| |
| |||||||
Log-Analyse und Auswertung: Ukash Verschlüsselungstrojaner hier: logfilesWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.06.2012, 11:56
| #1 |
| |  Ukash Verschlüsselungstrojaner hier: logfiles Ich habe nun so einiges selbst beheben können, bin aber nicht fachmann genug um beurteilen zu können, ob es dass jetzt war. Daher sende ich die logfiles, jeweils nach Herkunft benannt mit der Bitte um Analyse und ggf. Hilfe beim weiteren Vorgehen. defogger_disable Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:07 on 02/06/2012 (Karsten Meiß)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 01.06.2012 21:07:47 - Run 1 OTL by OldTimer - Version 3.2.45.0 Folder = E:\ 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 69,42% Memory free 7,99 Gb Paging File | 6,53 Gb Available in Paging File | 81,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 218,14 Gb Total Space | 163,94 Gb Free Space | 75,15% Space Free | Partition Type: NTFS Drive E: | 3,73 Gb Total Space | 0,54 Gb Free Space | 14,36% Space Free | Partition Type: FAT32 Computer Name: ***** | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.01 20:59:38 | 000,595,968 | ---- | M] (OldTimer Tools) -- E:\OTL.exe PRC - [2012.05.25 15:21:44 | 000,992,648 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2012.05.25 15:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011.09.28 08:45:12 | 000,885,160 | ---- | M] () -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe PRC - [2011.09.28 08:45:10 | 002,656,680 | ---- | M] (Ashampoo Development GmbH & Co. KG) -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTuner.exe PRC - [2011.01.13 21:54:26 | 000,464,856 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe PRC - [2011.01.13 21:42:12 | 003,811,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe PRC - [2011.01.13 21:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE PRC - [2011.01.13 21:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE PRC - [2010.04.30 13:56:04 | 000,160,424 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe PRC - [2010.04.30 13:55:54 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe PRC - [2010.04.12 19:03:44 | 000,329,168 | ---- | M] () -- C:\Program Files (x86)\WTGService.exe PRC - [2009.10.15 10:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe PRC - [2009.06.25 03:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe PRC - [2009.06.24 23:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe PRC - [2009.06.09 16:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\AAVUpdateManager\aavus.exe ========== Modules (No Company Name) ========== MOD - [2012.05.14 13:57:38 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll MOD - [2012.05.12 12:39:17 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll MOD - [2012.05.12 12:37:58 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll MOD - [2012.05.12 12:37:18 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll MOD - [2012.05.12 12:36:59 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll MOD - [2012.05.12 12:36:52 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll MOD - [2012.05.12 12:36:22 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.05.12 12:36:08 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.12 12:35:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.12 12:35:56 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.12 12:35:35 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.01.13 21:42:02 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll MOD - [2011.01.13 21:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE MOD - [2011.01.13 21:37:50 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll MOD - [2011.01.13 21:37:26 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll MOD - [2011.01.13 21:37:24 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll MOD - [2011.01.13 21:37:20 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll MOD - [2011.01.13 21:37:18 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll MOD - [2011.01.13 21:37:14 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll MOD - [2011.01.13 21:37:04 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll MOD - [2011.01.13 21:36:50 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.10.15 10:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe MOD - [2009.07.14 19:58:15 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc) SRV:64bit: - [2009.07.17 03:06:00 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc) SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess) SRV:64bit: - [2009.07.02 20:16:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.05.25 15:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2012.05.09 10:52:53 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.05 19:46:04 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.09.28 08:45:12 | 000,885,160 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe -- (WO_LiveService) SRV - [2011.01.13 21:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService) SRV - [2011.01.02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) [Auto | Running] -- C:\Program Files (x86)\ShadowExplorer\sesvc.exe -- (sesvc) SRV - [2010.09.16 03:13:02 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2010.04.30 13:55:54 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service) SRV - [2010.04.12 19:03:44 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\WTGService.exe -- (WTGService) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2009.06.09 16:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2009.03.31 21:01:00 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AAVUpdateManager\aavus.exe -- (AAV UpdateService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.05.18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.23 22:28:41 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs) DRV:64bit: - [2009.09.29 08:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort) DRV:64bit: - [2009.09.29 08:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM) DRV:64bit: - [2009.09.29 08:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtbs64.sys -- (lgbusenum) DRV:64bit: - [2009.07.17 03:06:00 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.07.17 03:06:00 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl) DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs) DRV:64bit: - [2009.07.09 10:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.07.02 20:51:00 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.06.26 19:23:00 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.06.15 20:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 12:20:00 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.06.04 23:46:00 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.05.23 05:52:00 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2008.11.19 17:09:14 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem) DRV:64bit: - [2008.11.19 17:09:12 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag) DRV:64bit: - [2008.11.19 17:09:12 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus) DRV:64bit: - [2006.11.01 18:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2011.03.08 05:01:06 | 000,012,824 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerProcessMonitor64.sys -- (LiveTunerPM) DRV - [2010.11.18 02:34:58 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {CB001ED9-7309-4469-804D-E7E9D542D355} IE:64bit: - HKLM\..