 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll [2011.08.10 20:20:05 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll [2011.08.10 20:20:05 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll [2011.08.10 20:20:05 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll [2011.08.10 20:20:05 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll [2011.08.10 19:11:33 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll ========== Files - Modified Within 30 Days ========== [2011.08.23 07:48:54 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.08.23 07:48:54 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.08.23 07:41:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.08.23 07:41:22 | 3220,561,920 | -HS- | M] () -- C:\hiberfil.sys [2011.08.22 17:11:37 | 000,002,100 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk [2011.08.16 21:03:27 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI [2011.08.16 19:54:18 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.15 13:18:44 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.08.12 14:03:53 | 001,519,874 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.08.12 14:03:53 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.08.12 14:03:53 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.08.12 14:03:53 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.08.12 14:03:53 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.08.10 09:24:14 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.08.06 20:48:24 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.08.06 20:48:24 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job ========== Files Created - No Company Name ========== [2011.08.22 17:11:37 | 000,002,100 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk [2011.08.16 19:54:18 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.14 18:37:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.04.05 22:03:49 | 006,108,456 | R--- | C] () -- \hpcljcp1215drv32.cab [2011.04.05 22:03:49 | 001,712,128 | ---- | C] () -- \ProductInst.exe [2011.04.05 22:03:49 | 000,434,371 | R--- | C] () -- \hpcljcp1215_deww.cab [2011.04.05 22:03:49 | 000,434,371 | ---- | C] () -- \hpcljcp1215_enww.cab [2011.04.05 22:03:49 | 000,316,416 | R--- | C] () -- \DIFxAPI.dll [2011.04.05 22:03:49 | 000,208,896 | ---- | C] () -- \Strings.dll [2011.04.05 22:03:49 | 000,118,335 | R--- | C] () -- \hp121532.cat [2011.04.05 22:03:49 | 000,069,632 | ---- | C] () -- \WpInstall.exe [2011.04.05 22:03:49 | 000,015,212 | R--- | C] () -- \HPCP1215.INF [2011.04.05 22:03:49 | 000,000,736 | R--- | C] () -- \properties.ini [2011.04.05 22:03:49 | 000,000,039 | R--- | C] () -- \SUcp1215.VER [2011.03.31 20:17:08 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.03.21 21:04:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.03.21 21:02:09 | 3220,561,920 | -HS- | C] () -- \hiberfil.sys [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.02.07 10:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\hppatusg01.dll [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI ========== LOP Check ========== [2011.08.04 10:24:31 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
|
23.08.2011, 07:06
| #10 |
| | Facebook Viren OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.08.2011 07:51:21 - Run 2 OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Lia\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 64,67% Memory free 8,00 Gb Paging File | 6,35 Gb Available in Paging File | 79,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 424,66 Gb Total Space | 324,03 Gb Free Space | 76,30% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 29,19 Gb Free Space | 72,98% Space Free | Partition Type: NTFS Computer Name:***** | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Lia\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia) PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\hppusg.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\Lia\AppData\Roaming\Mozilla\Firefox\Profiles\0yswwm0m.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCoreGecko5.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e47bab16c150f9697594d8fd65532578\System.Runtime.Serialization.Formatters.Soap.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Maps Service API.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtWebKit4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtNetwork4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\sqldrivers\qsqlite4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Imageformats\qgif4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtGui4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtXmlPatterns4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtCore4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtDeclarative4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtScript4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtOpenGL4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtXml4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\phonon4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtSql4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtMultimediaKit1.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\mediaservice\dsengine.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QxtCore.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QxtWeb.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\qjson.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\ssoengine.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\OviShareLib.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\securestorage.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\CommonUpdateChecker.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\Interop.hpqusg.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\SysWOW64\hppatusg01.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\HPUsageTracking.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\hppusg.exe () MOD - C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\HPToolkit.