| |
| |||||||
Log-Analyse und Auswertung: Ukash Verschlüsselungstrojaner hier: logfilesWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.06.2012, 11:56
| #1 |
| |  Ukash Verschlüsselungstrojaner hier: logfiles Ich habe nun so einiges selbst beheben können, bin aber nicht fachmann genug um beurteilen zu können, ob es dass jetzt war. Daher sende ich die logfiles, jeweils nach Herkunft benannt mit der Bitte um Analyse und ggf. Hilfe beim weiteren Vorgehen. defogger_disable Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:07 on 02/06/2012 (Karsten Meiß)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 01.06.2012 21:07:47 - Run 1 OTL by OldTimer - Version 3.2.45.0 Folder = E:\ 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 69,42% Memory free 7,99 Gb Paging File | 6,53 Gb Available in Paging File | 81,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 218,14 Gb Total Space | 163,94 Gb Free Space | 75,15% Space Free | Partition Type: NTFS Drive E: | 3,73 Gb Total Space | 0,54 Gb Free Space | 14,36% Space Free | Partition Type: FAT32 Computer Name: ***** | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.01 20:59:38 | 000,595,968 | ---- | M] (OldTimer Tools) -- E:\OTL.exe PRC - [2012.05.25 15:21:44 | 000,992,648 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2012.05.25 15:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011.09.28 08:45:12 | 000,885,160 | ---- | M] () -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe PRC - [2011.09.28 08:45:10 | 002,656,680 | ---- | M] (Ashampoo Development GmbH & Co. KG) -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTuner.exe PRC - [2011.01.13 21:54:26 | 000,464,856 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe PRC - [2011.01.13 21:42:12 | 003,811,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe PRC - [2011.01.13 21:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE PRC - [2011.01.13 21:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE PRC - [2010.04.30 13:56:04 | 000,160,424 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe PRC - [2010.04.30 13:55:54 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe PRC - [2010.04.12 19:03:44 | 000,329,168 | ---- | M] () -- C:\Program Files (x86)\WTGService.exe PRC - [2009.10.15 10:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe PRC - [2009.06.25 03:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe PRC - [2009.06.24 23:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe PRC - [2009.06.09 16:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\AAVUpdateManager\aavus.exe ========== Modules (No Company Name) ========== MOD - [2012.05.14 13:57:38 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll MOD - [2012.05.12 12:39:17 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll MOD - [2012.05.12 12:37:58 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll MOD - [2012.05.12 12:37:18 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll MOD - [2012.05.12 12:36:59 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll MOD - [2012.05.12 12:36:52 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll MOD - [2012.05.12 12:36:22 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.05.12 12:36:08 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.12 12:35:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.12 12:35:56 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.12 12:35:35 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.01.13 21:42:02 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll MOD - [2011.01.13 21:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE MOD - [2011.01.13 21:37:50 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll MOD - [2011.01.13 21:37:26 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll MOD - [2011.01.13 21:37:24 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll MOD - [2011.01.13 21:37:20 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll MOD - [2011.01.13 21:37:18 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll MOD - [2011.01.13 21:37:14 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll MOD - [2011.01.13 21:37:04 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll MOD - [2011.01.13 21:36:50 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.10.15 10:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe MOD - [2009.07.14 19:58:15 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc) SRV:64bit: - [2009.07.17 03:06:00 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc) SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess) SRV:64bit: - [2009.07.02 20:16:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.05.25 15:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2012.05.09 10:52:53 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.05 19:46:04 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.09.28 08:45:12 | 000,885,160 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe -- (WO_LiveService) SRV - [2011.01.13 21:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService) SRV - [2011.01.02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) [Auto | Running] -- C:\Program Files (x86)\ShadowExplorer\sesvc.exe -- (sesvc) SRV - [2010.09.16 03:13:02 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2010.04.30 13:55:54 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service) SRV - [2010.04.12 19:03:44 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\WTGService.exe -- (WTGService) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2009.06.09 16:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2009.03.31 21:01:00 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AAVUpdateManager\aavus.exe -- (AAV UpdateService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.05.18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.23 22:28:41 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs) DRV:64bit: - [2009.09.29 08:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort) DRV:64bit: - [2009.09.29 08:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM) DRV:64bit: - [2009.09.29 08:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtbs64.sys -- (lgbusenum) DRV:64bit: - [2009.07.17 03:06:00 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.07.17 03:06:00 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl) DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs) DRV:64bit: - [2009.07.09 10:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.07.02 20:51:00 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.06.26 19:23:00 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.06.15 20:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 12:20:00 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.06.04 23:46:00 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.05.23 05:52:00 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2008.11.19 17:09:14 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem) DRV:64bit: - [2008.11.19 17:09:12 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag) DRV:64bit: - [2008.11.19 17:09:12 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus) DRV:64bit: - [2006.11.01 18:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2011.03.08 05:01:06 | 000,012,824 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerProcessMonitor64.sys -- (LiveTunerPM) DRV - [2010.11.18 02:34:58 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {CB001ED9-7309-4469-804D-E7E9D542D355} IE:64bit: - HKLM\..\SearchScopes\{CB001ED9-7309-4469-804D-E7E9D542D355}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Program Files (x86)\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0EDB8413-4BDE-4E2C-8B16-A08640E14B1C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1729895072-3162029508-1750085212-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKU\S-1-5-21-1729895072-3162029508-1750085212-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2481020 IE - HKU\S-1-5-21-1729895072-3162029508-1750085212-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found IE - HKU\S-1-5-21-1729895072-3162029508-1750085212-1000\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Program Files (x86)\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1729895072-3162029508-1750085212-1000\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKU\S-1-5-21-1729895072-3162029508-1750085212-1000\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\S-1-5-21-1729895072-3162029508-1750085212-1000\..\SearchScopes\{3A8133B4-C22D-4C00-AC2E-9A049C4F9617}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKU\S-1-5-21-1729895072-3162029508-1750085212-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020 IE - HKU\S-1-5-21-1729895072-3162029508-1750085212-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.09 10:52:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.26 14:43:08 | 000,000,000 | ---D | M] [2010.12.23 23:03:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2012.06.01 19:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\7kmtuaar.default\extensions [2012.06.01 19:12:21 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\7kmtuaar.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.03.21 22:23:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.03.03 17:34:03 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012.01.23 12:05:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2012.01.23 12:05:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.05.09 10:52:53 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.03 17:38:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.02.29 00:25:21 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.29 00:25:21 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.29 00:25:21 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.29 00:25:21 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.04.28 17:20:12 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml [2012.02.29 00:25:21 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.29 00:25:21 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Ashampoo DE Toolbar) - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Program Files (x86)\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Ashampoo DE Toolbar) - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Program Files (x86)\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1729895072-3162029508-1750085212-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-1729895072-3162029508-1750085212-1000\..\Toolbar\WebBrowser: (Ashampoo DE Toolbar) - {5786D022-540E-4699-B350-B4BE0AE94B79} - C:\Program Files (x86)\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [Ashampoo WinOptimizer Live-Tuner] C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTuner.exe (Ashampoo Development GmbH & Co. KG) O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1729895072-3162029508-1750085212-1000..