\SearchScopes\{CB001ED9-7309-4469-804D-E7E9D542D355}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Program Files (x86)\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0EDB8413-4BDE-4E2C-8B16-A08640E14B1C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1729895072-3162029508-1750085212-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKU\S-1-5-21-1729895072-3162029508-1750085212-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2481020 IE - HKU\S-1-5-21-1729895072-3162029508-1750085212-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found IE - HKU\S-1-5-21-1729895072-3162029508-1750085212-1000\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Program Files (x86)\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1729895072-3162029508-1750085212-1000\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKU\S-1-5-21-1729895072-3162029508-1750085212-1000\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\S-1-5-21-1729895072-3162029508-1750085212-1000\..\SearchScopes\{3A8133B4-C22D-4C00-AC2E-9A049C4F9617}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKU\S-1-5-21-1729895072-3162029508-1750085212-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020 IE - HKU\S-1-5-21-1729895072-3162029508-1750085212-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.09 10:52:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.26 14:43:08 | 000,000,000 | ---D | M] [2010.12.23 23:03:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2012.06.01 19:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\7kmtuaar.default\extensions [2012.06.01 19:12:21 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\7kmtuaar.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.03.21 22:23:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.03.03 17:34:03 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012.01.23 12:05:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2012.01.23 12:05:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.05.09 10:52:53 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.03 17:38:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.02.29 00:25:21 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.29 00:25:21 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.29 00:25:21 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.29 00:25:21 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.04.28 17:20:12 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml [2012.02.29 00:25:21 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.29 00:25:21 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Ashampoo DE Toolbar) - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Program Files (x86)\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Ashampoo DE Toolbar) - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Program Files (x86)\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1729895072-3162029508-1750085212-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-1729895072-3162029508-1750085212-1000\..\Toolbar\WebBrowser: (Ashampoo DE Toolbar) - {5786D022-540E-4699-B350-B4BE0AE94B79} - C:\Program Files (x86)\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [Ashampoo WinOptimizer Live-Tuner] C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTuner.exe (Ashampoo Development GmbH & Co. KG) O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1729895072-3162029508-1750085212-1000..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell) O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97FFD36C-2A0A-47EA-B591-AE1E9388F198}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF5BE809-3F51-43F8-9EFC-E8D668B1FAF4}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{54c34660-89f2-11e1-909c-f04da24e1863}\Shell - "" = AutoRun O33 - MountPoints2\{54c34660-89f2-11e1-909c-f04da24e1863}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe O33 - MountPoints2\{74fbf721-0ec9-11e0-afe2-f04da24e1863}\Shell - "" = AutoRun O33 - MountPoints2\{74fbf721-0ec9-11e0-afe2-f04da24e1863}\Shell\AutoRun\command - "" = E:\autorun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LGAutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.01 19:09:56 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\encrypted files [2012.06.01 18:23:48 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Rettungsversuch Anwender KM Gesamt [2012.06.01 18:23:38 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Rettungsversuche [2012.06.01 17:39:26 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\www.shadowexplorer.com [2012.06.01 17:35:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot [2012.06.01 17:35:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar [2012.06.01 17:35:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater [2012.06.01 17:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer [2012.06.01 17:35:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShadowExplorer [2012.06.01 15:32:37 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes [2012.06.01 15:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.01 15:32:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.05.31 19:25:58 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Fywyrpvnltq [2012.05.13 21:49:57 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\inkscape [2012.05.13 21:20:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Inkscape [2012.05.11 09:47:26 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012.05.11 09:47:23 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.05.11 09:47:19 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.05.11 09:47:19 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.05.09 14:59:25 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\MAGIX [2012.05.09 14:59:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX [2012.05.09 14:50:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo_DE [2012.05.09 14:50:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo [2012.05.09 14:50:03 | 000,034,304 | ---- | C] (mst software GmbH, Germany) -- C:\Windows\SysNative\DfSdkBt.exe [2012.05.09 14:49:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo [2012.05.09 10:52:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.05.09 10:52:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.05.05 20:07:22 | 000,000,000 | ---D | C] -- C:\Windows\TempA17A8F3A-4193-FF64-4025-DBCF0B1C7CD4-Signatures [2012.05.05 15:23:07 | 000,000,000 | ---D | C] -- C:\Users*****\AppData\Roaming\Windows Live Writer [2012.05.05 15:23:07 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Windows