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\Enumeration.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\HPTools.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\HPStreamsInterface.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\zlib1.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (acpials) -- C:\Windows\SysNative\drivers\acpials.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.26 12:26:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.07.18 10:01:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.08.22 17:10:28 | 000,000,000 | ---D | M] [2011.03.15 13:21:54 | 000,000,931 | ---- | M] () -- \Users\Lia\AppData\Roaming\Mozilla\Firefox\Profiles\0yswwm0m.default\searchplugins\conduit.xml [2011.06.13 10:33:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011.06.13 10:33:00 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} File not found (No name found) -- [2011.08.16 06:20:06 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\USERS\LIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0YSWWM0M.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} [2011.08.16 20:55:35 | 000,000,000 | ---D | M] (WOT) -- C:\USERS\LIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0YSWWM0M.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7} [2011.04.04 21:49:41 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\USERS\LIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0YSWWM0M.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C} () (No name found) -- C:\USERS\LIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0YSWWM0M.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.08.12 19:33:39 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\USERS\LIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0YSWWM0M.DEFAULT\EXTENSIONS\{E001C731-5E37-4538-A5CB-8168736A2360} [2011.04.13 22:51:35 | 000,000,000 | ---D | M] (AdblockPro) -- C:\USERS\LIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0YSWWM0M.DEFAULT\EXTENSIONS\ADBLOCK@ADBLOCKPRO.COM [2011.04.13 22:51:35 | 000,000,000 | ---D | M] (AdobeReader) -- C:\USERS\LIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0YSWWM0M.DEFAULT\EXTENSIONS\PDFREADER@ADOBE.COM [2011.06.26 12:26:14 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (AdblockPro) - {04F2568A-3E7A-422D-A71E-DC088A635F7D} - C:\Users\Lia\AppData\Roaming\AdblockPro\IE\AdblockPro.dll (Adblock Pro Inc.) O2 - BHO: (AdobeReader) - {AC6401E9-813B-46DA-B06F-A4FFA2F9AE6D} - C:\Users\Lia\AppData\Roaming\AdobeReader\IE\AdobeReader.dll (Adobe Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4:64bit: - HKLM..\Run: [PrnStatusMX] C:\Programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\Hewlett-Packard\HP UT\bin\hppusg.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [mctadmin] File not found O4 - HKCU..\RunOnce: [NokiaOviSuite.exe] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Lia Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lia Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Lia Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lia Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.08.22 17:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia [2011.08.22 17:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia [2011.08.22 17:10:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution [2011.08.17 15:57:25 | 000,000,000 | R--D | C] -- C:\Users\Lia Admin\Videos [2011.08.17 15:57:25 | 000,000,000 | R--D | C] -- C:\Users\Lia Admin\Pictures [2011.08.17 15:57:25 | 000,000,000 | R--D | C] -- C:\Users\Lia Admin\Music [2011.08.17 15:57:25 | 000,000,000 | R--D | C] -- C:\Users\Lia Admin\Links [2011.08.17 15:57:25 | 000,000,000 | R--D | C] -- C:\Users\Lia Admin\Favorites [2011.08.17 15:57:25 | 000,000,000 | R--D | C] -- C:\Users\Lia Admin\Downloads [2011.08.17 15:57:25 | 000,000,000 | R--D | C] -- C:\Users\Lia Admin\Documents [2011.08.17 15:57:25 | 000,000,000 | R--D | C] -- C:\Users\Lia Admin\Desktop [2011.08.17 15:57:25 | 000,000,000 | -HSD | C] -- C:\Users\Lia Admin\Vorlagen [2011.08.17 15:57:25 | 000,000,000 | -HSD | C] -- C:\Users\Lia Admin\Startmenü [2011.08.17 15:57:25 | 000,000,000 | -HSD | C] -- C:\Users\Lia Admin\SendTo [2011.08.17 15:57:25 | 000,000,000 | -HSD | C] -- C:\Users\Lia Admin\Recent [2011.08.17 15:57:25 | 000,000,000 | -HSD | C] -- C:\Users\Lia Admin\Netzwerkumgebung [2011.08.17 15:57:25 | 000,000,000 | -HSD | C] -- C:\Users\Lia Admin\Lokale Einstellungen [2011.08.17 15:57:25 | 000,000,000 | -HSD | C] -- C:\Users\Lia Admin\Eigene Dateien [2011.08.17 15:57:25 | 000,000,000 | -HSD | C] -- C:\Users\Lia Admin\Druckumgebung [2011.08.17 15:57:25 | 000,000,000 | -HSD | C] -- C:\Users\Lia Admin\Cookies [2011.08.17 15:57:25 | 000,000,000 | -HSD | C] -- C:\Users\Lia Admin\Anwendungsdaten [2011.08.17 15:57:25 | 000,000,000 | -H-D | C] -- C:\Users\Lia Admin\AppData [2011.08.17 15:57:25 | 000,000,000 | ---D | C] -- C:\Users\Lia Admin\Saved Games [2011.08.16 19:54:18 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.08.16 19:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.08.16 19:54:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.08.16 19:54:13 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.08.16 19:54:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.08.15 22:35:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.08.12 14:01:00 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.08.12 14:01:00 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.08.12 14:00:58 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.08.12 14:00:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.08.12 14:00:57 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2011.08.12 14:00:57 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.08.12 14:00:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.08.12 14:00:56 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.08.12 14:00:56 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.08.12 10:33:17 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2011.08.12 