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell) O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97FFD36C-2A0A-47EA-B591-AE1E9388F198}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF5BE809-3F51-43F8-9EFC-E8D668B1FAF4}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{54c34660-89f2-11e1-909c-f04da24e1863}\Shell - "" = AutoRun O33 - MountPoints2\{54c34660-89f2-11e1-909c-f04da24e1863}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe O33 - MountPoints2\{74fbf721-0ec9-11e0-afe2-f04da24e1863}\Shell - "" = AutoRun O33 - MountPoints2\{74fbf721-0ec9-11e0-afe2-f04da24e1863}\Shell\AutoRun\command - "" = E:\autorun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LGAutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.01 19:09:56 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\encrypted files [2012.06.01 18:23:48 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Rettungsversuch Anwender KM Gesamt [2012.06.01 18:23:38 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Rettungsversuche [2012.06.01 17:39:26 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\www.shadowexplorer.com [2012.06.01 17:35:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot [2012.06.01 17:35:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar [2012.06.01 17:35:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater [2012.06.01 17:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer [2012.06.01 17:35:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShadowExplorer [2012.06.01 15:32:37 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes [2012.06.01 15:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.01 15:32:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.05.31 19:25:58 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Fywyrpvnltq [2012.05.13 21:49:57 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\inkscape [2012.05.13 21:20:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Inkscape [2012.05.11 09:47:26 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012.05.11 09:47:23 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.05.11 09:47:19 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.05.11 09:47:19 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.05.09 14:59:25 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\MAGIX [2012.05.09 14:59:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX [2012.05.09 14:50:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo_DE [2012.05.09 14:50:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo [2012.05.09 14:50:03 | 000,034,304 | ---- | C] (mst software GmbH, Germany) -- C:\Windows\SysNative\DfSdkBt.exe [2012.05.09 14:49:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo [2012.05.09 10:52:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.05.09 10:52:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.05.05 20:07:22 | 000,000,000 | ---D | C] -- C:\Windows\TempA17A8F3A-4193-FF64-4025-DBCF0B1C7CD4-Signatures [2012.05.05 15:23:07 | 000,000,000 | ---D | C] -- C:\Users*****\AppData\Roaming\Windows Live Writer [2012.05.05 15:23:07 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Windows Live Writer [2012.05.05 15:23:07 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\My Weblog Posts [2010.12.23 22:28:42 | 001,015,859 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\mfc42.dll [2010.12.23 22:28:42 | 000,749,224 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files (x86)\XSManager_SMSMMS.exe [2010.12.23 22:28:42 | 000,667,304 | ---- | C] (TODO: <Company name>) -- C:\Program Files (x86)\WTGToasterWin.dll [2010.12.23 22:28:42 | 000,601,768 | ---- | C] (XSManager GmbH) -- C:\Program Files (x86)\4GSystems_SMSMMSIta.dll [2010.12.23 22:28:42 | 000,601,768 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files (x86)\4GSystems_SMSMMSSpa.dll [2010.12.23 22:28:42 | 000,601,768 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files (x86)\4GSystems_SMSMMSFre.dll [2010.12.23 22:28:42 | 000,601,768 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files (x86)\4GSystems_SMSMMSEng.dll [2010.12.23 22:28:42 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcp60.dll [2010.12.23 22:28:42 | 000,286,773 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcrt.dll [2010.12.23 22:28:42 | 000,057,344 | ---- | C] (WinAbility® Software Corporation) -- C:\Program Files (x86)\VistaLib32.dll [2010.12.23 22:28:41 | 001,949,352 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files (x86)\XSManager.exe [2010.12.23 22:28:41 | 001,265,320 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files (x86)\4GSystems_OneClickAssistantFre.dll [2010.12.23 22:28:41 | 001,265,320 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files (x86)\4GSystems_OneClickAssistantEng.dll [2010.12.23 22:28:41 | 001,261,224 | ---- | C] (XSManager) -- C:\Program Files (x86)\4GSystems_OneClickAssistantIta.dll [2010.12.23 22:28:41 | 001,261,224 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files (x86)\4GSystems_OneClickAssistantSpa.dll ========== Files - Modified Within 30 Days ========== [2012.06.01 20:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.01 17:45:56 | 001,507,564 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.01 17:45:56 | 000,657,938 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.01 17:45:56 | 000,619,184 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.01 17:45:56 | 000,131,296 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.01 17:45:56 | 000,107,504 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.01 