Live Writer [2012.05.05 15:23:07 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\My Weblog Posts [2010.12.23 22:28:42 | 001,015,859 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\mfc42.dll [2010.12.23 22:28:42 | 000,749,224 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files (x86)\XSManager_SMSMMS.exe [2010.12.23 22:28:42 | 000,667,304 | ---- | C] (TODO: <Company name>) -- C:\Program Files (x86)\WTGToasterWin.dll [2010.12.23 22:28:42 | 000,601,768 | ---- | C] (XSManager GmbH) -- C:\Program Files (x86)\4GSystems_SMSMMSIta.dll [2010.12.23 22:28:42 | 000,601,768 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files (x86)\4GSystems_SMSMMSSpa.dll [2010.12.23 22:28:42 | 000,601,768 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files (x86)\4GSystems_SMSMMSFre.dll [2010.12.23 22:28:42 | 000,601,768 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files (x86)\4GSystems_SMSMMSEng.dll [2010.12.23 22:28:42 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcp60.dll [2010.12.23 22:28:42 | 000,286,773 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcrt.dll [2010.12.23 22:28:42 | 000,057,344 | ---- | C] (WinAbility® Software Corporation) -- C:\Program Files (x86)\VistaLib32.dll [2010.12.23 22:28:41 | 001,949,352 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files (x86)\XSManager.exe [2010.12.23 22:28:41 | 001,265,320 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files (x86)\4GSystems_OneClickAssistantFre.dll [2010.12.23 22:28:41 | 001,265,320 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files (x86)\4GSystems_OneClickAssistantEng.dll [2010.12.23 22:28:41 | 001,261,224 | ---- | C] (XSManager) -- C:\Program Files (x86)\4GSystems_OneClickAssistantIta.dll [2010.12.23 22:28:41 | 001,261,224 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files (x86)\4GSystems_OneClickAssistantSpa.dll ========== Files - Modified Within 30 Days ========== [2012.06.01 20:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.01 17:45:56 | 001,507,564 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.01 17:45:56 | 000,657,938 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.01 17:45:56 | 000,619,184 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.01 17:45:56 | 000,131,296 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.01 17:45:56 | 000,107,504 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.01 17:45:20 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.01 17:45:20 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.01 17:37:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.01 17:37:45 | 3217,248,256 | -HS- | M] () -- C:\hiberfil.sys [2012.06.01 17:35:39 | 000,001,891 | ---- | M] () -- C:\Users\*****\Desktop\ShadowExplorer.lnk [2012.06.01 15:14:04 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2012.06.01 14:58:20 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2012.06.01 14:42:10 | 000,271,360 | ---- | M] () -- C:\Users\*****\Desktop\Outlook.pst [2012.05.30 16:29:34 | 000,068,608 | ---- | M] () -- C:\Users\*****\Documents\jsEsoluageujtAtoDuTOe [2012.05.16 22:34:57 | 000,002,743 | ---- | M] () -- C:\Users\*****\TgeTOsAtUAsaOsaOUAsd [2012.05.12 12:34:24 | 000,538,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.09 14:50:12 | 000,002,236 | ---- | M] () -- C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO8).lnk [2012.05.09 14:50:11 | 000,001,218 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo WinOptimizer 8.lnk [2012.05.06 13:25:55 | 000,002,113 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.05.05 19:46:04 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.05.05 19:46:04 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.05.05 19:45:20 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe ========== Files Created - No Company Name ========== [2012.06.01 17:35:39 | 000,001,891 | ---- | C] () -- C:\Users\*****\Desktop\ShadowExplorer.lnk [2012.06.01 14:42:04 | 000,271,360 | ---- | C] () -- C:\Users\*****\Desktop\Outlook.pst [2012.05.13 21:30:34 | 000,001,057 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk [2012.05.09 14:50:12 | 000,002,236 | ---- | C] () -- C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO8).lnk [2012.05.09 14:50:11 | 000,001,218 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo WinOptimizer 8.lnk [2012.04.19 17:19:00 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2012.04.19 17:19:00 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2011.09.12 15:48:19 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.06.28 16:37:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.05.09 14:15:27 | 001,534,560 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.12.23 22:28:42 | 004,129,044 | ---- | C] () -- C:\Program Files (x86)\webtogodb.wdb [2010.12.23 22:28:42 | 001,236,648 | ---- | C] () -- C:\Program Files (x86)\Setup.exe [2010.12.23 22:28:42 | 000,708,264 | ---- | C] () -- C:\Program Files (x86)\4GSystems_UpgraderSpa.dll [2010.12.23 22:28:42 | 000,708,264 | ---- | C] () -- C:\Program Files (x86)\4GSystems_UpgraderIta.dll [2010.12.23 22:28:42 | 000,708,264 | ---- | C] () -- C:\Program Files (x86)\4GSystems_UpgraderGer.dll [2010.12.23 22:28:42 | 000,708,264 | ---- | C] () -- C:\Program Files (x86)\4GSystems_UpgraderFre.dll [2010.12.23 22:28:42 | 000,708,264 | ---- | C] () -- C:\Program Files (x86)\4GSystems_UpgraderEng.dll [2010.12.23 22:28:42 | 000,601,768 | ---- | C] () -- C:\Program Files (x86)\4GSystems_SMSMMSGer.dll [2010.12.23 22:28:42 | 000,593,920 | ---- | C] () -- C:\Program Files (x86)\WTGXMLUtil.dll [2010.12.23 22:28:42 | 000,472,716 | ---- | C] () -- C:\Program Files (x86)\Help_eng.chm [2010.12.23 22:28:42 | 000,417,089 | ---- | C] () -- C:\Program Files (x86)\Help_ger.chm [2010.12.23 22:28:42 | 000,413,648 | ---- | C] () -- C:\Program Files (x86)\OSU.exe [2010.12.23 22:28:42 | 000,377,147 | ---- | C] () -- C:\Program Files (x86)\Help_ita.chm [2010.12.23 22:28:42 | 000,357,117 | ---- | C] () -- C:\Program Files (x86)\Help_fre.chm [2010.12.23 22:28:42 | 000,348,759 | ---- | C] () -- C:\Program Files (x86)\Help_spa.chm [2010.12.23 22:28:42 | 000,329,168 | ---- | C] () -- C:\Program Files (x86)\WTGService.exe [2010.12.23 22:28:42 | 000,243,152 | ---- | C] () -- C:\Program Files (x86)\WTGVistaUtil.exe [2010.12.23 22:28:42 | 000,118,436 | ---- | C] () -- C:\Program Files (x86)\WTGPhoneCaps.dat [2010.12.23 22:28:42 | 000,094,278 | ---- | C] () -- C:\Program Files (x86)\WtgZip.dll [2010.12.23 22:28:42 | 000,065,192 | ---- | C] () -- C:\Program Files (x86)\WTGMMSPCClient.dll [2010.12.23 22:28:42 | 000,030,160 | ---- | C] () -- C:\Program Files (x86)\InstallWTGService.exe [2010.12.23 22:28:42 | 000,024,584 | ---- | C] () -- C:\Program Files (x86)\WTGMMSProfiles.dat [2010.12.23 22:28:42 | 000,024,576 | ---- | C] () -- C:\Program Files (x86)\WTGDebugs.dll [2010.12.23 22:28:42 | 000,000,567 | ---- | C] () -- C:\Program Files (x86)\KD.xml [2010.12.23 22:28:42 | 000,000,518 | ---- | C] () -- C:\Program Files (x86)\mmsc.xml [2010.12.23 