10:33:17 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2011.08.12 10:33:16 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2011.08.10 21:43:36 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2011.08.10 21:43:36 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2011.08.10 21:43:35 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2011.08.10 21:43:35 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2011.08.10 21:43:35 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2011.08.10 21:43:35 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2011.08.10 21:43:35 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2011.08.10 21:43:35 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2011.08.10 21:43:35 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2011.08.10 21:43:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2011.08.10 21:43:35 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2011.08.10 21:43:35 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2011.08.10 21:43:35 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2011.08.10 21:43:35 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2011.08.10 21:43:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2011.08.10 21:43:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2011.08.10 21:43:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2011.08.10 21:43:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2011.08.10 21:43:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2011.08.10 21:43:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2011.08.10 21:43:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2011.08.10 21:43:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2011.08.10 21:43:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2011.08.10 21:43:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2011.08.10 21:43:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2011.08.10 21:43:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2011.08.10 21:43:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2011.08.10 21:43:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2011.08.10 21:43:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2011.08.10 21:43:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2011.08.10 21:43:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2011.08.10 21:43:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2011.08.10 21:43:33 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2011.08.10 21:43:33 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2011.08.10 21:43:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2011.08.10 21:43:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2011.08.10 21:43:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2011.08.10 21:43:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2011.08.10 21:43:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2011.08.10 21:43:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2011.08.10 21:43:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2011.08.10 21:43:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2011.08.10 20:20:05 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll [2011.08.10 20:20:05 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll [2011.08.10 20:20:05 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll [2011.08.10 20:20:05 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll [2011.08.10 20:20:05 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll [2011.08.10 20:20:05 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll [2011.08.10 20:20:05 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll [2011.08.10 20:20:05 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll [2011.08.10 20:20:05 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll [2011.08.10 19:11:33 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll ========== Files - Modified Within 30 Days ========== [2011.08.23 07:48:54 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.08.23 07:48:54 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.08.23 07:41:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.08.23 07:41:22 | 3220,561,920 | -HS- | M] () -- C:\hiberfil.sys [2011.08.22 17:11:37 | 000,002,100 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk [2011.08.16 21:03:27 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI [2011.08.16 19:54:18 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.15 13:18:44 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.08.12 14:03:53 | 001,519,874 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.08.12 14:03:53 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.08.12 14:03:53 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.08.12 14:03:53 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.08.12 14:03:53 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.08.10 09:24:14 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.08.06 20:48:24 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.08.06 20:48:24 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job ========== Files Created - No Company Name ========== [2011.08.22 17:11:37 | 000,002,100 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk [2011.08.16 19:54:18 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.14 18:37:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.04.05 22:03:49 | 006,108,456 | R--- | C] () -- \hpcljcp1215drv32.cab [2011.04.05 22:03:49 | 001,712,128 | ---- | C] () -- \ProductInst.exe [2011.04.05 22:03:49 | 000,434,371 | R--- | C] () -- \hpcljcp1215_deww.cab [2011.04.05 22:03:49 | 000,434,371 | ---- | C] () -- \hpcljcp1215_enww.cab [2011.04.05 22:03:49 | 000,316,416 | R--- | C] () -- \DIFxAPI.dll [2011.04.05 22:03:49 | 000,208,896 | ---- | C] () -- \Strings.dll [2011.04.05 22:03:49 | 000,118,335 | R--- | C] () -- \hp121532.cat [2011.04.05 22:03:49 | 000,069,632 | ---- | C] () -- \WpInstall.exe [2011.04.05 22:03:49 | 000,015,212 | R--- | C] () -- \HPCP1215.INF [2011.04.05 22:03:49 | 000,000,736 | R--- | C] () -- \properties.ini [2011.04.05 22:03:49 | 000,000,039 | R--- | C] () -- \SUcp1215.VER [2011.03.31 20:17:08 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.03.21 21:04:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.03.21 21:02:09 | 3220,561,920 | -HS- | C] () -- \hiberfil.sys [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.02.07 10:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\hppatusg01.dll [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI ========== LOP Check ========== [2011.08.04 10:24:31 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
