|
Log-Analyse und Auswertung: Vista Home Security 2012 OTL logWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.12.2011, 18:25 | #1 |
| Vista Home Security 2012 OTL log Hallo, ich hatte Vista Home Security 2012 Scareware auf meinen PC. Mit Hilfe von " Malwarebytes Anti-Malware " und "Spybot - Search & Destroy" konnte ich die Scareware entfernen, sodass keine Popups mehr aufgehen die melden das mein PC angeblich Virenverseucht ist und ich die Software kaufen soll. Bin mir allerdings nicht sicher ob jetzt wirklich alles restlos entfernt wurde und der PC wieder sicher ist. Deshalb hier mein Logfile von Anti-Malware, OTL.Txt und Extras Könnt ihr mir bitte helfen? Liebe Grüße, Jannik Anti-Malware Ergebnis Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8348 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19154 10.12.2011 18:31:37 mbam-log-2011-12-10 (18-31-37).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 161115 Laufzeit: 8 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 3 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\AH (Rogue.MultipleAV) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CLASSES_ROOT\ah\Content Type (Rogue.MultipleAV) -> Value: Content Type -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\MEDION\AppData\Local\vgy.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\MEDION\AppData\Local\vgy.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\MEDION\AppData\Local\vgy.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\MEDION\downloads\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. OTL Text Code:
ATTFilter OTL logfile created on: 10.12.2011 18:50:58 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\MEDION\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19154) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 59,31% Memory free 6,20 Gb Paging File | 4,76 Gb Available in Paging File | 76,68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 268,80 Gb Total Space | 184,01 Gb Free Space | 68,46% Space Free | Partition Type: NTFS Drive D: | 29,28 Gb Total Space | 17,29 Gb Free Space | 59,05% Space Free | Partition Type: FAT32 Computer Name: MEDION-PC | User Name: MEDION | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2011.12.10 18:36:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\MEDION\Downloads\OTL.exe PRC - [2011.12.08 18:56:40 | 001,212,224 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe PRC - [2011.12.08 18:56:38 | 001,514,304 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe PRC - [2011.11.14 16:06:56 | 000,546,768 | ---- | M] (Threat Expert Ltd.) -- C:\Programme\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe PRC - [2011.10.24 20:29:34 | 002,398,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgfws.exe PRC - [2011.10.24 20:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgtray.exe PRC - [2011.10.18 06:14:54 | 001,229,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgnsx.exe PRC - [2011.10.12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\AVGIDSAgent.exe PRC - [2011.10.10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgemcx.exe PRC - [2011.09.08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgrsx.exe PRC - [2011.08.15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgcsrvx.exe PRC - [2011.08.02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe PRC - [2011.01.11 01:25:06 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2009.11.17 13:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.12.17 12:02:28 | 004,718,592 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.11.02 13:31:24 | 000,069,632 | ---- | M] () -- C:\Programme\Softex\OmniPass\opvapp.exe PRC - [2007.11.02 13:31:08 | 000,040,960 | ---- | M] (Softex Inc.) -- C:\Programme\Softex\OmniPass\OmniServ.exe PRC - [2007.10.03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.10.03 16:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.08.31 12:04:26 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe PRC - [2007.08.16 11:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe PRC - [2007.04.19 13:11:08 | 000,016,384 | ---- | M] (Empolis GmbH) -- C:\Programme\Medion\MEDIONbox\Program\GCS.exe PRC - [2007.04.19 13:11:06 | 000,036,864 | ---- | M] (Empolis GmbH) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe ========== Modules (No Company Name) ========== MOD - [2011.01.11 01:25:48 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.01.11 01:25:06 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2007.11.02 13:27:28 | 000,016,896 | ---- | M] () -- C:\Programme\Softex\OmniPass\cryptodll.