22:28:42 | 000,000,198 | ---- | C] () -- C:\Program Files (x86)\config.ini [2010.12.23 22:28:41 | 001,261,224 | ---- | C] () -- C:\Program Files (x86)\4GSystems_OneClickAssistantGer.dll [2010.12.23 22:28:41 | 001,175,208 | ---- | C] () -- C:\Program Files (x86)\Uninstaller.exe [2010.12.23 22:28:41 | 001,044,136 | ---- | C] () -- C:\Program Files (x86)\UninstallerSpa.dll [2010.12.23 22:28:41 | 001,044,136 | ---- | C] () -- C:\Program Files (x86)\UninstallerGer.dll [2010.12.23 22:28:41 | 001,044,136 | ---- | C] () -- C:\Program Files (x86)\UninstallerFre.dll [2010.12.23 22:28:41 | 000,958,120 | ---- | C] () -- C:\Program Files (x86)\UninstallerIta.dll [2010.12.23 22:28:41 | 000,376,832 | ---- | C] () -- C:\Program Files (x86)\WtgCore.dll [2010.12.23 22:28:41 | 000,204,800 | ---- | C] () -- C:\Program Files (x86)\WtgUtil.dll [2010.12.23 22:28:41 | 000,183,976 | ---- | C] () -- C:\Program Files (x86)\WTGSMSPCClient.dll [2010.12.23 22:28:41 | 000,139,264 | ---- | C] () -- C:\Program Files (x86)\WtgDetection.dll [2010.12.23 22:28:41 | 000,139,264 | ---- | C] () -- C:\Program Files (x86)\WtgBluetooth.dll [2010.12.23 22:28:41 | 000,110,592 | ---- | C] () -- C:\Program Files (x86)\WtgDatabase.dll [2010.12.23 22:28:41 | 000,086,016 | ---- | C] () -- C:\Program Files (x86)\WtgPorts.dll [2010.12.23 22:28:41 | 000,065,536 | ---- | C] () -- C:\Program Files (x86)\WtgDialup.dll [2010.12.23 22:28:41 | 000,045,056 | ---- | C] () -- C:\Program Files (x86)\WtgDriverInstall.dll [2010.12.23 22:28:41 | 000,024,576 | ---- | C] () -- C:\Program Files (x86)\WtgDriverInstallX.dll [2010.12.23 22:28:41 | 000,020,136 | ---- | C] () -- C:\Program Files (x86)\4GSystems_WTGSMSPCClientSpa.dll [2010.12.23 22:28:41 | 000,020,136 | ---- | C] () -- C:\Program Files (x86)\4GSystems_WTGSMSPCClientIta.dll [2010.12.23 22:28:41 | 000,020,136 | ---- | C] () -- C:\Program Files (x86)\4GSystems_WTGSMSPCClientGer.dll [2010.12.23 22:28:41 | 000,020,136 | ---- | C] () -- C:\Program Files (x86)\4GSystems_WTGSMSPCClientFre.dll [2010.12.23 22:28:41 | 000,020,136 | ---- | C] () -- C:\Program Files (x86)\4GSystems_WTGSMSPCClientEng.dll [2010.10.05 01:59:32 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\StarOpen.sys [2010.09.16 03:31:11 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin [2010.09.15 19:48:11 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2010.09.15 19:48:11 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2010.09.15 19:47:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2012.06.01 14:26:55 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Fywyrpvnltq [2012.05.18 05:04:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\gtk-2.0 [2011.10.27 15:58:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\hdbADS [2012.06.01 09:14:49 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\inkscape [2011.11.14 18:12:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\kompozer.net [2012.05.09 14:59:12 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MAGIX [2012.06.01 09:15:01 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\NetAssistant [2012.06.02 00:27:53 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Notepad++ [2011.06.01 14:13:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenOffice.org [2012.06.01 14:54:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PCDr [2011.11.15 13:17:20 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\pdfforge [2012.06.01 14:56:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PhraseExpress [2011.10.10 11:56:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Program Files (x86) [2011.06.14 19:48:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Simfy [2012.03.07 20:00:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SoftGrid Client [2011.08.19 16:49:01 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird [2011.05.09 14:16:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TP [2011.11.04 16:58:54 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Webocton - Scriptly [2012.05.05 15:23:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Windows Live Writer [2012.06.01 17:39:26 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\www.shadowexplorer.com [2012.06.01 14:58:20 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job [2012.04.16 08:12:12 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.06.01 15:14:04 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 01.06.2012 21:07:47 - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = E:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 69,42% Memory free
7,99 Gb Paging File | 6,53 Gb Available in Paging File | 81,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218,14 Gb Total Space | 163,94 Gb Free Space | 75,15% Space Free | Partition Type: NTFS
Drive E: | 3,73 Gb Total Space | 0,54 Gb Free Space | 14,36% Space Free | Partition Type: FAT32
Computer Name: ***** | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1729895072-3162029508-1750085212-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11F6BC88-23F0-4636-A039-4E9D227CD95A}" = lport=445 | protocol=6 | dir=in | app=system |
"{2B2FA33E-6876-4C8B-A26C-89972B2A830A}" = lport=137 | protocol=17 | dir=in | app=system |
"{4210C63F-DB59-41DF-9EC5-AEA027E8A22F}" = rport=139 | protocol=6 | dir=out | app=system |
"{52C7030A-2B83-4897-8436-2A8B5C8DBCEE}" = lport=138 | protocol=17 | dir=in | app=system |
"{539F4F07-DEA8-4676-B477-F07E164E2D10}" = lport=139 | protocol=6 | dir=in | app=system |
"{57E3047E-F8BF-43FF-965B-2B65406728B1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{59599BF7-89ED-4E14-96EB-32DAF6D25A4F}" = rport=137 | protocol=17 | dir=out | app=system |
"{7729FD56-B4D9-487A-9B7D-A8FEE0E39623}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9440B23C-5BC9-4529-8406-066BD323AFC9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{96DCFC7F-D1BD-447E-9FE7-BAD5CFACA383}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{96E5646E-FDDC-4254-9A52-CB948C568573}" = rport=138 | protocol=17 | dir=out | app=system |
"{C364ECBB-FA64-4474-A110-8054B201CA17}" = rport=445 | protocol=6 | dir=out | app=system |
"{D0CC052A-19C6-4052-B778-407B53B61D0B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DE9067F7-FA7E-4AF5-A3AC-AFC882CB2914}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6B7906D7-F398-4D31-B256-83974B60709B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7DD02B6E-35F7-4329-83FC-329AA7FFA66B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9C930194-CAD0-4C34-9D52-6242A00A844D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C0AF8497-5F39-4D3C-A02A-D54542B09F8F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{A97949D0-5629-4940-98DF-8965F1EDD956}C:\program files (x86)\phraseexpress\phraseexpress.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phraseexpress\phraseexpress.exe |
"TCP Query User{CAE96FAE-4523-4351-8EE4-BE36E4E35FEA}C:\program files (x86)\phraseexpress\phraseexpress.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phraseexpress\phraseexpress.exe |
