| |
| |||||||
Log-Analyse und Auswertung: GVU Trojaner - Trojan.Ransom.RREWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
06.05.2013, 17:24
| #1 |
 |  GVU Trojaner - Trojan.Ransom.RRE Guten Abend, ich hoffe, ich finde hier Hilfe. Ich habe heute morgen den GVU Trojaner auf meinem Computer bemerkt (Windows 7 Prof). Ich habe den Rechner neugestartet, konnte aber nichts mehr bedienen (Sperrbildschirm). Ich habe mich daraufhin ein wenig belesen und eine Systemwiederherstellung durchgeführt. Ich konnte danach den Rechner wieder bedienen und habe einige Dinge durchgeführt: 1. Download von Malwarebytes Anti-Malware Durch den Scan wurde der Trojaner gefunden und entfernt. 2. Durchführung der hier genannten Anleitung vor Posten des Eintrages a. Download und Scan mit Defogger Defogger Log defogger_disable by jpshortstuff (23.02.10.1) Log created at 17:49 on 06/05/2013 (***) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... b. Download von OTL OTL Log OTL logfile created on: 06.05.2013 17:54:32 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,21 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 63,34% Memory free 6,43 Gb Paging File | 5,07 Gb Available in Paging File | 78,94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 230,70 Gb Total Space | 182,64 Gb Free Space | 79,17% Space Free | Partition Type: NTFS Drive D: | 2,00 Gb Total Space | 2,00 Gb Free Space | 99,96% Space Free | Partition Type: FAT32 Drive E: | 3,27 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 3,71 Gb Total Space | 2,76 Gb Free Space | 74,44% Space Free | Partition Type: FAT32 Drive G: | 298,09 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: NTFS Computer Name: LSLEGE2-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.06 17:52:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2013.05.06 14:25:13 | 000,706,776 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.08.18 13:18:47 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.07.30 15:02:22 | 000,640,480 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.08.31 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe PRC - [2009.08.31 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe PRC - [2009.08.31 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2008.09.23 15:59:40 | 000,016,656 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe PRC - [2008.09.23 15:59:34 | 000,030,480 | ---- | M] () -- C:\Windows\System32\nwtray.exe PRC - [2008.08.04 17:29:14 | 000,036,864 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\hppusg.exe PRC - [2008.08.01 10:47:20 | 000,053,248 | ---- | M] (HP) -- C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe PRC - [2008.01.24 20:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe PRC - [2008.01.24 20:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe PRC - [2007.10.25 15:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\Mctray.exe PRC - [2007.10.25 10:05:40 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\naPrdMgr.exe PRC - [2007.10.25 10:04:56 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\UdaterUI.exe PRC - [2007.10.25 10:03:28 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\FrameworkService.exe ========== Modules (No Company Name) ========== MOD - [2012.11.16 04:30:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1430191d067c0f28c3a676d3ecb85b26\System.Runtime.Remoting.ni.dll MOD - [2012.11.16 04:29:42 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\515c6ffea562bb0f03a1ed8f75279648\System.Windows.Forms.ni.dll MOD - [2012.11.16 04:29:42 | 000,310,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\c1bff5f46cf9ec5186685b6621fef5b5\System.Runtime.Serialization.Formatters.Soap.ni.d ll MOD - [2012.11.16 04:29:36 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7c4b80bd20da54e7664c29457c38793e\System.Deployment.ni.dll MOD - [2012.11.16 04:29:36 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f4be07261983040b29685575b69085e8\System.Drawing.ni.dll MOD - [2012.11.16 04:29:22 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2d47118e5da6db054d5676e665f2be2\System.Xml.ni.dll MOD - [2012.11.16 04:29:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2f44dac350b6161a9e9ce7222ae94335\System.Configuration.ni.dll MOD - [2012.11.16 04:29:19 | 007,973,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c8ebcd93a2b547dc72dee2fcfabcdd50\System.ni.dll MOD - [2012.11.16 04:29:13 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5530227809880c9b8b1d834e5434e840\mscorlib.ni.