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Running] -- -- (SBSDWSCService) SRV - [2011.12.08 18:56:38 | 001,514,304 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.12.08 18:56:22 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2011.11.22 19:41:50 | 001,117,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService) SRV - [2011.11.22 18:20:06 | 000,402,336 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService) SRV - [2011.11.14 16:06:56 | 000,546,768 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service) SRV - [2011.10.24 20:29:34 | 002,398,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws) SRV - [2011.10.12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2011.08.02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2009.11.17 13:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.11.02 13:31:08 | 000,040,960 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv) SRV - [2007.10.03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2007.08.16 11:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR) SRV - [2007.04.19 13:11:06 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Running] -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe -- (GnabService) SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - [2011.11.22 19:42:40 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\PCTSD.sys -- (PCTSD) DRV - [2011.11.14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore) DRV - [2011.11.08 21:25:24 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2011.10.07 17:52:12 | 000,660,992 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pctEFA.sys -- (pctEFA) DRV - [2011.10.07 17:52:06 | 000,341,656 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS) DRV - [2011.10.07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2011.10.04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim) DRV - [2011.09.28 13:14:02 | 000,056,840 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PCTBD.sys -- (PCTBD) DRV - [2011.09.13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86) DRV - [2011.08.08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011.07.11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2011.07.11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV - [2011.07.11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH) DRV - [2011.07.11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV - [2011.05.23 01:03:28 | 000,047,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd) DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2009.11.17 13:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2009.02.05 18:39:08 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter) DRV - [2009.02.05 18:39:00 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiRemFil.sys -- (SiRemFil) DRV - [2009.02.05 18:38:24 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Si3531.sys -- (Si3531) DRV - [2008.11.16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007.12.18 12:31:00 | 007,630,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.08.28 16:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) DRV - [2007.08.22 20:50:38 | 001,749,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2007.07.31 12:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap) DRV - [2007.01.18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.11.17 11:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Programme\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Search Defender" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.8 FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.6 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.1.3&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.20 23:24:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.20 23:24:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011.12.09 16:11:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2011.12.09 20:05:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.11 14:48:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.22 18:07:44 | 000,000,000 | ---D | M] [2010.06.16 19:54:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MEDION\AppData\Roaming\mozilla\Extensions [2011.11.29 21:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MEDION\AppData\Roaming\mozilla\Firefox\Profiles\ri3u4ma6.default\extensions [2010.09.10 15:59:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\MEDION\AppData\Roaming\mozilla\Firefox\Profiles\ri3u4ma6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.11.29 21:56:47 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\MEDION\AppData\Roaming\mozilla\Firefox\Profiles\ri3u4ma6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.05.17 16:41:57 | 000,000,000 | ---D | M] (Ecosia - The Green Search) -- C:\Users\MEDION\AppData\Roaming\mozilla\Firefox\Profiles\ri3u4ma6.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0} [2011.05.17 17:18:26 | 000,005,212 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\ecosia.xml [2011.12.04 12:16:32 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-1.xml [2011.04.26 21:40:30 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-10.xml [2011.05.22 18:08:29 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-11.xml [2011.07.14 18:40:55 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-12.xml [2011.07.15 14:27:22 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-13.xml [2011.08.21 14:00:39 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-14.xml [2011.09.01 14:07:47 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-15.xml [2011.09.09 22:34:16 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-16.xml [2011.09.27 20:50:06 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-17.xml [2011.10.02 23:55:14 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-18.xml [2011.11.11 14:48:54 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-19.xml [2010.07.05 09:21:10 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-2.xml [2010.09.09 17:20:25 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-3.xml [2010.10.01 18:07:27 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-4.xml [2010.10.21 07:32:34 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-5.xml [2010.10.31 10:03:16 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-6.xml [2010.12.13 19:49:27 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-7.xml [2011.02.12 20:13:07 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-8.xml [2011.03.28 10:30:46 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-9.xml [2011.11.28 12:19:42 | 000,000,168 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin.gif [2011.11.28 12:19:42 | 000,000,618 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin.src [2010.07.04 10:39:08 | 000,001,056 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin.xml [2011.06.05 14:04:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.10.21 15:50:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.12.09 16:11:28 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4 [2011.12.09 20:05:45 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\PROGRAM FILES\PC TOOLS\PC TOOLS SECURITY\BDT\FIREFOX [2011.11.11 14:48:07 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.11.11 14:48:03 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.11 14:48:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.11.11 14:48:03 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.11.11 14:48:03 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.11 14:48:03 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.11 14:48:03 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - Extension: DivX HiQ = C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Spybot - Search & Destroy\SDHelper.dll File not found O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] G:\Spybot - Search & Destroy\TeaTimer.exe File not found O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\Spybot - Search & Destroy\SDHelper.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E26C523-76DB-460F-BC8B-080A024841E5}: DhcpNameServer = 194.90.1.5 212.143.212.143 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F118D1DF-4D6E-4617-AE45-683E52CBFD45}: DhcpNameServer = 10.0.0.138 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\MEDION\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\MEDION\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2011.12.10 18:18:14 | 000,000,000 | ---D | C] -- C:\Users\MEDION\AppData\Roaming\Malwarebytes [2011.12.10 18:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.10 18:18:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.10 18:17:59 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.10 18:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.12.10 18:10:30 | 000,000,000 | -H-D | C] -- C:\$AVG [2011.12.10 11:51:58 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2011.12.10 11:51:55 | 000,028,992 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2011.12.09 22:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.12.09 22:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.12.09 20:05:43 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll [2011.12.09 20:05:43 | 000,056,840 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTBD.sys [2011.12.09 20:05:42 | 002,246,608 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll [2011.12.09 20:05:42 | 001,681,360 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll [2011.12.09 20:04:37 | 000,253,096 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys [2011.12.09 20:04:37 | 000,105,792 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys [2011.12.09 20:04:27 | 000,017,848 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys [2011.12.09 20:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security [2011.12.09 20:04:22 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys [2011.12.09 20:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools [2011.12.09 19:52:18 | 000,660,992 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys [2011.12.09 19:52:18 | 000,341,656 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys [2011.12.09 19:52:12 | 000,331,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys [2011.12.09 19:52:12 | 000,162,584 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys [2011.12.09 19:52:08 | 000,185,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys [2011.12.09 19:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2011.12.09 19:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011.12.09 19:51:08 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2011.12.09 19:51:07 | 000,000,000 | ---D | C] -- C:\Users\MEDION\AppData\Roaming\TestApp [2011.12.09 17:12:41 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2011.12.09 17:08:06 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2011.12.09 17:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012 [2011.12.09 17:06:25 | 000,000,000 | ---D | C] -- C:\Users\MEDION\AppData\Roaming\TuneUp Software [2011.12.09 17:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012 [2011.12.09 17:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2011.12.09 