|
23.08.2011, 10:52
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Facebook Viren Sry aber kopierst du auch wikrlich an angegeben Text aus der Codebox ins Textfeld von OTL? Sieht mir nämlich nicht danach aus.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.08.2011, 14:45
| #12 |
| | Facebook Viren Ja, wenn der Scan beendet ist geht ein Fenster auf, diese Daten habe ich dann kopiert und eingefügt. Was mache ich falsch? Lia |
|
23.08.2011, 14:48
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Facebook Viren Du klickst auch auf den Button alles kopieren über der Codebox, damit wirklich der gesamte Text kopiert wird?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.08.2011, 14:53
| #14 |
| | Facebook Viren Ich mach es noch mal |
|
23.08.2011, 15:22
| #15 |
| | Facebook Viren OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.08.2011 07:51:21 - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Lia\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 64,67% Memory free
8,00 Gb Paging File | 6,35 Gb Available in Paging File | 79,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 424,66 Gb Total Space | 324,03 Gb Free Space | 76,30% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 29,19 Gb Free Space | 72,98% Space Free | Partition Type: NTFS
Computer Name: LIA-PC | User Name: Lia Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{2BF53A9A-EC11-4429-B29D-19A9276092EF}" = HP LaserJet Toolbox
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{54360A73-B080-4A69-BFD4-53C190DD3AB0}" = HP Color LaserJet CP1210 Series
"{9A945B7E-4F69-4DDA-B14B-E4DE8446A010}" = MrvlUsgTracking64
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{F323676A-B911-4B57-827F-32D02DCD4971}" = HP Color LaserJet CP1210 Series Toolbox
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows-Treiberpaket - Nokia Modem (10/07/2010 4.6)
"E5372C32E8562C76C24DBA6525002B1031495F34" = Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.8)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"HP Color LaserJet CP1210 Series" = HP Color LaserJet CP1210 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite
"{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9C09E3A4-850A-40B2-B94F-EBFB5349C238}" = hppusgCP1215
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"ESET Online Scanner" = ESET Online Scanner v3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Studio_is1" = Free Studio version 5.1.6
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Google Chrome" = Google Chrome
"HUAWEI DataCard Driver" = HUAWEI DataCard Driver 4.20.12.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 17.08.2011 16:51:58 | Computer Name = Lia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421,
Zeitstempel: 0x4d76255d Name des fehlerhaften Moduls: AdblockPro.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4d91cb25 Ausnahmecode: 0xc0000005 Fehleroffset: 0x100074c5
ID
des fehlerhaften Prozesses: 0x1314 Startzeit der fehlerhaften Anwendung: 0x01cc5d1f6b14f95d
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad
des fehlerhaften Moduls: AdblockPro.dll Berichtskennung: bef5cd41-c912-11e0-ad78-002421f6c060
Error - 17.08.2011 16:56:00 | Computer Name = Lia-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Lia\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 18.08.2011 04:07:31 | Computer Name = Lia-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 18.08.2011 04:08:56 | Computer Name = Lia-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 19.08.2011 03:51:49 | Computer Name = Lia-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 19.08.2011 04:30:00 | Computer Name = Lia-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 19.08.2011 04:30:47 | Computer Name = Lia-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 22.08.2011 04:00:01 | Computer Name = Lia-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Lia\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 22.08.2011 04:00:01 | Computer Name = Lia-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Lia\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 22.08.2011 04:00:08 | Computer Name = Lia-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Lia\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
[ System Events ]
Error - 11.08.2011 01:53:28 | Computer Name = Lia-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 11.08.2011 05:29:58 | Computer Name = Lia-PC | Source = bowser | ID = 8003
Description =
Error - 11.08.2011 14:20:33 | Computer Name = Lia-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 11.08.2011 14:20:33 | Computer Name = Lia-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 11.08.2011 14:20:51 | Computer Name = Lia-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 12.08.2011 04:26:32 | Computer Name = Lia-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 12.08.2011 04:26:32 | Computer Name = Lia-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 12.08.2011 04:26:57 | Computer Name = Lia-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 12.08.2011 08:30:16 | Computer Name = Lia-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 12.08.2011 08:30:16 | Computer Name = Lia-PC | Source = atikmdag | ID = 43029
Description = Display is not active
< End of report >
|
|
| Themen zu Facebook Viren |
| ausgeführt, checkliste, enthält, erstell, facebook, hoffe, link, logdatei, nachrichten, neu, verschickt, viren, virus |
Textbox.
.
Linear-Darstellung