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009.12.17 12:58:20 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\Interop.hpqusg.dll MOD - [2009.07.14 10:49:33 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll MOD - [2009.07.14 10:49:28 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.02.27 17:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.deu MOD - [2008.09.23 16:02:52 | 000,238,864 | ---- | M] () -- C:\Windows\System32\nwshlxnt.dll MOD - [2008.09.23 16:02:50 | 000,902,416 | ---- | M] () -- C:\Windows\System32\ncnetprovider.dll MOD - [2008.09.23 16:02:48 | 000,165,136 | ---- | M] () -- C:\Windows\System32\mapbase.dll MOD - [2008.09.23 16:01:08 | 000,115,984 | ---- | M] () -- C:\Windows\System32\nls\deutsch\nwshlxntr.dll MOD - [2008.09.23 16:01:06 | 000,505,104 | ---- | M] () -- C:\Windows\System32\nls\deutsch\ncnetproviderr.dll MOD - [2008.09.23 16:01:04 | 000,022,800 | ---- | M] () -- C:\Windows\System32\nls\deutsch\nclangidr.dll MOD - [2008.09.23 16:01:02 | 000,099,600 | ---- | M] () -- C:\Windows\System32\nls\deutsch\mapbaser.dll MOD - [2008.09.23 16:00:48 | 000,111,888 | ---- | M] () -- C:\Windows\System32\nclangid.dll MOD - [2008.09.23 15:59:34 | 000,030,480 | ---- | M] () -- C:\Windows\System32\nwtray.exe MOD - [2008.08.04 17:29:14 | 000,036,864 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\hppusg.exe MOD - [2008.08.04 17:29:12 | 000,114,688 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\HPToolkit.dll MOD - [2008.08.04 17:29:12 | 000,057,344 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\HPUsageTracking.dll MOD - [2008.08.04 17:29:12 | 000,040,960 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\Enumeration.dll MOD - [2008.08.04 17:28:54 | 000,069,632 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\HPTools.dll MOD - [2008.08.04 17:28:52 | 000,016,384 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\HPStreamsInterface.dll MOD - [2008.08.01 10:47:02 | 000,102,400 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPFaxUtilities.dll MOD - [2008.08.01 10:47:00 | 000,552,960 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\Alerts.dll MOD - [2008.08.01 10:46:36 | 000,593,920 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPAppTools.dll MOD - [2008.08.01 10:46:30 | 000,126,976 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPToolkit.dll MOD - [2008.08.01 10:46:30 | 000,069,632 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\AppConstants.dll MOD - [2008.08.01 10:46:30 | 000,040,960 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\Enumeration.dll MOD - [2008.08.01 10:46:26 | 000,069,632 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPTools.dll MOD - [2008.07.31 15:37:06 | 000,086,016 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\nativeutils.dll MOD - [2007.04.18 19:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\ccme_base.dll MOD - [2007.04.18 19:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll ========== Services (SafeList) ========== SRV - [2013.05.06 15:25:21 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2010.02.18 16:50:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2009.11.12 12:26:02 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.08.31 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp) SRV - [2009.08.31 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2008.09.23 15:59:40 | 000,016,656 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe -- (XTSvcMgr) SRV - [2008.01.24 20:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield) SRV - [2008.01.24 20:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager) ========== Driver Services (SafeList) ========== DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.05.10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2009.11.06 02:35:22 | 000,214,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) DRV - [2009.08.31 20:07:00 | 000,343,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009.08.31 20:07:00 | 000,091,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2009.08.31 20:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2009.08.31 20:07:00 | 000,065,448 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet) DRV - [2009.08.31 20:07:00 | 000,063,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik) DRV - [2009.08.31 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2008.09.23 15:59:18 | 000,043,024 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\xtxplat.sys -- (xtxplat) DRV - [2008.09.23 15:59:16 | 000,028,688 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nsvccost.sys -- (nsvccost) DRV - [2008.09.23 15:59:14 | 000,026,640 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nscm.sys -- (nscm) DRV - [2008.09.23 15:59:14 | 000,021,008 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nsns.sys -- (nsns) DRV - [2008.09.23 15:59:12 | 000,043,536 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nipctl.sys -- (nipctl) DRV - [2008.09.23 15:59:12 | 000,027,152 | ---- | M] (Novell, Inc.) [Kernel | System | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys -- (NICM) DRV - [2008.09.23 15:59:10 | 000,030,736 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\niam.sys -- (niam) DRV - [2008.09.23 15:59:08 | 000,065,552 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\ndmndap.sys -- (ndmndap) DRV - [2008.09.23 15:59:06 | 000,040,464 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\ncpl.sys -- (ncpl) DRV - [2008.09.23 15:59:06 | 000,017,936 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\ndm.sys -- (ndm) DRV - [2008.09.23 15:59:04 | 000,063,504 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\ncp.sys -- (ncp) DRV - [2008.09.23 15:59:02 | 000,060,432 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files\Novell\Client\XTier\Drivers\nciom.sys -- (nciom) DRV - [2008.09.23 15:59:02 | 000,052,752 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys -- (NCIOCTL) DRV - [2008.09.23 15:59:00 | 000,081,424 | ---- | M] () [File_System | Auto | Running] -- C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys -- (NCFSD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3F A7 DC D3 08 EE CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100474&mntrId=4e0c4741000000000000002564907a16 IE - HKCU\..\SearchScopes\{7F8361C3-88E5-4B3A-A422-0938E5E3A4A1}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.13 13:28:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.06 13:51:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.13 13:28:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.11.23 19:22:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2010.05.25 15:28:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.14 17:50:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.12.07 14:18:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.04.12 12:21:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.23 09:39:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.11.23 19:22:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2009.08.31 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll [2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.11.03 11:19:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.26 18:19:34 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2010.11.03 11:19:34 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.11.03 11:19:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.11.03 11:19:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.11.03 11:19:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.12.17 12:52:57 | 000,000,870 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 141.53.182.44 rsf044ii.rsf.uni-greifswald.de O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [HPPQVideo] "C:\Program Files\HP\ScheduledLaunch\HP Color LaserJet CM2320 MFP Series\bin\hppschlnch.exe" -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CM2320_MFP_Series -f PQOptimizerVideo.xml -o remindLater File not found O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe () O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [NWTRAY] C:\Windows\System32\nwtray.exe () O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.53.9.10 141.53.9.11 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24947E0D-6033-4826-A2FD-BA9093F46478}: DhcpNameServer = 141.53.9.10 141.53.9.11 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B899880-3884-42DA-BEC9-E6FDE6F76208}: DhcpNameServer = 193.189.244.225 193.189.244.206 O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Authentication Packages - (ncv1_0) - C:\Windows\System32\ncv1_0.dll () O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.06 17:52:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.05.06 14:20:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.05.06 14:20:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.06 14:20:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.06 14:20:19 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.05.06 14:20:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.05.06 14:19:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs [2013.04.30 15:38:36 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Bookcopy [2013.04.29 11:45:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\01003.127 [2013.04.24 11:25:55 | 