![]() |
Log-Analyse und Auswertung: Faxcebook VirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() |
![]() | #1 |
| ![]() Faxcebook Virus OTL Extras logfile created on: 01.11.2011 13:38:18 - Run 2 OTL by OldTimer - Version Folder = C:\Users\Tobi\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 56,47% Memory free 7,99 Gb Paging File | 5,92 Gb Available in Paging File | 74,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 148,89 Gb Total Space | 29,20 Gb Free Space | 19,61% Space Free | Partition Type: NTFS Drive D: | 148,81 Gb Total Space | 75,90 Gb Free Space | 51,01% Space Free | Partition Type: NTFS Drive G: | 7,60 Gb Total Space | 1,98 Gb Free Space | 26,10% Space Free | Partition Type: FAT32 Drive N: | 148,89 Gb Total Space | 29,20 Gb Free Space | 19,61% Space Free | Partition Type: NTFS Computer Name: TOBI-PC | User Name: Tobi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallOverride" = 1 "DisableThumbnailCache" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Users\Tobi\Downloads\Flash-Player.exe" = C:\Users\Tobi\Downloads\Flash-Player.exe:*:Enabled:C:\Users\Tobi\Downloads\Flash-Player.exe -- (Cronosoft) "C:\Windows\update.1\svchost.exe" = C:\Windows\update.1\svchost.exe:*:Enabled:C:\Windows\update.1\svchost.exe -- (Cronosoft) "C:\Windows\services32.exe" = C:\Windows\services32.exe:*:Enabled:C:\Windows\services32.exe -- (Cronosoft) "C:\Windows\update.tray-8-0\svchost.exe" = C:\Windows\update.tray-8-0\svchost.exe:*:Enabled:C:\Windows\update.tray-8-0\svchost.exe -- (Cronosoft) "C:\Windows\update.2\svchost.exe" = C:\Windows\update.2\svchost.exe:*:Enabled:C:\Windows\update.2\svchost.exe -- () "C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Users\Tobi\Downloads\Flash-Player.exe" = C:\Users\Tobi\Downloads\Flash-Player.exe:*:Enabled:C:\Users\Tobi\Downloads\Flash-Player.exe -- (Cronosoft) "C:\Windows\update.1\svchost.exe" = C:\Windows\update.1\svchost.exe:*:Enabled:C:\Windows\update.1\svchost.exe -- (Cronosoft) "C:\Windows\services32.exe" = C:\Windows\services32.exe:*:Enabled:C:\Windows\services32.exe -- (Cronosoft) "C:\Windows\update.tray-8-0\svchost.exe" = C:\Windows\update.tray-8-0\svchost.exe:*:Enabled:C:\Windows\update.tray-8-0\svchost.exe -- (Cronosoft) "C:\Windows\update.2\svchost.exe" = C:\Windows\update.2\svchost.exe:*:Enabled:C:\Windows\update.2\svchost.exe -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{18155797-EF2E-4699-9A16-FE787C4C10DB}" = iTunes "{21E2A283-1416-AF26-6DA1-92FDE02224EB}" = ccc-utility64 "{31415CE5-9526-4450-9433-DF8667D2C7F3}" = Abilis Systems WinXP64 Vista64 BDA driver (x64) "{3690900F-85EA-447F-BAD1-5CA25AA9B627}" = HP Deskjet F2200 All-In-One Driver Software 13.0 Rel. 3 "{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer "{5792CD64-61B4-C448-0D22-3C51DD73AB2A}" = ATI Catalyst Install Manager "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor "{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows-Treiberpaket - Nokia Modem (10/07/2010 4.6) "CNXT_AUDIO_HDA" = Conexant HD Audio "CNXT_AUDIO_HDA_HDMI" = Conexant Audio Driver For AMD HDMI Codec "E5372C32E8562C76C24DBA6525002B1031495F34" = Windows-Treiberpaket - Nokia Modem (06/09/2010 "EPSON Printer and Utilities" = EPSON-Drucker-Software "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing 4.51 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "icPlus" = icPlus "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software "SearchAnonymizer" = SearchAnonymizer "Shop for HP Supplies" = Shop for HP Supplies "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02950E10-1AA3-DF62-FED5-42CBD4ADC5C1}" = CCC Help Dutch "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver "{118F5964-DA03-7B46-BDEA-7C3FA203D293}" = CCC Help Spanish "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist "{1CF51B76-7485-410C-D06D-23D1060974D3}" = Catalyst Control Center Core Implementation "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{21759FAC-AE5F-F171-EB4C-D2FBF66EDD04}" = CCC Help Czech "{219B4856-468A-F0BB-8249-E630AD4E86C2}" = ccc-core-static "{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{23EA31D7-28CD-F7B3-024C-6EB784F1BC79}" = CCC