17:03:56 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2011.12.09 16:11:50 | 000,000,000 | ---D | C] -- C:\Users\MEDION\AppData\Roaming\AVG2012 [2011.12.09 16:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012 [2011.12.09 16:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012 [2011.12.09 16:09:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG [2011.12.09 16:08:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2011.12.09 15:43:59 | 000,000,000 | ---D | C] -- C:\Users\MEDION\Desktop\antivirus programm [2011.12.09 15:19:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2011.12.09 15:18:37 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2011.11.11 20:44:44 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.11.11 20:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2008.02.26 06:02:49 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2008.02.26 06:02:49 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll ========== Files - Modified Within 30 Days ========== [2011.12.10 18:48:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.10 18:18:05 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.10 17:45:43 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.10 17:45:43 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.10 16:48:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.10 13:45:45 | 111,777,817 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2011.12.10 09:47:53 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D02EC3D7-C822-42F6-A26D-F7916F04DEC0}.job [2011.12.10 09:45:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.10 09:45:35 | 3217,502,208 | -HS- | M] () -- C:\hiberfil.sys [2011.12.10 01:27:57 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.12.09 22:08:24 | 000,000,654 | ---- | M] () -- C:\Users\MEDION\Desktop\Spybot - Search & Destroy.lnk [2011.12.09 21:44:41 | 000,619,742 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm [2011.12.09 20:04:28 | 000,001,953 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor.lnk [2011.12.09 19:54:50 | 002,160,974 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB [2011.12.09 19:51:09 | 000,001,413 | ---- | M] () -- C:\Users\MEDION\Desktop\sdsetup_aff.exe.lnk [2011.12.09 17:07:54 | 000,001,873 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2011.12.09 17:07:54 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk [2011.12.09 16:11:28 | 000,000,862 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2011.12.08 18:56:44 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2011.12.08 18:56:22 | 000,028,992 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2011.12.08 18:56:22 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2011.12.02 13:23:49 | 002,862,509 | ---- | M] () -- C:\Users\MEDION\Desktop\Muhammad%20Y.%20Muslih.%20The%20Origins%20of%20the%20Palestinian%20Nationalism.pdf [2011.11.29 09:47:21 | 000,689,976 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.11.29 09:47:21 | 000,634,400 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.11.29 09:47:21 | 000,151,168 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.11.29 09:47:21 | 000,119,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.11.22 19:43:02 | 000,070,536 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys [2011.11.22 19:42:40 | 000,185,560 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys [2011.11.22 19:41:28 | 000,017,848 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys [2011.11.22 19:38:10 | 000,105,792 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys [2011.11.22 19:38:04 | 000,253,096 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys [2011.11.19 18:25:33 | 138,238,657 | ---- | M] () -- C:\Users\MEDION\Desktop\Weihnachtsprojekt.cpr [2011.11.18 00:14:00 | 000,013,940 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\wklnhst.dat [2011.11.14 16:07:06 | 000,149,456 | ---- | M] (PC Tools) -- C:\Windows\SGDetectionTool.dll [2011.11.14 16:07:04 | 002,246,608 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll [2011.11.14 16:07:04 | 001,681,360 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll [2011.11.14 16:06:54 | 000,767,952 | ---- | M] () -- C:\Windows\BDTSupport.dll [2011.11.14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys [2011.11.14 15:12:24 | 000,162,584 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys [2011.11.11 20:44:44 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2011.12.10 18:18:05 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.10 13:45:45 | 111,777,817 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2011.12.09 22:08:24 | 000,000,654 | ---- | C] () -- C:\Users\MEDION\Desktop\Spybot - Search & Destroy.lnk [2011.12.09 21:44:41 | 000,619,742 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavifw.avm [2011.12.09 20:05:43 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll [2011.12.09 20:05:43 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip [2011.12.09 20:05:43 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml [2011.12.09 20:05:43 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml [2011.12.09 20:05:43 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip [2011.12.09 20:04:28 | 000,001,953 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor.lnk [2011.12.09 19:52:18 | 002,160,974 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB [2011.12.09 19:51:09 | 000,001,413 | ---- | C] () -- C:\Users\MEDION\Desktop\sdsetup_aff.exe.lnk [2011.12.09 19:40:05 | 3217,502,208 | -HS- | C] () -- C:\hiberfil.sys [2011.12.09 17:07:54 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2011.12.09 17:07:54 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk [2011.12.09 17:07:46 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk [2011.12.09 16:11:28 | 000,000,862 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2011.12.02 13:23:49 | 002,862,509 | ---- | C] () -- C:\Users\MEDION\Desktop\Muhammad%20Y.