000,000,000 | ---D | C] -- C:\Users\***\Miete [2013.04.23 12:41:02 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Bewerbungen [2013.04.11 17:27:05 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\VK_2013 [1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] [1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.06 17:52:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.05.06 17:50:06 | 000,014,960 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.06 17:50:06 | 000,014,960 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.06 17:49:53 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.05.06 17:47:47 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013.05.06 17:47:30 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.06 17:47:30 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.06 17:47:30 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.06 17:47:30 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.06 17:41:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.06 17:41:10 | 2588,626,944 | -HS- | M] () -- C:\hiberfil.sys [2013.05.06 17:25:18 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.06 14:20:28 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.25 18:42:22 | 001,367,479 | ---- | M] () -- C:\Users\***\Desktop\sb-akademiker-erfolgreich-bewerben.pdf [2013.04.23 13:02:05 | 000,525,038 | ---- | M] () -- C:\Users\***\Desktop\Bewerbung_A***.pdf [2013.04.22 11:38:19 | 000,055,985 | ---- | M] () -- C:\Users\***\Desktop\Zeugnis_Tatsachenfeststellung.pdf [2013.04.22 11:37:45 | 000,061,257 | ---- | M] () -- C:\Users\***\Desktop\Examenszeugnis.pdf [1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] [1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.06 17:49:53 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.05.06 17:47:47 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013.05.06 14:20:28 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.25 18:42:22 | 001,367,479 | ---- | C] () -- C:\Users\***\Desktop\sb-akademiker-erfolgreich-bewerben.pdf [2013.04.23 12:32:28 | 000,525,038 | ---- | C] () -- C:\Users\***\Desktop\Bewerbung_A***.pdf [2013.04.22 11:38:19 | 000,055,985 | ---- | C] () -- C:\Users\***\Desktop\Zeugnis_Tatsachenfeststellung.pdf [2013.04.22 11:37:45 | 000,061,257 | ---- | C] () -- C:\Users\***\Desktop\Examenszeugnis.pdf [2013.04.03 15:15:30 | 000,000,707 | ---- | C] () -- C:\Users\***\AppData\Roaming\rost.dat ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.05.06 13:23:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\01003.127 [2011.10.26 18:19:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon [2013.04.03 15:13:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ckoock [2012.03.29 13:25:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular [2013.02.06 13:09:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EndNote [2011.04.28 13:32:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2011.06.06 12:38:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SharePod [2013.04.08 10:16:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UsAgt [2013.05.06 11:58:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xmldm ========== Purity Check ========== < End of report > EXTRA Log OTL Extras logfile created on: 06.05.2013 17:54:32 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,21 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 63,34% Memory free 6,43 Gb Paging File | 5,07 Gb Available in Paging File | 78,94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 230,70 Gb Total Space | 182,64 Gb Free Space | 79,17% Space Free | Partition Type: NTFS Drive D: | 2,00 Gb Total Space | 2,00 Gb Free Space | 99,96% Space Free | Partition Type: FAT32 Drive E: | 3,27 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 3,71 Gb Total Space | 2,76 Gb Free Space | 74,44% Space Free | Partition Type: FAT32 Drive G: | 298,09 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: NTFS Computer Name: LSLEGE2-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{475F6D83-CF9F-4245-862A-29A2BE312F08}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6555C995-305B-4AB8-9102-64508C788022}" = lport=139 | protocol=6 | dir=in | app=system | "{6BA5CD5E-65F7-46B7-971F-6089FB031499}" = rport=137 | protocol=17 | dir=out | app=system | "{95FE7A46-DE9A-4286-A123-A431893440C4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{A3EF1640-F0DB-4AD4-ABEB-01FBE825E59E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AC221DB3-F1A7-4FE3-BDEC-A16D773212A9}" = rport=445 | protocol=6 | dir=out | app=system | "{B1DE330D-8EED-43D8-B14E-EF7E2FC4FD17}" = rport=138 | protocol=17 | dir=out | app=system | "{B414C980-CA31-4D26-8811-E4DB59EED2BE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{D85871B0-62C2-4403-88D6-E7B6479BF898}" = rport=139 | protocol=6 | dir=out | app=system | "{DF71AE42-8335-4F80-B29A-289BABB17E4C}" = lport=445 | protocol=6 | dir=in | app=system | "{EC1900B0-A841-40E4-B370-C585E644170B}" = lport=138 | protocol=17 | dir=in | app=system | "{F6616389-0088-4330-BD07-1FA60D439E6B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{F6759356-43CB-4FE0-BA0B-3535B2A37255}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{262ADE6A-B3FB-4C65-8D0E-605EA921AA0E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{31EE19EF-32B2-4862-9C96-7D47933D7C69}" = protocol=17 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe | "{332A0CC4-24B4-4012-92BD-4025A0D9651A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4E3D2543-C171-4D54-A619-D2365EE2FD38}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{521CAFE8-D106-447A-AC36-50B74A5F93F5}" = protocol=6 | dir=in | app=c:\program files\hp\hp color laserjet cm2320 mfp series\hppfsu_cm2320.exe | "{79517750-7949-4F5C-B843-CF489F9AB8B6}" = protocol=17 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe | "{7A43BD41-43C5-4E1B-ADCB-849A39980804}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{85621F8A-1A6E-46E6-9675-7EF37D66FC03}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{8C76BCFA-7BF0-4131-BCAF-5A5600649D67}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{A867C004-08D4-4C7B-BBEF-E567336B5107}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{AB474B27-01F0-4DD1-BFBC-9C3C002036FB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{AE3F1BE9-A4C3-4E90-B85D-F5045C388B0A}" = protocol=6 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe | "{B43AA7D1-99F1-4228-BC9E-A918E931BB8B}" = protocol=17 | dir=in | app=c:\program files\hp\hp color laserjet cm2320 mfp series\hppfsu_cm2320.exe | "{C9DB9048-2BC9-4D0C-B085-9E037FB6EFF5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E32EE9E5-1FE3-403C-92DB-0AF056DA3C19}" = protocol=6 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe | "{FCCF7550-F6B7-478C-9F53-92209670D7D7}" = dir=in | app=c:\program files\itunes\itunes.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0D6C1983-843A-4CED-80DB-5EE02918CF6B}" = hppFaxDrvCM2320 "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes "{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService "{1FCAF6B3-F655-4331-847C-17B697BC49E9}" = hppScanToCM2320 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29 "{2B6B6623-0E69-44FD-916A-A5B25137446E}" = hppusgCM2320 "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{362678B4-6ED5-46E9-A6B2-53EF22159151}" = McAfee Agent "{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery "{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp "{621CBEC1-B754-4422-9BD8-068F249D296B}" = hppTLBXFXCM2320 "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0 "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan "{86B3F2D6-AC2B-4E88-8AE1-F2F77F781B0C}" = EndNote X3 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel "{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F2D7562-6163-48AB-B15A-331C7A9DB17C}" = hppscanCM2320 "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection "{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch "{AC76BA86-1033-F400-7760-000000000004}_952" = Adobe Acrobat 9.5.2 - CPSID_83708 "{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch "{B2FA3A0F-43AE-4ACF-99C7-E4DAFF7A4210}" = hpzTLBXFX "{B4E66C9F-BE69-4626-A9AD-D2B81CE45F49}" = hppFaxUtilityCM2320 "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari "{CBB54FBD-6A76-43BD-B3CC-1B620BC03146}" = hppSendFaxCM2320 "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg "{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr "{D17FDF00-50F0-4B78-923F-707D2055D29E}" = hppManualsCM2320 "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch "{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support "{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1 "{D7EC8A27-CDA2-46AE-8A26-4104A04FA5BE}" = 32 Bit HP CIO Components Installer "{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component "{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud "{DB682507-DE7E-4053-BA5D-6DC7EC865DDF}" = hppCLJCM2320 "{ECF3E482-9188-4e29-9C31-E02FD8DC74C0}" = HP Color LaserJet CM2320 MFP Series 2.0 "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FF841249-0D6B-41D7-8013-953EE3A33263}" = hppQFolderCM2320 "{FFF0D10D-3CBC-4428-945B-EE0FF500EABF}" = hppPQVideoCM2320 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "CCleaner" = CCleaner "ElsterFormular 13.1.1.8531p" = ElsterFormular "ElsterFormular für Privatanwender 12.2.1.6570p" = ElsterFormular-Update "HDMI" = Intel(R) Graphics Media Accelerator Driver "HP Document Manager" = HP Document Manager 1.0 "HP Imaging Device Functions" = HP Imaging Device Functions 10.