Help Russian "{24F5BFDD-18E0-41F6-8A68-A22C742FC4A1}" = TubeBox! "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2B000B80-A3FA-4B92-A5FF-D9AD402B6701}" = Toshiba TEMPRO "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2BB0BDFF-E193-42A0-90BE-2D59441E51D2}" = F2200 "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3669F19D-D7C2-3240-C4EC-A57DECC124FC}" = CCC Help Japanese "{38A0161D-7CD3-51AD-0ACB-F46DD34D2FF6}" = CCC Help Greek "{39670BCD-6300-21D8-78A4-ECD68D0C4D95}" = CCC Help Chinese Standard "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{46A46830-50AA-3326-7A57-72BB03E6B3EC}" = CCC Help Hungarian "{47984ADB-54E9-BE8F-E39F-8B1FAAD4B192}" = CCC Help Polish "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{5570C266-C606-85BC-6E23-C858566E02DB}" = CCC Help Swedish "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE "{5E620377-939F-3E6B-F328-4A69D9CA0D1B}" = CCC Help French "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{607BE7BF-7C28-4ADB-A4A0-385962B901C3}" = TOSHIBA ConfigFree "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{65F5F454-0029-045D-82ED-126F650B5C8F}" = Catalyst Control Center Graphics Previews Vista "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6 "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.5.2 "{836775DC-DC27-BC0C-7770-68E2591F6CC6}" = CCC Help Norwegian "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{86236CB1-023D-82B2-A706-74ECFFA91A8E}" = Catalyst Control Center Graphics Previews Common "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B4BD0EF-A058-3F42-0AD8-763267A735D0}" = Catalyst Control Center Graphics Full New "{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}" = Catalyst Control Center - Branding "{8BE504E9-0677-87AC-07D2-1A1428E17A92}" = Catalyst Control Center InstallProxy "{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91D25D3C-A6D8-78D4-CDE7-F70B93389A03}" = CCC Help Italian "{94F3D243-2006-4B2D-9160-C2A33F74BB84}" = Windows Media Center Edition MPEG Codec Plug-in "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller "{9A4C534E-431F-4A17-97D4-D1682B19A054}" = Emergency4 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CD5AC28-04E5-07A5-100D-953D2B3A8747}" = Catalyst Control Center Graphics Full Existing "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center "{9DA0961E-FCFE-EEF2-04AA-32631F7CEC9E}" = Photo Service - powered by myphotobook "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.6.921 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch "{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9 "{AD8D84C3-D43A-776D-E4A8-2A4433BCBD32}" = CCC Help Korean "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "{B0402CE4-783A-773C-239B-FF45BDFB400E}" = Catalyst Control Center Localization All "{B32B60B9-C31B-3193-257A-2381305A0851}" = CCC Help German "{B3B66630-DA7C-BD66-DFA4-F37AC82873EE}" = CCC Help Danish "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{B8615768-6D66-5E53-C4E1-6F7EC8D9BFFE}" = CCC Help English "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C222566F-1C50-4ECD-A01E-77F9C4B95458}" = DJ_AIO_03_F2200_Software_Min "{C289841E-5B5F-0198-F3FF-CB361D007DA3}" = CCC Help Thai "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C6AC04F5-5916-4A02-BC36-AF5BC0A3CBD4}" = Media Go "{C7BC4EBB-D88F-019D-8ED0-F42F89096B18}" = CCC Help Turkish "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CFCD2A80-EC16-11E0-A273-B8AC6F97B88E}" = Google Earth "{D10D079D-EFDA-9601-98F8-F935A2A411A0}" = CCC Help Chinese Traditional "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting "{DFD723B7-1762-73EC-32BC-A7D9E838808D}" = Catalyst Control Center Graphics Light "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E819AA87-4215-D35A-6872-BF97C32A9DB3}" = CCC Help Finnish "{ED721ABC-423D-4F7D-AEBB-E1E39C388E84}" = Facebook Video Calling "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in "{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FD1F254C-48B2-A188-0127-03855BA15D16}" = CCC Help Portuguese "{FE163F11-1919-4257-A280-FF5AF8DAEECB}" = ICQ Sparberater "{FEF19B15-9DC0-FBCF-4728-AE02501CAD62}" = Media