17:45:20 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.01 17:45:20 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.01 17:37:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.01 17:37:45 | 3217,248,256 | -HS- | M] () -- C:\hiberfil.sys [2012.06.01 17:35:39 | 000,001,891 | ---- | M] () -- C:\Users\*****\Desktop\ShadowExplorer.lnk [2012.06.01 15:14:04 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2012.06.01 14:58:20 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2012.06.01 14:42:10 | 000,271,360 | ---- | M] () -- C:\Users\*****\Desktop\Outlook.pst [2012.05.30 16:29:34 | 000,068,608 | ---- | M] () -- C:\Users\*****\Documents\jsEsoluageujtAtoDuTOe [2012.05.16 22:34:57 | 000,002,743 | ---- | M] () -- C:\Users\*****\TgeTOsAtUAsaOsaOUAsd [2012.05.12 12:34:24 | 000,538,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.09 14:50:12 | 000,002,236 | ---- | M] () -- C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO8).lnk [2012.05.09 14:50:11 | 000,001,218 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo WinOptimizer 8.lnk [2012.05.06 13:25:55 | 000,002,113 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.05.05 19:46:04 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.05.05 19:46:04 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.05.05 19:45:20 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe ========== Files Created - No Company Name ========== [2012.06.01 17:35:39 | 000,001,891 | ---- | C] () -- C:\Users\*****\Desktop\ShadowExplorer.lnk [2012.06.01 14:42:04 | 000,271,360 | ---- | C] () -- C:\Users\*****\Desktop\Outlook.pst [2012.05.13 21:30:34 | 000,001,057 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk [2012.05.09 14:50:12 | 000,002,236 | ---- | C] () -- C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO8).lnk [2012.05.09 14:50:11 | 000,001,218 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo WinOptimizer 8.lnk [2012.04.19 17:19:00 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2012.04.19 17:19:00 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2011.09.12 15:48:19 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.06.28 16:37:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.05.09 14:15:27 | 001,534,560 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.12.23 22:28:42 | 004,129,044 | ---- | C] () -- C:\Program Files (x86)\webtogodb.wdb [2010.12.23 22:28:42 | 001,236,648 | ---- | C] () -- C:\Program Files (x86)\Setup.exe [2010.12.23 22:28:42 | 000,708,264 | ---- | C] () -- C:\Program Files (x86)\4GSystems_UpgraderSpa.dll [2010.12.23 22:28:42 | 000,708,264 | ---- | C] () -- C:\Program Files (x86)\4GSystems_UpgraderIta.dll [2010.12.23 22:28:42 | 000,708,264 | ---- | C] () -- C:\Program Files (x86)\4GSystems_UpgraderGer.dll [2010.12.23 22:28:42 | 000,708,264 | ---- | C] () -- C:\Program Files (x86)\4GSystems_UpgraderFre.dll [2010.12.23 22:28:42 | 000,708,264 | ---- | C] () -- C:\Program Files (x86)\4GSystems_UpgraderEng.dll [2010.12.23 22:28:42 | 000,601,768 | ---- | C] () -- C:\Program Files (x86)\4GSystems_SMSMMSGer.dll [2010.12.23 22:28:42 | 000,593,920 | ---- | C] () -- C:\Program Files (x86)\WTGXMLUtil.dll [2010.12.23 22:28:42 | 000,472,716 | ---- | C] () -- C:\Program Files (x86)\Help_eng.chm [2010.12.23 22:28:42 | 000,417,089 | ---- | C] () -- C:\Program Files (x86)\Help_ger.chm [2010.12.23 22:28:42 | 000,413,648 | ---- | C] () -- C:\Program Files (x86)\OSU.exe [2010.12.23 22:28:42 | 000,377,147 | ---- | C] () -- C:\Program Files (x86)\Help_ita.chm [2010.12.23 22:28:42 | 000,357,117 | ---- | C] () -- C:\Program Files (x86)\Help_fre.chm [2010.12.23 22:28:42 | 000,348,759 | ---- | C] () -- C:\Program Files (x86)\Help_spa.chm [2010.12.23 22:28:42 | 000,329,168 | ---- | C] () -- C:\Program Files (x86)\WTGService.exe [2010.12.23 22:28:42 | 000,243,152 | ---- | C] () -- C:\Program Files (x86)\WTGVistaUtil.exe [2010.12.23 22:28:42 | 000,118,436 | ---- | C] () -- C:\Program Files (x86)\WTGPhoneCaps.dat [2010.12.23 22:28:42 | 000,094,278 | ---- | C] () -- C:\Program Files (x86)\WtgZip.dll [2010.12.23 22:28:42 | 000,065,192 | ---- | C] () -- C:\Program Files (x86)\WTGMMSPCClient.dll [2010.12.23 22:28:42 | 000,030,160 | ---- | C] () -- C:\Program Files (x86)\InstallWTGService.exe [2010.12.23 22:28:42 | 000,024,584 | ---- | C] () -- C:\Program Files (x86)\WTGMMSProfiles.dat [2010.12.23 22:28:42 | 000,024,576 | ---- | C] () -- C:\Program Files (x86)\WTGDebugs.dll [2010.12.23 22:28:42 | 000,000,567 | ---- | C] () -- C:\Program Files (x86)\KD.xml [2010.12.23 22:28:42 | 000,000,518 | ---- | C] () -- C:\Program Files (x86)\mmsc.xml [2010.12.23 22:28:42 | 000,000,198 | ---- | C] () -- C:\Program Files (x86)\config.ini [2010.12.23 22:28:41 | 001,261,224 | ---- | C] () -- C:\Program Files (x86)\4GSystems_OneClickAssistantGer.dll [2010.12.23 22:28:41 | 001,175,208 | ---- | C] () -- C:\Program Files (x86)\Uninstaller.exe [2010.12.23 22:28:41 | 001,044,136 | ---- | C] () -- C:\Program Files (x86)\UninstallerSpa.dll [2010.12.23 22:28:41 | 001,044,136 | ---- | C] () -- C:\Program Files (x86)\UninstallerGer.dll [2010.12.23 22:28:41 | 001,044,136 | ---- | C] () -- C:\Program Files (x86)\UninstallerFre.dll [2010.12.23 22:28:41 | 000,958,120 | ---- | C] () -- C:\Program Files (x86)\UninstallerIta.dll [2010.12.23 22:28:41 | 000,376,832 | ---- | C] () -- C:\Program Files (x86)\WtgCore.dll [2010.12.23 22:28:41 | 000,204,800 | ---- | C] () -- C:\Program Files (x86)\WtgUtil.dll [2010.12.23 22:28:41 | 000,183,976 | ---- | C] () -- C:\Program Files (x86)\WTGSMSPCClient.dll [2010.12.23 22:28:41 | 000,139,264 | ---- | C] () -- C:\Program Files (x86)\WtgDetection.dll [2010.12.23 22:28:41 | 000,139,264 | ---- | C] () -- C:\Program Files (x86)\WtgBluetooth.dll [2010.12.23 22:28:41 | 000,110,592 | ---- | C] () -- C:\Program Files (x86)\WtgDatabase.dll [2010.12.23 22:28:41 | 000,086,016 | ---- | C] () -- C:\Program Files (x86)\WtgPorts.dll [2010.12.23 22:28:41 | 000,065,536 | ---- | C] () -- C:\Program Files (x86)\WtgDialup.dll [2010.12.23 22:28:41 | 000,045,056 | ---- | C] () -- C:\Program Files (x86)\WtgDriverInstall.dll [2010.12.23 22:28:41 | 000,024,576 | ---- | C] () -- C:\Program Files (x86)\WtgDriverInstallX.dll [2010.12.23 22:28:41 | 000,020,136 | ---- | C] () -- C:\Program Files (x86)\4GSystems_WTGSMSPCClientSpa.dll [2010.12.23 22:28:41 | 000,020,136 | ---- | C] () -- C:\Program Files (x86)\4GSystems_WTGSMSPCClientIta.dll [2010.12.23 22:28:41 | 000,020,136 | ---- | C] () -- C:\Program Files (x86)\4GSystems_WTGSMSPCClientGer.dll [2010.12.23 22:28:41 | 000,020,136 | ---- | C] () -- C:\Program Files (x86)\4GSystems_WTGSMSPCClientFre.dll [2010.12.23 22:28:41 | 000,020,136 | ---- | C] () -- C:\Program Files (x86)\4GSystems_WTGSMSPCClientEng.dll [2010.10.05 01:59:32 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\StarOpen.sys [2010.09.16 03:31:11 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin [2010.09.15 19:48:11 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2010.09.15 19:48:11 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2010.09.15 19:47:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2012.06.01 14:26:55 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Fywyrpvnltq [2012.05.18 05:04:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\gtk-2.0 [2011.10.27 15:58:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\hdbADS [2012.06.01 09:14:49 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\inkscape [2011.11.14 18:12:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\kompozer.net [2012.05.09 14:59:12 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MAGIX [2012.06.01 09:15:01 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\NetAssistant [2012.06.02 00:27:53 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Notepad++ [2011.06.01 14:13:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenOffice.org [2012.06.01 14:54:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PCDr [2011.11.15 13:17:20 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\pdfforge [2012.06.01 14:56:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PhraseExpress [2011.10.10 11:56:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Program Files (x86) [2011.06.14 19:48:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Simfy [2012.03.07 20:00:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SoftGrid Client [2011.08.19 16:49:01 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird [2011.05.09 14:16:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TP [2011.11.04 16:58:54 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Webocton - Scriptly [2012.05.05 15:23:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Windows Live Writer [2012.06.01 17:39:26 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\www.shadowexplorer.com [2012.06.01 14:58:20 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job [2012.04.16 08:12:12 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.06.01 15:14:04 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 01.06.2012 21:07:47 - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = E:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 69,42% Memory free
7,99 Gb Paging File | 6,53 Gb Available in Paging File | 81,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218,14 Gb Total Space | 163,94 Gb Free Space | 75,15% Space Free | Partition Type: NTFS
Drive E: | 3,73 Gb Total Space | 0,54 Gb Free Space | 14,36% Space Free | Partition Type: FAT32
Computer Name: ***** | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1729895072-3162029508-1750085212-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11F6BC88-23F0-4636-A039-4E9D227CD95A}" = lport=445 | protocol=6 | dir=in | app=system |
"{2B2FA33E-6876-4C8B-A26C-89972B2A830A}" = lport=137 | protocol=17 | dir=in | app=system |
"{4210C63F-DB59-41DF-9EC5-AEA027E8A22F}" = rport=139 | protocol=6 | dir=out | app=system |
"{52C7030A-2B83-4897-8436-2A8B5C8DBCEE}" = lport=138 | protocol=17 | dir=in | app=system |
"{539F4F07-DEA8-4676-B477-F07E164E2D10}" = lport=139 | protocol=6 | dir=in | app=system |
"{57E3047E-F8BF-43FF-965B-2B65406728B1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{59599BF7-89ED-4E14-96EB-32DAF6D25A4F}" = rport=137 | protocol=17 | dir=out | app=system |
"{7729FD56-B4D9-487A-9B7D-A8FEE0E39623}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9440B23C-5BC9-4529-8406-066BD323AFC9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{96DCFC7F-D1BD-447E-9FE7-BAD5CFACA383}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{96E5646E-FDDC-4254-9A52-CB948C568573}" = rport=138 | protocol=17 | dir=out | app=system |
"{C364ECBB-FA64-4474-A110-8054B201CA17}" = rport=445 | protocol=6 | dir=out | app=system |