"UDP Query User{566DD08F-7192-458F-9BD0-F815038700B3}C:\program files (x86)\phraseexpress\phraseexpress.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phraseexpress\phraseexpress.exe |
"UDP Query User{5A2D207D-91F6-44F2-84D0-78F510A62038}C:\program files (x86)\phraseexpress\phraseexpress.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phraseexpress\phraseexpress.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{E023B63C-D810-9C56-E788-7F222661B056}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Dell Support Center" = Dell Support Center
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"SynTPDeinstKey" = Dell Touchpad
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01A3EF62-9F54-9D7A-FAD9-A168834FE821}" = CCC Help Chinese Standard
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1595786E-2A45-E9B5-0A16-D53885B3AD78}" = CCC Help French
"{19442FC1-8AE8-F00D-7476-7D069FB405EB}" = ccc-core-static
"{1A5F270C-29D9-462D-BB26-A328847AA0B8}" = CCC Help Spanish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{4432FF45-32A1-5022-DC16-544819C09C88}" = CCC Help Dutch
"{49E6BC24-230D-21C3-86A3-297A80C08120}" = Catalyst Control Center Graphics Light
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{534B8370-6422-2663-E654-7BA122D3688E}" = CCC Help German
"{594123CC-D38F-C2FB-EA98-E1E27582F944}" = Catalyst Control Center Core Implementation
"{5B2C4D32-A7CD-44B0-8619-4ADBE301B2D3}" = pdfforge Toolbar v5.8
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C748AFD-31FC-D4B3-B9B7-08A97327A0E4}" = CCC Help Danish
"{6E502575-D6BE-9AAD-A5A6-EF3789CD1956}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{754B2DD9-B04C-F4D0-9217-7BBBA86BD281}" = Catalyst Control Center Graphics Full New
"{75ABAA4C-6651-7D41-EF2C-8057BD953406}" = Catalyst Control Center Graphics Previews Vista
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{869D6E79-DC73-C870-B221-7B79A9649FF2}" = CCC Help Norwegian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D37EF28-C603-41DE-843F-300C5EF8FD82}" = BILD-Steuer 2012
"{8E3631FA-E3AC-F855-5C20-0D148335D14A}" = CCC Help Portuguese
"{900BE0B9-D16F-0C3F-EA10-018788185EBF}" = CCC Help Korean
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95140000-004E-0407-0000-0000000FF1CE}" = Microsoft Outlook Connector für soziale Netzerker 32-Bit
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A29549FD-65F3-440C-A552-6B8114CF319D}" = Skype Toolbars
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{ACD841E0-9C05-9997-276C-C58382080460}" = CCC Help Chinese Traditional
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B883B0A4-2290-E45D-CA32-7FED797E00A3}" = CCC Help Italian
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C8BEC5F6-6C0B-049B-E76A-DFE41228AB6D}" = CCC Help Finnish
"{C99B97CA-D67B-4896-9A2E-01A62C17C0ED}" = MAGIX Web Designer 6 Silver
"{CCDB045A-F8BA-3493-E20D-FA16C6B2413A}" = Skins
"{D4A978E5-76EF-CEDB-BF7F-5B9357B38766}" = CCC Help Japanese
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0FB18D7-07E4-AB13-F349-6DD642460903}" = CCC Help Russian
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E49D937F-DD07-6A25-1C04-D7C7BC08EBBA}" = Catalyst Control Center InstallProxy
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E7E3A6B8-8E64-1AE6-D2D8-6D75B6AE7B96}" = Catalyst Control Center Graphics Full Existing
"{ECC9D2BE-5261-206D-C554-9AC1679CB460}" = CCC Help English
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2C7A130-9C68-41C4-A8E7-985DFFBD01DF}" = BILD-Steuer 2011
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9D03101-AE86-1C37-3667-73C49DC1C8B5}" = CCC Help Swedish
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE516630-D77A-5642-1F06-CE8D67D6B5D0}" = Catalyst Control Center Localization All
"Adobe AIR" = Adobe AIR
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Ashampoo WinOptimizer 8_is1" = Ashampoo WinOptimizer 8 v.8.13
"Ashampoo_DE Toolbar" = Ashampoo DE Toolbar
"CanonMyPrinter" = Canon My Printer
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"GoToAssist" = GoToAssist 8.0.0.514
"Inkscape" = Inkscape 0.48.2
"LG PC Suite IV" = LG PC Suite IV
"MAGIX_MSI_Web_Designer_6_Silver" = MAGIX Web Designer 6 Silver
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"PhraseExpress_is1" = PhraseExpress v8.0.149
"ShadowExplorer_is1" = ShadowExplorer 0.8
"Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.6
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"XING Connector" = XING Connector 1.2
"XSManager" = XSManager
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 01.06.2012 09:14:03 | Computer Name = ***** | Source = PC-Doctor | ID = 1
Description = (4376) Asapi: (15:14:03:2340)(4376) PCDString - Error -- 2046 UTF8Decode()
-- unmatched char at position 63; so skip.
Error - 01.06.2012 09:14:03 | Computer Name = ***** | Source = PC-Doctor | ID = 1
Description = (4376) Asapi: (15:14:03:2340)(4376) PCDString - Error -- 2046 UTF8Decode()
-- unmatched char at position 1; so skip.
Error - 01.06.2012 09:14:03 | Computer Name = ***** | Source = PC-Doctor | ID = 1
Description = (4376) Asapi: (15:14:03:2340)(4376) PCDString - Error -- 2046 UTF8Decode()
-- unmatched char at position 2; so skip.
Error - 01.06.2012 09:14:03 | Computer Name = ***** | Source = PC-Doctor | ID = 1
Description = (4376) Asapi: (15:14:03:2340)(4376) PCDString - Error -- 2046 UTF8Decode()
-- unmatched char at position 4; so skip.
Error - 01.06.2012 09:14:03 | Computer Name = ***** | Source = PC-Doctor | ID = 1
Description = (4376) Asapi: (15:14:03:2340)(4376) PCDString - Error -- 2046 UTF8Decode()
-- unmatched char at position 5; so skip.
Error - 01.06.2012 09:14:03 | Computer Name = ***** | Source = PC-Doctor | ID = 1
Description = (4376) Asapi: (15:14:03:2340)(4376) PCDString - Error -- 2046 UTF8Decode()
-- unmatched char at position 10; so skip.
Error - 01.06.2012 09:14:03 | Computer Name = ***** | Source = PC-Doctor | ID = 1
Description = (4376) Asapi: (15:14:03:2340)(4376) PCDString - Error -- 2046 UTF8Decode()
-- unmatched char at position 11; so skip.
Error - 01.06.2012 09:14:03 | Computer Name = ***** | Source = PC-Doctor | ID = 1
Description = (4376) Asapi: (15:14:03:2340)(4376) LicenseManager - Error -- 404
loadLicenseFile( ... ) -- Signature is Missing in This File: LicenseManager::decryptLicenseFile()
-- C:/Program Files/Dell Support Center/licenseClient.pcl2 Stack Trace: !!! Stack
Trace exceptions not supported in 64-bit. !!! (end stack trace) ***** NOTE *****:
Use stacktraceparser.exe to translate the instruction offsets into function names.
Error - 01.06.2012 09:14:03 | Computer Name = ***** | Source = PC-Doctor | ID = 1
Description = (4376) Asapi: (15:14:03:2340)(4376) CSPinvoke - Error -- 461 Exception
in C# layer (asapicsharp_wrap.cxx, line 40734; threadid = 4244): License authentication
result = FAIL; reasons = Stack Trace: !!! Stack Trace exceptions not supported in
64-bit. !!! (end stack trace) ***** NOTE *****: Use stacktraceparser.exe to translate
the instruction offsets into function names.