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0 "HPExtendedCapabilities" = HP Customer Participation Program 10.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "MozBackup" = MozBackup 1.4.10-beta1 "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7) "Novell Client for Windows" = Novell Client for Windows "PROPLUS" = Microsoft Office Professional Plus 2007 "ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper "TVWiz" = Intel(R) TV Wizard ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 10.10.2012 07:23:41 | Computer Name = lslege2-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5492 Error - 10.10.2012 07:23:42 | Computer Name = lslege2-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 10.10.2012 07:23:42 | Computer Name = lslege2-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6490 Error - 10.10.2012 07:23:42 | Computer Name = lslege2-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6490 Error - 10.10.2012 07:23:43 | Computer Name = lslege2-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 10.10.2012 07:23:43 | Computer Name = lslege2-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 7488 Error - 10.10.2012 07:23:43 | Computer Name = lslege2-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 7488 Error - 10.10.2012 07:23:44 | Computer Name = lslege2-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 10.10.2012 07:23:44 | Computer Name = lslege2-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 8487 Error - 10.10.2012 07:23:44 | Computer Name = lslege2-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 8487 [ OSession Events ] Error - 26.04.2010 13:14:30 | Computer Name = lslege2-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9369 seconds with 2160 seconds of active time. This session ended with a crash. Error - 02.11.2010 13:09:36 | Computer Name = lslege2-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12696 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 06.05.2013 08:12:22 | Computer Name = lslege2-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 06.05.2013 08:12:22 | Computer Name = lslege2-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 06.05.2013 08:12:22 | Computer Name = lslege2-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 06.05.2013 08:14:03 | Computer Name = lslege2-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "IP-Hilfsdienst" wurde mit folgendem Fehler beendet: %%126 Error - 06.05.2013 08:15:54 | Computer Name = lslege2-PC | Source = Service Control Manager | ID = 7022 Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht richtig gestartet. Error - 06.05.2013 08:20:46 | Computer Name = lslege2-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "MBAMSwissArmy" wurde aufgrund folgenden Fehlers nicht gestartet: %%32 Error - 06.05.2013 08:21:36 | Computer Name = lslege2-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "MBAMSwissArmy" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 06.05.2013 11:41:27 | Computer Name = lslege2-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet: %%14 Error - 06.05.2013 11:41:31 | Computer Name = lslege2-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "IP-Hilfsdienst" wurde mit folgendem Fehler beendet: %%126 Error - 06.05.2013 11:43:01 | Computer Name = lslege2-PC | Source = Service Control Manager | ID = 7022 Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht richtig gestartet. < End of report > 3. Download und Scan mit Gmer Gmer Log GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-05-06 19:03:45 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD2500AAJS-75M0A0 rev.02.03E02 232,83GB Running: gmer_2.1.19163.exe; Driver: C:\Users\***E~1\AppData\Local\Temp\fxdiafow.sys ---- Threads - GMER 2.1 ---- Thread System [4:4640] AE138F2E ---- EOF - GMER 2.1 ---- Was kann ich jetzt noch tun? Vielen Dank für Eure Hilfe! Viele Grüße KittyD |
| Themen zu GVU Trojaner - Trojan.Ransom.RRE |
| 32 bit, adobe, adobe flash player, autorun, bho, bonjour, computer, defender, download, error, explorer, firefox, flash player, format, helper, hängen, install.exe, ip-hilfsdienst, logfile, plug-in, programme, registry, rundll, scan, security, software, svchost.exe, trojaner, windows |
Baum-Darstellung