"{D0CC052A-19C6-4052-B778-407B53B61D0B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DE9067F7-FA7E-4AF5-A3AC-AFC882CB2914}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6B7906D7-F398-4D31-B256-83974B60709B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7DD02B6E-35F7-4329-83FC-329AA7FFA66B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9C930194-CAD0-4C34-9D52-6242A00A844D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C0AF8497-5F39-4D3C-A02A-D54542B09F8F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{A97949D0-5629-4940-98DF-8965F1EDD956}C:\program files (x86)\phraseexpress\phraseexpress.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phraseexpress\phraseexpress.exe |
"TCP Query User{CAE96FAE-4523-4351-8EE4-BE36E4E35FEA}C:\program files (x86)\phraseexpress\phraseexpress.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phraseexpress\phraseexpress.exe |
"UDP Query User{566DD08F-7192-458F-9BD0-F815038700B3}C:\program files (x86)\phraseexpress\phraseexpress.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phraseexpress\phraseexpress.exe |
"UDP Query User{5A2D207D-91F6-44F2-84D0-78F510A62038}C:\program files (x86)\phraseexpress\phraseexpress.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phraseexpress\phraseexpress.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{E023B63C-D810-9C56-E788-7F222661B056}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Dell Support Center" = Dell Support Center
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"SynTPDeinstKey" = Dell Touchpad
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01A3EF62-9F54-9D7A-FAD9-A168834FE821}" = CCC Help Chinese Standard
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1595786E-2A45-E9B5-0A16-D53885B3AD78}" = CCC Help French
"{19442FC1-8AE8-F00D-7476-7D069FB405EB}" = ccc-core-static
"{1A5F270C-29D9-462D-BB26-A328847AA0B8}" = CCC Help Spanish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{4432FF45-32A1-5022-DC16-544819C09C88}" = CCC Help Dutch
"{49E6BC24-230D-21C3-86A3-297A80C08120}" = Catalyst Control Center Graphics Light
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{534B8370-6422-2663-E654-7BA122D3688E}" = CCC Help German
"{594123CC-D38F-C2FB-EA98-E1E27582F944}" = Catalyst Control Center Core Implementation
"{5B2C4D32-A7CD-44B0-8619-4ADBE301B2D3}" = pdfforge Toolbar v5.8
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C748AFD-31FC-D4B3-B9B7-08A97327A0E4}" = CCC Help Danish
"{6E502575-D6BE-9AAD-A5A6-EF3789CD1956}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{754B2DD9-B04C-F4D0-9217-7BBBA86BD281}" = Catalyst Control Center Graphics Full New
"{75ABAA4C-6651-7D41-EF2C-8057BD953406}" = Catalyst Control Center Graphics Previews Vista
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{869D6E79-DC73-C870-B221-7B79A9649FF2}" = CCC Help Norwegian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D37EF28-C603-41DE-843F-300C5EF8FD82}" = BILD-Steuer 2012
"{8E3631FA-E3AC-F855-5C20-0D148335D14A}" = CCC Help Portuguese
"{900BE0B9-D16F-0C3F-EA10-018788185EBF}" = CCC Help Korean
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95140000-004E-0407-0000-0000000FF1CE}" = Microsoft Outlook Connector für soziale Netzerker 32-Bit
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A29549FD-65F3-440C-A552-6B8114CF319D}" = Skype Toolbars
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{ACD841E0-9C05-9997-276C-C58382080460}" = CCC Help Chinese Traditional
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B883B0A4-2290-E45D-CA32-7FED797E00A3}" = CCC Help Italian
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C8BEC5F6-6C0B-049B-E76A-DFE41228AB6D}" = CCC Help Finnish
"{C99B97CA-D67B-4896-9A2E-01A62C17C0ED}" = MAGIX Web Designer 6 Silver
"{CCDB045A-F8BA-3493-E20D-FA16C6B2413A}" = Skins
"{D4A978E5-76EF-CEDB-BF7F-5B9357B38766}" = CCC Help Japanese
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0FB18D7-07E4-AB13-F349-6DD642460903}" = CCC Help Russian
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E49D937F-DD07-6A25-1C04-D7C7BC08EBBA}" = Catalyst Control Center InstallProxy
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E7E3A6B8-8E64-1AE6-D2D8-6D75B6AE7B96}" = Catalyst Control Center Graphics Full Existing
"{ECC9D2BE-5261-206D-C554-9AC1679CB460}" = CCC Help English
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2C7A130-9C68-41C4-A8E7-985DFFBD01DF}" = BILD-Steuer 2011
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9D03101-AE86-1C37-3667-73C49DC1C8B5}" = CCC Help Swedish
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE516630-D77A-5642-1F06-CE8D67D6B5D0}" = Catalyst Control Center Localization All
"Adobe AIR" = Adobe AIR
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Ashampoo WinOptimizer 8_is1" = Ashampoo WinOptimizer 8 v.8.13
"Ashampoo_DE Toolbar" = Ashampoo DE Toolbar
"CanonMyPrinter" = Canon My Printer
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"GoToAssist" = GoToAssist 8.0.0.514
"Inkscape" = Inkscape 0.48.2
"LG PC Suite IV" = LG PC Suite IV
"MAGIX_MSI_Web_Designer_6_Silver" = MAGIX Web Designer 6 Silver
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"PhraseExpress_is1" = PhraseExpress v8.0.149
"ShadowExplorer_is1" = ShadowExplorer 0.8
"Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.6
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"XING Connector" = XING Connector 1.2
"XSManager" = XSManager
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 01.06.2012 09:14:03 | Computer Name = ***** | Source = PC-Doctor | ID = 1
Description = (4376) Asapi: (15:14:03:2340)(4376) PCDString - Error -- 2046 UTF8Decode()
-- unmatched char at position 63; so skip.