Error - 01.06.2012 15:02:56 | Computer Name = ***** | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.45.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f94 Startzeit:
01cd4028d51d15b4 Endzeit: 16 Anwendungspfad: E:\OTL.exe Berichts-ID: 5246d464-ac1c-11e1-b280-f04da24e1863
[ Dell Events ]
Error - 04.02.2012 13:15:22 | Computer Name = ***** | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 06.02.2012 10:45:46 | Computer Name = ***** | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 06.02.2012 10:45:46 | Computer Name = ***** | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 06.02.2012 10:47:17 | Computer Name = *****| Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 06.02.2012 10:47:18 | Computer Name = *****| Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 06.02.2012 10:49:32 | Computer Name = *****| Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 06.02.2012 10:49:32 | Computer Name = *****| Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 07.02.2012 04:35:17 | Computer Name = *****| Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 07.02.2012 04:35:17 | Computer Name = *****| Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 01.06.2012 03:44:47 | Computer Name = *****| Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
[ Media Center Events ]
Error - 12.09.2011 09:42:46 | Computer Name = *****| Source = MCUpdate | ID = 0
Description = 15:42:46 - Fehler beim Herstellen der Internetverbindung. 15:42:46
- Serververbindung konnte nicht hergestellt werden..
Error - 12.09.2011 09:42:55 | Computer Name = *****| Source = MCUpdate | ID = 0
Description = 15:42:51 - Fehler beim Herstellen der Internetverbindung. 15:42:51
- Serververbindung konnte nicht hergestellt werden..
Error - 28.03.2012 02:29:19 | Computer Name = *****| Source = MCUpdate | ID = 0
Description = 08:29:19 - Fehler beim Herstellen der Internetverbindung. 08:29:19
- Serververbindung konnte nicht hergestellt werden..
Error - 28.03.2012 02:29:30 | Computer Name = *****| Source = MCUpdate | ID = 0
Description = 08:29:24 - Fehler beim Herstellen der Internetverbindung. 08:29:24
- Serververbindung konnte nicht hergestellt werden..
Error - 28.03.2012 03:29:35 | Computer Name = *****| Source = MCUpdate | ID = 0
Description = 09:29:35 - Fehler beim Herstellen der Internetverbindung. 09:29:35
- Serververbindung konnte nicht hergestellt werden..
Error - 28.03.2012 03:29:42 | Computer Name = *****| Source = MCUpdate | ID = 0
Description = 09:29:40 - Fehler beim Herstellen der Internetverbindung. 09:29:40
- Serververbindung konnte nicht hergestellt werden..
Error - 28.03.2012 04:29:46 | Computer Name = *****| Source = MCUpdate | ID = 0
Description = 10:29:46 - Fehler beim Herstellen der Internetverbindung. 10:29:46
- Serververbindung konnte nicht hergestellt werden..
Error - 28.03.2012 04:29:53 | Computer Name = *****| Source = MCUpdate | ID = 0
Description = 10:29:51 - Fehler beim Herstellen der Internetverbindung. 10:29:51
- Serververbindung konnte nicht hergestellt werden..
Error - 28.03.2012 05:29:57 | Computer Name = *****| Source = MCUpdate | ID = 0
Description = 11:29:57 - Fehler beim Herstellen der Internetverbindung. 11:29:57
- Serververbindung konnte nicht hergestellt werden..
Error - 28.03.2012 05:30:04 | Computer Name = *****| Source = MCUpdate | ID = 0
Description = 11:30:02 - Fehler beim Herstellen der Internetverbindung. 11:30:02
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 01.06.2012 10:54:40 | Computer Name = *****| Source = DCOM | ID = 10005
Description =
Error - 01.06.2012 10:54:40 | Computer Name = *****| Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.06.2012 10:54:40 | Computer Name = *****| Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.06.2012 10:54:41 | Computer Name = *****| Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.06.2012 10:54:41 | Computer Name = *****| Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.06.2012 10:54:41 | Computer Name = *****| Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.06.2012 10:54:41 | Computer Name = *****| Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.06.2012 10:54:41 | Computer Name = *****| Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.06.2012 10:54:41 | Computer Name = *****| Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.06.2012 11:31:00 | Computer Name = *****| Source = DCOM | ID = 10010
Description =
< End of report >
malwarebytes logfile: Code:
ATTFilter alwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org
Datenbank Version: v2012.06.01.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
*** :: *** [Administrator]
Schutz: Aktiviert
01.06.2012 15:33:45
mbam-log-2012-06-01 (16-33-56).txt
Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 366083
Laufzeit: 59 Minute(n), 21 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 1
C:\Program Files (x86)\Registry Helper (Rogue.RegistryHelper) -> Keine Aktion durchgeführt.
Infizierte Dateien: 17
C:\Users\***\Downloads\DecryptHelper-0.5.3.exe (Trojan.FakeAlert) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\WtgPorts.dll (Spyware.OnlineGames) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\WTGXMLUtil.dll (Spyware.OnlineGames) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Registry Helper\background.jpg (Rogue.RegistryHelper) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Registry Helper\delete_invalid_entries_grey.jpg (Rogue.RegistryHelper) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Registry Helper\ErrorFound.wav (Rogue.RegistryHelper) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Registry Helper\header.gif (Rogue.RegistryHelper) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Registry Helper\help.chm (Rogue.RegistryHelper) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Registry Helper\letter.htm (Rogue.RegistryHelper) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Registry Helper\letter1.htm (Rogue.RegistryHelper) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Registry Helper\letter2.htm (Rogue.RegistryHelper) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Registry Helper\letter3.htm (Rogue.RegistryHelper) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Registry Helper\letter4.htm (Rogue.RegistryHelper) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Registry Helper\letter5.htm (Rogue.RegistryHelper) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Registry Helper\logo.jpg (Rogue.RegistryHelper) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Registry Helper\print_16.gif (Rogue.RegistryHelper) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Registry Helper\Registry Helper.url (Rogue.RegistryHelper) -> Keine Aktion durchgeführt.