Go Video Playback Engine "1st Autorun Express_is1" = 1st Autorun Express 3.11 (30-day trial) "7-Zip" = 7-Zip 4.65 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Audacity_is1" = Audacity 1.2.6 "AutocompletePro3_is1" = AutocompletePro "DivX Setup.divx.com" = DivX-Setup "DVD Shrink_is1" = DVD Shrink 3.2 "EPSON Printer and Utilities" = EPSON-Drucker-Software "EPSON Scanner" = EPSON Scan "eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook "FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011 "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2 "giants_editor_4.1.7_is1" = GIANTS Editor 4.1.7 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "ICQToolbar" = ICQ Toolbar "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder "InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime "InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de) "Nokia PC Suite" = Nokia PC Suite "Notepad++" = Notepad++ "Orbit_is1" = Orbit Downloader "PhotoScape" = PhotoScape "RealPlayer 12.0" = RealPlayer "San Andreas Mod Installer1.1" = San Andreas Mod Installer "TeamViewer 5" = TeamViewer 5 "TOSHIBA Game Console" = WildTangent ORB Game Console "Totally Free Burner_is1" = Totally Free Burner "Virtual DJ Home Edition - Atomix Productions" = Virtual DJ Home Edition - Atomix Productions "VLC media player" = VLC media player 1.1.2 "WildTangent toshiba Master Uninstall" = WildTangent-Spiele "WinGimp-2.0_is1" = GIMP 2.6.8 "WinLiveSuite_Wave3" = Windows Live Essentials "Winload Toolbar" = Winload Toolbar "WinPcapInst" = WinPcap 4.1.1 "WT083877" = Chuzzle Deluxe "WT083890" = Zuma Deluxe "WT083910" = Jewel Quest II "WT083916" = Diner Dash 2 Restaurant Rescue "WT083925" = Plants vs. Zombies "WT083929" = Bejeweled 2 Deluxe "WT083945" = FATE "WT083958" = Penguins! "WT083959" = Polar Bowler "XMedia Recode" = XMedia Recode "XMind" = XMind "Zattoo4" = Zattoo4 4.0.5 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 15.04.2011 12:54:01 | Computer Name = Tobi-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 9585232 Error - 15.04.2011 13:09:16 | Computer Name = Tobi-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 15.04.2011 13:09:16 | Computer Name = Tobi-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 1060 Error - 15.04.2011 13:09:16 | Computer Name = Tobi-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1060 Error - 15.04.2011 13:09:17 | Computer Name = Tobi-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 15.04.2011 13:09:17 | Computer Name = Tobi-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2090 Error - 15.04.2011 13:09:17 | Computer Name = Tobi-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2090 Error - 15.04.2011 13:09:18 | Computer Name = Tobi-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 15.04.2011 13:09:18 | Computer Name = Tobi-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 3088 Error - 15.04.2011 13:09:18 | Computer Name = Tobi-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 3088 [ Media Center Events ] Error - 11.02.2011 08:21:24 | Computer Name = Tobi-PC | Source = MCUpdate | ID = 0 Description = 13:21:19 - Fehler beim Herstellen der Internetverbindung. 13:21:19 - Serververbindung konnte nicht hergestellt werden.. Error - 12.05.2011 15:18:49 | Computer Name = Tobi-PC | Source = ehRecvr | ID = 3 Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) Abilis Systems Single DVB-T Tuner Error - 07.07.2011 15:53:26 | Computer Name = Tobi-PC | Source = MCUpdate | ID = 0 Description = 21:53:26 - Fehler beim Herstellen der Internetverbindung. 21:53:26 - Serververbindung konnte nicht hergestellt werden.. Error - 07.07.2011 15:53:42 | Computer Name = Tobi-PC | Source = MCUpdate | ID = 0 Description = 21:53:31 - Fehler beim Herstellen der Internetverbindung. 21:53:31 - Serververbindung konnte nicht hergestellt werden.. Error - 09.07.2011 20:31:28 | Computer Name = Tobi-PC | Source = MCUpdate | ID = 0 Description = 02:31:28 - Fehler beim Herstellen der Internetverbindung. 02:31:28 - Serververbindung konnte nicht hergestellt werden.. Error - 13.07.2011 16:17:24 | Computer Name = Tobi-PC | Source = MCUpdate | ID = 0 Description = 22:17:15 - Fehler beim Herstellen der Internetverbindung. 