%20Muslih.%20The%20Origins%20of%20the%20Palestinian%20Nationalism.pdf [2011.02.28 22:34:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.12.19 22:30:12 | 000,000,680 | ---- | C] () -- C:\Users\MEDION\AppData\Local\d3d9caps.dat [2010.12.19 22:12:39 | 000,000,000 | ---- | C] () -- C:\Users\MEDION\AppData\Roaming\Default.PLS [2010.10.29 23:01:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.10.29 23:00:13 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.06.21 09:59:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.06.16 18:38:20 | 000,046,080 | ---- | C] () -- C:\Users\MEDION\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.16 18:25:55 | 000,013,940 | ---- | C] () -- C:\Users\MEDION\AppData\Roaming\wklnhst.dat [2009.12.03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.11.17 13:08:34 | 000,197,424 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2008.02.29 09:56:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.02.29 09:56:57 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.02.29 07:19:08 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll [2008.02.29 07:19:07 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2008.02.26 07:59:51 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI [2008.02.26 06:21:05 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2008.02.26 06:03:25 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe [2008.02.26 06:02:49 | 001,749,760 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2008.02.26 06:02:49 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2008.02.26 06:02:49 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2008.02.26 06:02:49 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2008.02.08 16:34:02 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll [2008.02.08 16:33:25 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.01.21 09:15:58 | 000,689,976 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,151,168 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.12.04 14:55:36 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2007.05.05 20:25:36 | 000,000,094 | ---- | C] () -- C:\Users\MEDION\AppData\Local\fusioncache.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,387,200 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,634,400 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,119,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== Custom Scans ========== < Malwarebytes' Anti-Malware 1.51.2.1300 > < www.malwarebytes.org > < > < Datenbank Version: 8348 > < > < Windows 6.0.6002 Service Pack 2 > < Internet Explorer 8.0.6001.19154 > < > < 10.12.2011 18:31:37 > < mbam-log-2011-12-10 (18-31-37).txt > < > < Art des Suchlaufs: Quick-Scan > < Durchsuchte Objekte: 161115 > < Laufzeit: 8 Minute(n), 14 Sekunde(n) > < > < Infizierte Speicherprozesse: 0 > < Infizierte Speichermodule: 0 > < Infizierte Registrierungsschlüssel: 1 > < Infizierte Registrierungswerte: 1 > < Infizierte Dateiobjekte der Registrierung: 3 > < Infizierte Verzeichnisse: 0 > < Infizierte Dateien: 1 > < > < Infizierte Speicherprozesse: > < (Keine bösartigen Objekte gefunden) > < > < Infizierte Speichermodule: > < (Keine bösartigen Objekte gefunden) > < > < Infizierte Registrierungsschlüssel: > < HKEY_CLASSES_ROOT\AH (Rogue.MultipleAV) -> Quarantined and deleted successfully. > < > < Infizierte Registrierungswerte: > < HKEY_CLASSES_ROOT\ah\Content Type (Rogue.MultipleAV) -> Value: Content Type -> Quarantined and deleted successfully. > < > < Infizierte Dateiobjekte der Registrierung: > < HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\MEDION\AppData\Local\vgy.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully. > < HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\MEDION\AppData\Local\vgy.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully. > < HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\MEDION\AppData\Local\vgy.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully. > < > < Infizierte Verzeichnisse: > < (Keine bösartigen Objekte gefunden) > < > < Infizierte Dateien: > < c:\Users\MEDION\downloads\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. > ========== Alternate Data Streams ========== @Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 < End of report > Code:
ATTFilter OTL Extras logfile created on: 10.12.2011 18:50:58 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\MEDION\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19154) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 59,31% Memory free 6,20 Gb Paging File | 4,76 Gb Available in Paging File | 76,68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 268,80 Gb Total Space | 184,01 Gb Free Space | 68,46% Space Free | Partition Type: NTFS Drive D: | 29,28 Gb Total Space | 17,29 Gb Free Space | 59,05% Space Free | Partition Type: FAT32 Computer Name: MEDION-PC | User Name: MEDION | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1F04DC29-A988-478A-A414-ADAD68CA53FE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{5871A128-D06C-441B-A60E-E3652938398C}" = rport=138 | protocol=17 | dir=out | app=system | "{79B8885D-894A-4C62-8C50-AB5CD428DF1D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{80021563-F1FC-48E0-A867-9FCCDE122FB3}" = rport=445 | protocol=6 | dir=out | app=system | "{86F2F92F-C77C-49C2-B8A9-D5A0801B8FE9}" = lport=137 | protocol=17 | dir=in | app=system | "{A046455A-D426-4736-8403-67E0E0C438A9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{A78F7028-CD74-42D4-A314-96F2C916F3DC}" = rport=139 | protocol=6 | dir=out | app=system | "{AE14C2AF-8138-4900-A3F3-572F1ECDBE23}" = lport=139 | protocol=6 | dir=in | app=system | "{BFF5A569-E021-4937-ACBC-21AB0D4F66BE}" = lport=138 | protocol=17 | dir=in | app=system | "{CB60C474-1A66-438E-A48B-1500C17CE29C}" = lport=2869 | protocol=6 | dir=in | app=system | "{D5C8D36E-B097-47E4-B79E-4A548718DE56}" = rport=137 | protocol=17 | dir=out | app=system | "{EB7BBFF7-0FF8-4672-B345-0F1C0487297A}" = lport=445 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06A8F49D-54E3-461C-B330-B548C8EB6C3A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{1A53F4DF-341C-4E6C-9997-02A0B28CAA69}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{1BF44B7F-E3FC-4649-A60F-FDD04C2FBBDC}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "{234D96D6-BC07-41BC-9DCE-F48CFD38B7C8}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{24A50AEE-D406-4048-B0BC-02A5913D469D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{369E06B9-9E10-43C1-8F95-2DDF1C2672C8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{3AFE447D-B134-400E-92F6-B96443EE77BC}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{433994F5-17BB-4902-BB2E-297B4C7D60C5}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{48937070-61A5-401C-B3C4-38C81E428771}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "{4B28BE95-337C-4A53-979B-A9FFC7EAC534}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{4D5E61F0-2354-47B5-8DFD-C86CA91559CF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{51BEA9BF-0AA5-493E-A38E-A2FD47CCCF64}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{5C97BE55-1E38-4BF9-B224-A9641EA98DA3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{68482338-E920-41E6-9C33-64FAA8D07912}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{687B5CEF-BC5F-4893-A514-A606B79C2497}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | "{6C0DA55C-2572-45EF-B1E0-B722D0E2A190}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{78E3D703-D8B8-4CFD-8BCD-714AFE877C87}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{7B2476E8-18E4-417E-9043-89CDA1BFC6E2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{9704CA39-F5D1-43E2-A12A-F637C47846AA}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{A6153416-F334-494D-8B21-23835C9E9DA2}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{AD28BA41-2EBF-41DE-9113-6C65A4AE6330}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{B46E3084-F6F1-416B-84D3-505B4094EBB8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{B8705B89-29F5-43D7-B666-5E64FD5D30F6}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "{BFBD3A98-B585-400D-A6D1-CAB6C743F17E}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | "{C54EDCAB-9FFB-40C1-B375-3C8B78D82964}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{CC62E603-FA70-43F0-916F-B22ABF1ED8FC}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | "{CDE6BF11-182C-4241-BCD1-9D12461F9431}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{EA6F3C65-895C-4EC8-8116-E1991A7924F7}" = dir=in | app=c:\program files\msn messenger\livecall.exe | "{EC0872FF-D71B-4F00-AD47-1179846BCF4B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{F2832B73-7E32-46EE-977A-7EF81985EB1D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "{F55B1238-08BE-4EFF-AEF9-E57D9702781A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "TCP Query User{98382FC9-429C-408D-96EF-1F39D9FB9D37}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{9E09941F-A3FD-4925-A748-4E46EE7F2B5D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6000 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160 "{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger "{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox "{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012 "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4 "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV "{53DF73B1-37F5-4B7F-86ED-FA7CC4041031}" = Nero 8 Essentials "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5F1ECD36-0DFA-4C58-830B-0F089083407F}" = AVG 2012 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{80F28669-97B7-4CC9-B256-1F1BCFB7FDCF}" = AVG 2012 "{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}" = EndNote X4 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista "{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2 "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink Wireless LAN "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BD1587F7-B8D0-4111-8F1F-3327628AB02F}" = 3531-W-D "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE) "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade "{E815FB81-995F-4F33-8E25-F16712123AB7}" = AuthenTec Fingerprint Sensor Minimum Install "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.00.91 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "ALDI Bestellsoftware" = ALDI Bestellsoftware 4.11.0 "AVG" = AVG 2012 "Browser Defender_is1" = Browser Defender 4.0 "DivX Setup.divx.com" = DivX-Setup "Google Chrome" = Google Chrome "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "LetsTrade" = LetsTrade Komponenten "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de) "NVIDIA Drivers" = NVIDIA Drivers "ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper "Spyware Doctor" = PC Tools Spyware Doctor 9.0 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TuneUp Utilities 2012" = TuneUp Utilities 2012 "VLC media player" = VLC media player 1.1.11 "X10Hardware" = X10 Hardware(TM) ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 09.12.2011 13:30:03 | Computer Name = MEDION-PC | Source = WinMgmt | ID = 10 Description = Error - 09.12.2011 13:38:22 | Computer Name = MEDION-PC | Source = Wininit | ID = 1015 Description = Ein kritischer Systemprozess C:\Windows\system32\lsm.exe ist fehlgeschlagen mit den Statuscode 1. Der Computer muss neu gestartet werden. Error - 09.12.2011 13:41:38 | Computer Name = MEDION-PC | Source = WinMgmt | ID = 10 Description = Error - 09.12.2011 13:47:58 | Computer Name = MEDION-PC | Source = Application Hang | ID = 1002 Description = Programm vgy.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 1234 Anfangszeit: 01ccb699b11c28f0 Zeitpunkt der Beendigung: 32 Error - 09.12.2011 18:00:56 | Computer Name = MEDION-PC | Source = WinMgmt | ID = 10 Description = Error - 10.12.2011 03:46:16 | Computer Name = MEDION-PC | Source = WinMgmt | ID = 10 Description = Error - 10.12.2011 03:54:42 | Computer Name = MEDION-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung TeaTimer.exe, Version 0.0.0.0, Zeitstempel 0x2a425e19, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436, Ausnahmecode 0xc0000005, Fehleroffset 0x0003943e, Prozess-ID 0x9f4, Anwendungsstartzeit 01ccb70fbf090f03. Error - 10.12.2011 05:51:22 | Computer Name = MEDION-PC | Source = MsiInstaller | ID = 11321 Description = Error - 10.12.2011 05:51:24 | Computer Name = MEDION-PC | Source = MsiInstaller | ID = 11321 Description = Error - 10.12.2011 05:51:35 | Computer Name = MEDION-PC | Source = MsiInstaller | ID = 11321 Description = [ System Events ] Error - 27.07.2010 07:23:43 | Computer Name = MEDION-PC | Source = HTTP | ID = 15016 Description = Error - 27.07.2010 07:23:45 | Computer Name = MEDION-PC | Source = Print | ID = 19 Description = Der Druckspooler konnte den Drucker Microsoft Office Document Image Writer nicht unter dem Namen Microsoft Office Document Image Writer freigeben. Fehler: 2114. Der Drucker kann nicht von anderen Benutzern im Netzwerk verwendet werden. Error - 27.07.2010 07:24:10 | Computer Name = MEDION-PC | Source = Service Control Manager | ID = 7000 Description = Error - 01.08.2010 01:24:40 | Computer Name = MEDION-PC | Source = HTTP | ID = 15016 Description = Error - 01.08.2010 01:24:46 | Computer Name = MEDION-PC | Source = Print | ID = 19 Description = Der Druckspooler konnte den Drucker Microsoft Office Document Image Writer nicht unter dem Namen Microsoft Office Document Image Writer freigeben. Fehler: 2114. Der Drucker kann nicht von anderen Benutzern im Netzwerk verwendet werden. Error - 01.08.2010 01:24:46 | Computer Name = MEDION-PC | Source = Print | ID = 19 Description = Der Druckspooler konnte den Drucker An OneNote 2007 senden nicht unter dem Namen An OneNote 2007 senden freigeben. Fehler: 2114. Der Drucker kann nicht von anderen Benutzern im Netzwerk verwendet werden. Error - 01.08.2010 01:25:12 | Computer Name = MEDION-PC | Source = Service Control Manager | ID = 7000 Description = Error - 01.08.2010 01:29:47 | Computer Name = MEDION-PC | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 01.08.2010 01:31:40 | Computer Name = MEDION-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 02.08.2010 17:15:01 | Computer Name = MEDION-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 01.08.2010 um 09:07:43 unerwartet heruntergefahren. < End of report > |
12.12.2011, 12:19 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Vista Home Security 2012 OTL log Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
__________________ |
Themen zu Vista Home Security 2012 OTL log |
alternate, antivirus, bho, browser, desktop, document, entfernen, error, excel.exe, flash player, geld, google chrome, helper, hijack.startmenuinternet, home, iexplore.exe, install.exe, logfile, microsoft office word, mozilla, msiinstaller, netzwerk, nicht sicher, ntdll.dll, nvlddmkm.sys, office 2007, plug-in, realtek, registry, security, security update, senden, software, spyware, svchost.exe, systemprozess, usb, usb 2.0, vista |