(Ende)
|
|
03.06.2012, 07:58
| #2 | ||
| /// Helfer-Team    | Ukash Verschlüsselungstrojaner hier: logfiles Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
► Hast Du schon selber versucht Abhilfe zu schaffen bzw etwas entfernt, gelöscht? Daten versucht zu entschlüsseln? Zitat:
gruß kira
__________________ |
|
03.06.2012, 10:06
| #3 |
| | Ukash Verschlüsselungstrojaner hier: logfiles Hallo Kira,
__________________ich habe zunächst die Systemwiederherstellung durchgeführt. Danach habe ich 1. den Windows Defender laufen lassen 2. Malwarbytes installiert und scann lassen 3. die Microsoft Defender 10 Tage Version auf einen Stick geladen und durchgeführt Danach war das System augenscheinlich wieder in Ordnung. Kann ich aber nicht wirklich beurteilen, dazu habe ich zuwenig Kenntnisse. Daher habe ich die logfiles erstellt und hier gepostet, Es stellte sich heraus, dass viele meiner Dateien (office, Bilder, usw.) umbenannt waren und nun eine Buchstabenkombination aus augenscheinlich willkürlichen Groß- und Kleinbuchstaben als Dateinamen trugen. Öffnen konnte ich die Dateien nicht. Bilder wurden nicht erkannt und word-Dokumente hatten auch nur Hyroglyphen zum Inhalt. Ich habe dann mit dem Shadow-Explorer fast alles wieder hergestellt bekommen (sogar die .pst für Outlook). Die unbrauchbaren Dateien habe ich in einem gesonderten Ordner gesammelt. Die verseuchte Mail habe ich an Virus@trojaner-board geschickt (mit dem Anhang "Leistungen.zip") Nun hoffe ich, dass Du mir helfen kannst, das System wieder komplett zu bereinigen. Dazu schonmal meinen herzlichen Dank. Gruß RasKi |
|
03.06.2012, 10:24
| #4 | |
| /// Helfer-Team | Ukash Verschlüsselungstrojaner hier: logfiles 1. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
03.06.2012, 10:56
| #5 |
| | Ukash Verschlüsselungstrojaner hier: logfiles hallo Kira, hier ist die Liste der installierten Programme aus dem CCleaner: Code:
ATTFilter AAVUpdateManager Wolters Kluwer Deutschland GmbH 02.03.2012 32,1MB 18.00.0000
Adobe AIR Adobe Systems Incorporated 13.06.2011 2.7.0.19480
Adobe Flash Player 11 ActiveX 64-bit Adobe Systems Incorporated 04.05.2012 6,00MB 11.2.202.235
Adobe Flash Player 11 Plugin 64-bit Adobe Systems Incorporated 04.05.2012 6,00MB 11.2.202.235
Adobe Reader X (10.1.3) - Deutsch Adobe Systems Incorporated 25.04.2012 121,3MB 10.1.3
Advanced Audio FX Engine Creative Technology Ltd 15.09.2010 1.12.05
Ashampoo DE Toolbar Ashampoo DE 08.05.2012 6.8.9.0
Ashampoo WinOptimizer 8 v.8.13 Ashampoo GmbH & Co. KG 08.05.2012 72,7MB 8.1.3
ATI Catalyst Control Center 15.09.2010 2.009.0702.1238
BILD-Steuer 2011 Akademische Arbeitsgemeinschaft Verlag 19.04.2011 245MB 16.02
BILD-Steuer 2012 Wolters Kluwer Deutschland GmbH 06.03.2012 273MB 17.08
Canon My Printer 10.06.2011
CCleaner Piriform 22.05.2012 3.19
Cisco EAP-FAST Module Cisco Systems, Inc. 14.09.2010 1,55MB 2.2.14
Cisco LEAP Module Cisco Systems, Inc. 14.09.2010 0,63MB 1.0.19
Cisco PEAP Module Cisco Systems, Inc. 14.09.2010 1,24MB 1.1.6
Compatibility Pack for the 2007 Office system Microsoft Corporation 11.05.2012 121,8MB 12.0.6612.1000
Dell DataSafe Local Backup Dell 14.09.2010 9.4.51
Dell DataSafe Local Backup - Support Software Dell 14.09.2010 2.34
Dell Dock 15.09.2010
Dell Dock Stardock Corporation 15.09.2010
Dell Getting Started Guide Dell Inc. 14.09.2010 1.00.0000
Dell Support Center Dell Inc. 03.01.2011 3.0.5744.02
Dell Touchpad Synaptics Incorporated 15.09.2010 13.2.2.2
Dell Webcam Central Creative Technology Ltd 15.09.2010 1.40.05
Dell Wireless WLAN Card Utility Dell Inc. 15.09.2010 5.30.21.0
GIMP 2.6.11 The GIMP Team 03.11.2011 106,8MB 2.6.11
GoToAssist 8.0.0.514 15.09.2010
Inkscape 0.48.2 12.05.2012 0.48.2
Java(TM) 6 Update 20 (64-bit) Sun Microsystems, Inc. 14.09.2010 90,6MB 6.0.200
Java(TM) 6 Update 22 Oracle 12.06.2011 97,1MB 6.0.220
Java(TM) 6 Update 31 Oracle 02.03.2012 95,1MB 6.0.310
KompoZer 0.8b3 KompoZer 14.11.2011 21,8MB
LG Bluetooth Drivers LG Electronics 18.04.2012 0,69MB 1.1
LG PC Suite IV LG Electronics 18.04.2012 4.3.64.20120329
LG United Mobile Driver LG Electronics 18.04.2012 3.6.0.0
LG USB Modem Drivers LG Electronics 19.04.2012 1,06MB 4.9.4
Live! Cam Avatar Creator Creative Technology Ltd 14.09.2010 4.6.3009.1
MAGIX Web Designer 6 Silver MAGIX AG 08.05.2012 6.0.1.17005
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 04.01.2011 38,8MB 4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 04.01.2011 2,94MB 4.0.30319
Microsoft IntelliPoint 8.2 Microsoft Corporation 29.03.2012 8.20.468.0
Microsoft Office File Validation Add-In Microsoft Corporation 05.02.2012 7,95MB 14.0.5130.5003
Microsoft Office Live Add-in 1.5 Microsoft Corporation 18.04.2012 0,50MB 2.0.4024.1
Microsoft Office Professional Edition 2003 Microsoft Corporation 11.05.2012 1.450MB 11.0.8173.0
Microsoft Outlook Connector für soziale Netzerker 32-Bit Microsoft Corporation 21.04.2012 5,11MB 14.0.4763.1001
Microsoft Silverlight Microsoft Corporation 11.05.2012 128,6MB 4.1.10329.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 14.09.2010 1,72MB 3.1.0000
Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 14.09.2010 0,61MB 1.0.1215.0
Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 14.09.2010 1,45MB 1.0.1215.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 10.06.2011 0,25MB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.06.2011 0,29MB 8.0.58299
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 14.09.2010 0,69MB 8.0.61000
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Corporation 10.06.2011 0,21MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 14.09.2010 0,77MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 12.06.2011 0,77MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 16.06.2011 0,77MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 19.09.2011 0,24MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 18.04.2012 0,22MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 09.06.2011 0,58MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 22.06.2011 0,59MB 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 28.01.2012 15,0MB 10.0.40219