22:17:15 - Serververbindung konnte nicht hergestellt werden.. Error - 15.07.2011 08:13:46 | Computer Name = Tobi-PC | Source = MCUpdate | ID = 0 Description = 14:13:46 - Fehler beim Herstellen der Internetverbindung. 14:13:46 - Serververbindung konnte nicht hergestellt werden.. Error - 15.07.2011 08:14:23 | Computer Name = Tobi-PC | Source = MCUpdate | ID = 0 Description = 14:13:51 - Fehler beim Herstellen der Internetverbindung. 14:13:51 - Serververbindung konnte nicht hergestellt werden.. Error - 23.07.2011 18:28:11 | Computer Name = Tobi-PC | Source = MCUpdate | ID = 0 Description = 00:28:11 - Fehler beim Herstellen der Internetverbindung. 00:28:11 - Serververbindung konnte nicht hergestellt werden.. Error - 23.07.2011 18:28:26 | Computer Name = Tobi-PC | Source = MCUpdate | ID = 0 Description = 00:28:16 - Fehler beim Herstellen der Internetverbindung. 00:28:16 - Serververbindung konnte nicht hergestellt werden.. [ OSession Events ] Error - 07.11.2010 11:21:37 | Computer Name = Tobi-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 40 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 01.11.2011 07:12:44 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Avira Echtzeit Scanner" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 01.11.2011 07:12:44 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Avira Browser Schutz" ist vom Dienst "Avira Echtzeit Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%2 Error - 01.11.2011 07:13:01 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Microsoft Antimalware Service" wurde mit folgendem Fehler beendet: %%-2147017840 Error - 01.11.2011 07:13:11 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "srvbtcclient" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 01.11.2011 07:20:10 | Computer Name = Tobi-PC | Source = Microsoft Antimalware | ID = 5101 Description = %%860 grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: %%873 Expiration Date (UTC): ?01.?11.?2011 11:20:10 Error Code: 0x80092003 Error Description: Beim Lesen oder Schreiben einer Datei ist ein Fehler aufgetreten. Error - 01.11.2011 07:20:11 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Avira Planer" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 01.11.2011 07:20:11 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Avira Echtzeit Scanner" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 01.11.2011 07:20:11 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Avira Browser Schutz" ist vom Dienst "Avira Echtzeit Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%2 Error - 01.11.2011 07:20:23 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "srvbtcclient" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 01.11.2011 07:20:25 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Microsoft Antimalware Service" wurde mit folgendem Fehler beendet: %%-2147017840 < End of report > |
![]() | #2 |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Faxcebook Virus hi,
__________________1. findest du nicht, die höflichkeit gebietet es mit ner einleitung anzufangen anstelle hier nen log reinzuknallen, übrigens fehlt otl.txt 2. kannst du mir, den link, den du über facebook erhalten hast, als private nachicht senden? 3. informiere den absender des links, der tut das sicher nicht mit absicht und er hat malware auf dem pc. er muss seine kontakte informieren, dass sie ebenfalls malware auf dem pc haben könnten, zumindest jeder, der das teil ausgeführt hatt, auch die müssen ihre kontakte informieren usw. alle können sich hier melden.
__________________ |
![]() |
Themen zu Faxcebook Virus |
64-bit, 7-zip, audacity, autorun, avira, browser, c:\windows\system32\rundll32.exe, converter, diner dash, downloader, error, excel, fehler, flash player, google, home, install.exe, logfile, microsoft office word, microsoft security, mozilla, mp3, office 2007, realtek, registry, rundll, scan, security, security update, server, shell32.dll, shortcut, software, studio, svchost.exe, tubebox, usb, usb 2.0, virus, windows, winload toolbar |