Error - 01.06.2012 09:14:03 | Computer Name = ***** | Source = PC-Doctor | ID = 1
Description = (4376) Asapi: (15:14:03:2340)(4376) PCDString - Error -- 2046 UTF8Decode()
-- unmatched char at position 1; so skip.
Error - 01.06.2012 09:14:03 | Computer Name = ***** | Source = PC-Doctor | ID = 1
Description = (4376) Asapi: (15:14:03:2340)(4376) PCDString - Error -- 2046 UTF8Decode()
-- unmatched char at position 2; so skip.
Error - 01.06.2012 09:14:03 | Computer Name = ***** | Source = PC-Doctor | ID = 1
Description = (4376) Asapi: (15:14:03:2340)(4376) PCDString - Error -- 2046 UTF8Decode()
-- unmatched char at position 4; so skip.
Error - 01.06.2012 09:14:03 | Computer Name = ***** | Source = PC-Doctor | ID = 1
Description = (4376) Asapi: (15:14:03:2340)(4376) PCDString - Error -- 2046 UTF8Decode()
-- unmatched char at position 5; so skip.
Error - 01.06.2012 09:14:03 | Computer Name = ***** | Source = PC-Doctor | ID = 1
Description = (4376) Asapi: (15:14:03:2340)(4376) PCDString - Error -- 2046 UTF8Decode()
-- unmatched char at position 10; so skip.
Error - 01.06.2012 09:14:03 | Computer Name = ***** | Source = PC-Doctor | ID = 1
Description = (4376) Asapi: (15:14:03:2340)(4376) PCDString - Error -- 2046 UTF8Decode()
-- unmatched char at position 11; so skip.
Error - 01.06.2012 09:14:03 | Computer Name = ***** | Source = PC-Doctor | ID = 1
Description = (4376) Asapi: (15:14:03:2340)(4376) LicenseManager - Error -- 404
loadLicenseFile( ... ) -- Signature is Missing in This File: LicenseManager::decryptLicenseFile()
-- C:/Program Files/Dell Support Center/licenseClient.pcl2 Stack Trace: !!! Stack
Trace exceptions not supported in 64-bit. !!! (end stack trace) ***** NOTE *****:
Use stacktraceparser.exe to translate the instruction offsets into function names.
Error - 01.06.2012 09:14:03 | Computer Name = ***** | Source = PC-Doctor | ID = 1
Description = (4376) Asapi: (15:14:03:2340)(4376) CSPinvoke - Error -- 461 Exception
in C# layer (asapicsharp_wrap.cxx, line 40734; threadid = 4244): License authentication
result = FAIL; reasons = Stack Trace: !!! Stack Trace exceptions not supported in
64-bit. !!! (end stack trace) ***** NOTE *****: Use stacktraceparser.exe to translate
the instruction offsets into function names.
Error - 01.06.2012 15:02:56 | Computer Name = ***** | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.45.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f94 Startzeit:
01cd4028d51d15b4 Endzeit: 16 Anwendungspfad: E:\OTL.exe Berichts-ID: 5246d464-ac1c-11e1-b280-f04da24e1863
[ Dell Events ]
Error - 04.02.2012 13:15:22 | Computer Name = ***** | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 06.02.2012 10:45:46 | Computer Name = ***** | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 06.02.2012 10:45:46 | Computer Name = ***** | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 06.02.2012 10:47:17 | Computer Name = *****| Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 06.02.2012 10:47:18 | Computer Name = *****| Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 06.02.2012 10:49:32 | Computer Name = *****| Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 06.02.2012 10:49:32 | Computer Name = *****| Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 07.02.2012 04:35:17 | Computer Name = *****| Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 07.02.2012 04:35:17 | Computer Name = *****| Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 01.06.2012 03:44:47 | Computer Name = *****| Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
[ Media Center Events ]
Error - 12.09.2011 09:42:46 | Computer Name = *****| Source = MCUpdate | ID = 0
Description = 15:42:46 - Fehler beim Herstellen der Internetverbindung. 15:42:46
- Serververbindung konnte nicht hergestellt werden..
Error - 12.09.2011 09:42:55 | Computer Name = *****| Source = MCUpdate | ID = 0
Description = 15:42:51 - Fehler beim Herstellen der Internetverbindung. 15:42:51
- Serververbindung konnte nicht hergestellt werden..
Error - 28.03.2012 02:29:19 | Computer Name = *****| Source = MCUpdate | ID = 0
Description = 08:29:19 - Fehler beim Herstellen der Internetverbindung. 08:29:19
- Serververbindung konnte nicht hergestellt werden..