Mozilla Firefox 12.0 (x86 de) Mozilla 08.05.2012 38,9MB 12.0
Mozilla Maintenance Service Mozilla 08.05.2012 0,21MB 12.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 06.05.2012 1,33MB 4.20.9876.0
MSXML 4.0 SP2 Parser and SDK Microsoft Corporation 18.04.2012 1,23MB 4.20.9818.0
Notepad++ 03.11.2011 5.9.6
PDFCreator Frank Heindörfer, Philip Chinery 14.11.2011 1.2.3
pdfforge Toolbar v5.8 Spigot, Inc. 26.05.2012 13,3MB 5.8
PhraseExpress v8.0.149 Bartels Media 11.04.2012 9,26MB 8.0.149
PowerDVD DX CyberLink Corp. 14.09.2010 8.3.5424
Quickset64 Dell Inc. 14.09.2010 9.6.6
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 14.09.2010 6.0.1.5894
Roxio Burn Roxio 15.09.2010 36,1MB 1.01
ShadowExplorer 0.8 ShadowExplorer.com 01.06.2012 0.8.430.0
Skype Toolbars Skype Technologies S.A. 02.03.2011 7,10MB 5.2.4170
Skype™ 5.1 Skype Technologies S.A. 02.03.2011 22,7MB 5.1.112
Webocton - Scriptly 0.8.95.6 Webocton 03.11.2011 0.8.95.6
Windows Live Anmelde-Assistent Microsoft Corporation 14.09.2010 1,94MB 5.000.818.5
Windows Live Essentials Microsoft Corporation 15.09.2010 14.0.8089.0726
Windows Live Sync Microsoft Corporation 14.09.2010 2,79MB 14.0.8089.726
Windows Live-Uploadtool Microsoft Corporation 14.09.2010 0,22MB 14.0.8014.1029
Windows Media Player Firefox Plugin Microsoft Corp 02.03.2011 0,29MB 1.0.0.8
XING Connector 1.2 XING AG 18.04.2012 1.2
XSManager XSManager 22.12.2010 3.0
|
|
03.06.2012, 15:52
| #6 | ||
| /// Helfer-Team | Ukash Verschlüsselungstrojaner hier: logfiles Systemreinigung und Prüfung: 1. Deinstalliere unter Systemsteuerung-> Software/Programme : Code:
ATTFilter pdfforge Toolbar <- Adware Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte. Während des Installationsvorgangs die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert. In diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars Zitat:
Zitat:
Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {CB001ED9-7309-4469-804D-E7E9D542D355}
IE:64bit: - HKLM\..\SearchScopes\{CB001ED9-7309-4469-804D-E7E9D542D355}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Program Files (x86)\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0EDB8413-4BDE-4E2C-8B16-A08640E14B1C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1729895072-3162029508-1750085212-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKU\S-1-5-21-1729895072-3162029508-1750085212-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2481020
IE - HKU\S-1-5-21-1729895072-3162029508-1750085212-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKU\S-1-5-21-1729895072-3162029508-1750085212-1000\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Program Files (x86)\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1729895072-3162029508-1750085212-1000\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1729895072-3162029508-1750085212-1000\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-1729895072-3162029508-1750085212-1000\..\SearchScopes\{3A8133B4-C22D-4C00-AC2E-9A049C4F9617}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-1729895072-3162029508-1750085212-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020
IE - HKU\S-1-5-21-1729895072-3162029508-1750085212-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[2012.02.29 00:25:21 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.29 00:25:21 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.29 00:25:21 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.29 00:25:21 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.29 00:25:21 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1729895072-3162029508-1750085212-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{54c34660-89f2-11e1-909c-f04da24e1863}\Shell - "" = AutoRun
O33 - MountPoints2\{54c34660-89f2-11e1-909c-f04da24e1863}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O33 - MountPoints2\{74fbf721-0ec9-11e0-afe2-f04da24e1863}\Shell - "" = AutoRun
O33 - MountPoints2\{74fbf721-0ec9-11e0-afe2-f04da24e1863}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
:Files
C:\Users\*****\AppData\Roaming\Fywyrpvnltq
C:\Windows\tasks\SystemToolsDailyTest.job
C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
C:\Users\*****\Documents\jsEsoluageujtAtoDuTOe
C:\Users\*****\TgeTOsAtUAsaOsaOUAsd
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
3. Java aktualisieren- über Systemsteuerung-> Nach Update suchen... oder: Downloade nun die Offline-Version von Java "Empfohlen Version Java(TM) 7 Update 4 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen. 4. Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!): -> Tipps zu Internet Explorer -> Standard Suchmaschine des Explorers ändern -> Wie kann ich den Cache im Internet Explorer leeren? 5. reinige dein System mit CCleaner:
6.
7. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung 8. -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< 9. erneut einen Scan mit OTL:
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ --> Ukash Verschlüsselungstrojaner hier: logfiles |
|
| Themen zu Ukash Verschlüsselungstrojaner hier: logfiles |
| autorun, bho, bingbar, conduit, dateisystem, desktop, error, excel, fehler, firefox, flash player, format, helper, heuristiks/extra, heuristiks/shuriken, home, install.exe, logfile, microsoft security, mozilla, pdfforge toolbar, plug-in, realtek, rogue.registryhelper, rundll, scan, searchscopes, security, software, spyware.onlinegames, stick, svchost.exe, udp, usb, version=1.0, windows, wlan |
.
Linear-Darstellung