Error - 28.03.2012 02:29:30 | Computer Name = *****| Source = MCUpdate | ID = 0
Description = 08:29:24 - Fehler beim Herstellen der Internetverbindung. 08:29:24
- Serververbindung konnte nicht hergestellt werden..
Error - 28.03.2012 03:29:35 | Computer Name = *****| Source = MCUpdate | ID = 0
Description = 09:29:35 - Fehler beim Herstellen der Internetverbindung. 09:29:35
- Serververbindung konnte nicht hergestellt werden..
Error - 28.03.2012 03:29:42 | Computer Name = *****| Source = MCUpdate | ID = 0
Description = 09:29:40 - Fehler beim Herstellen der Internetverbindung. 09:29:40
- Serververbindung konnte nicht hergestellt werden..
Error - 28.03.2012 04:29:46 | Computer Name = *****| Source = MCUpdate | ID = 0
Description = 10:29:46 - Fehler beim Herstellen der Internetverbindung. 10:29:46
- Serververbindung konnte nicht hergestellt werden..
Error - 28.03.2012 04:29:53 | Computer Name = *****| Source = MCUpdate | ID = 0
Description = 10:29:51 - Fehler beim Herstellen der Internetverbindung. 10:29:51
- Serververbindung konnte nicht hergestellt werden..
Error - 28.03.2012 05:29:57 | Computer Name = *****| Source = MCUpdate | ID = 0
Description = 11:29:57 - Fehler beim Herstellen der Internetverbindung. 11:29:57
- Serververbindung konnte nicht hergestellt werden..
Error - 28.03.2012 05:30:04 | Computer Name = *****| Source = MCUpdate | ID = 0
Description = 11:30:02 - Fehler beim Herstellen der Internetverbindung. 11:30:02
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 01.06.2012 10:54:40 | Computer Name = *****| Source = DCOM | ID = 10005
Description =
Error - 01.06.2012 10:54:40 | Computer Name = *****| Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.06.2012 10:54:40 | Computer Name = *****| Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.06.2012 10:54:41 | Computer Name = *****| Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.06.2012 10:54:41 | Computer Name = *****| Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.06.2012 10:54:41 | Computer Name = *****| Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.06.2012 10:54:41 | Computer Name = *****| Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.06.2012 10:54:41 | Computer Name = *****| Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.06.2012 10:54:41 | Computer Name = *****| Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.06.2012 11:31:00 | Computer Name = *****| Source = DCOM | ID = 10010
Description =
< End of report >
malwarebytes logfile: Code:
ATTFilter alwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org
Datenbank Version: v2012.06.01.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
*** :: *** [Administrator]
Schutz: Aktiviert
01.06.2012 15:33:45
mbam-log-2012-06-01 (16-33-56).txt
Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 366083
Laufzeit: 59 Minute(n), 21 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 1
C:\Program Files (x86)\Registry Helper (Rogue.RegistryHelper) -> Keine Aktion durchgeführt.
Infizierte Dateien: 17
C:\Users\***\Downloads\DecryptHelper-0.5.3.exe (Trojan.FakeAlert) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\WtgPorts.dll (Spyware.OnlineGames) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\WTGXMLUtil.dll (Spyware.OnlineGames) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Registry Helper\background.jpg (Rogue.RegistryHelper) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Registry Helper\delete_invalid_entries_grey.jpg (Rogue.RegistryHelper) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Registry Helper\ErrorFound.wav (Rogue.RegistryHelper) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Registry Helper\header.gif (Rogue.RegistryHelper) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Registry Helper\help.chm (Rogue.RegistryHelper) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Registry Helper\letter.htm (Rogue.RegistryHelper) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Registry Helper\letter1.htm (Rogue.RegistryHelper) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Registry Helper\letter2.htm (Rogue.RegistryHelper) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Registry Helper\letter3.htm (Rogue.RegistryHelper) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Registry Helper\letter4.htm (Rogue.RegistryHelper) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Registry Helper\letter5.htm (Rogue.RegistryHelper) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Registry Helper\logo.jpg (Rogue.RegistryHelper) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Registry Helper\print_16.gif (Rogue.RegistryHelper) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Registry Helper\Registry Helper.url (Rogue.RegistryHelper) -> Keine Aktion durchgeführt.
(Ende)
|
| Themen zu Ukash Verschlüsselungstrojaner hier: logfiles |
| autorun, bho, bingbar, conduit, dateisystem, desktop, error, excel, fehler, firefox, flash player, format, helper, heuristiks/extra, heuristiks/shuriken, home, install.exe, logfile, microsoft security, mozilla, pdfforge toolbar, plug-in, realtek, rogue.registryhelper, rundll, scan, searchscopes, security, software, spyware.onlinegames, stick, svchost.exe, udp, usb, version=1.0, windows, wlan |
Baum-Darstellung