Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Vista Home Security 2012 OTL log

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 10.12.2011, 18:25   #1
Jannik23
 
Vista Home Security 2012  OTL log - Standard

Vista Home Security 2012 OTL log



Hallo, ich hatte Vista Home Security 2012 Scareware auf meinen PC.
Mit Hilfe von " Malwarebytes Anti-Malware " und "Spybot - Search & Destroy" konnte ich die Scareware entfernen, sodass keine Popups mehr aufgehen die melden das mein PC angeblich Virenverseucht ist und ich die Software kaufen soll.
Bin mir allerdings nicht sicher ob jetzt wirklich alles restlos entfernt wurde und der PC wieder sicher ist. Deshalb hier mein Logfile von Anti-Malware, OTL.Txt und Extras

Könnt ihr mir bitte helfen?
Liebe Grüße,
Jannik

Anti-Malware Ergebnis

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8348

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

10.12.2011 18:31:37
mbam-log-2011-12-10 (18-31-37).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 161115
Laufzeit: 8 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\AH (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CLASSES_ROOT\ah\Content Type (Rogue.MultipleAV) -> Value: Content Type -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\MEDION\AppData\Local\vgy.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\MEDION\AppData\Local\vgy.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\MEDION\AppData\Local\vgy.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\MEDION\downloads\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
         


OTL Text
Code:
ATTFilter
OTL logfile created on: 10.12.2011 18:50:58 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\MEDION\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 59,31% Memory free
6,20 Gb Paging File | 4,76 Gb Available in Paging File | 76,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 268,80 Gb Total Space | 184,01 Gb Free Space | 68,46% Space Free | Partition Type: NTFS
Drive D: | 29,28 Gb Total Space | 17,29 Gb Free Space | 59,05% Space Free | Partition Type: FAT32
 
Computer Name: MEDION-PC | User Name: MEDION | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2011.12.10 18:36:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\MEDION\Downloads\OTL.exe
PRC - [2011.12.08 18:56:40 | 001,212,224 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2011.12.08 18:56:38 | 001,514,304 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2011.11.14 16:06:56 | 000,546,768 | ---- | M] (Threat Expert Ltd.) -- C:\Programme\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2011.10.24 20:29:34 | 002,398,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgfws.exe
PRC - [2011.10.24 20:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgtray.exe
PRC - [2011.10.18 06:14:54 | 001,229,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgnsx.exe
PRC - [2011.10.12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011.10.10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgemcx.exe
PRC - [2011.09.08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgrsx.exe
PRC - [2011.08.15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgcsrvx.exe
PRC - [2011.08.02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe
PRC - [2011.01.11 01:25:06 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2009.11.17 13:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.12.17 12:02:28 | 004,718,592 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.11.02 13:31:24 | 000,069,632 | ---- | M] () -- C:\Programme\Softex\OmniPass\opvapp.exe
PRC - [2007.11.02 13:31:08 | 000,040,960 | ---- | M] (Softex Inc.) -- C:\Programme\Softex\OmniPass\OmniServ.exe
PRC - [2007.10.03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 16:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.08.31 12:04:26 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe
PRC - [2007.08.16 11:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
PRC - [2007.04.19 13:11:08 | 000,016,384 | ---- | M] (Empolis GmbH) -- C:\Programme\Medion\MEDIONbox\Program\GCS.exe
PRC - [2007.04.19 13:11:06 | 000,036,864 | ---- | M] (Empolis GmbH) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe
PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.01.11 01:25:48 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.01.11 01:25:06 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2007.11.02 13:27:28 | 000,016,896 | ---- | M] () -- C:\Programme\Softex\OmniPass\cryptodll.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Running] --  -- (SBSDWSCService)
SRV - [2011.12.08 18:56:38 | 001,514,304 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.12.08 18:56:22 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.11.22 19:41:50 | 001,117,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2011.11.22 18:20:06 | 000,402,336 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2011.11.14 16:06:56 | 000,546,768 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2011.10.24 20:29:34 | 002,398,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2011.10.12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.08.02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2009.11.17 13:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.11.02 13:31:08 | 000,040,960 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2007.10.03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.08.16 11:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2007.04.19 13:11:06 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Running] -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe -- (GnabService)
SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.11.22 19:42:40 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2011.11.14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011.11.08 21:25:24 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.10.07 17:52:12 | 000,660,992 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2011.10.07 17:52:06 | 000,341,656 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2011.10.07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011.10.04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011.09.28 13:14:02 | 000,056,840 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2011.09.13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.08.08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.07.11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011.07.11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011.07.11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011.07.11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011.05.23 01:03:28 | 000,047,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.11.17 13:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009.02.05 18:39:08 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2009.02.05 18:39:00 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2009.02.05 18:38:24 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Si3531.sys -- (Si3531)
DRV - [2008.11.16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.12.18 12:31:00 | 007,630,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.08.28 16:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007.08.22 20:50:38 | 001,749,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007.07.31 12:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2007.01.18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 11:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Programme\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Search Defender"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.8
FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.6
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.1.3&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.20 23:24:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.20 23:24:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011.12.09 16:11:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2011.12.09 20:05:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.11 14:48:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.22 18:07:44 | 000,000,000 | ---D | M]
 
[2010.06.16 19:54:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MEDION\AppData\Roaming\mozilla\Extensions
[2011.11.29 21:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MEDION\AppData\Roaming\mozilla\Firefox\Profiles\ri3u4ma6.default\extensions
[2010.09.10 15:59:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\MEDION\AppData\Roaming\mozilla\Firefox\Profiles\ri3u4ma6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.11.29 21:56:47 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\MEDION\AppData\Roaming\mozilla\Firefox\Profiles\ri3u4ma6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.05.17 16:41:57 | 000,000,000 | ---D | M] (Ecosia - The Green Search) -- C:\Users\MEDION\AppData\Roaming\mozilla\Firefox\Profiles\ri3u4ma6.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}
[2011.05.17 17:18:26 | 000,005,212 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\ecosia.xml
[2011.12.04 12:16:32 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-1.xml
[2011.04.26 21:40:30 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-10.xml
[2011.05.22 18:08:29 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-11.xml
[2011.07.14 18:40:55 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-12.xml
[2011.07.15 14:27:22 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-13.xml
[2011.08.21 14:00:39 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-14.xml
[2011.09.01 14:07:47 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-15.xml
[2011.09.09 22:34:16 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-16.xml
[2011.09.27 20:50:06 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-17.xml
[2011.10.02 23:55:14 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-18.xml
[2011.11.11 14:48:54 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-19.xml
[2010.07.05 09:21:10 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-2.xml
[2010.09.09 17:20:25 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-3.xml
[2010.10.01 18:07:27 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-4.xml
[2010.10.21 07:32:34 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-5.xml
[2010.10.31 10:03:16 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-6.xml
[2010.12.13 19:49:27 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-7.xml
[2011.02.12 20:13:07 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-8.xml
[2011.03.28 10:30:46 | 000,000,950 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin-9.xml
[2011.11.28 12:19:42 | 000,000,168 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin.gif
[2011.11.28 12:19:42 | 000,000,618 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin.src
[2010.07.04 10:39:08 | 000,001,056 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ri3u4ma6.default\searchplugins\icqplugin.xml
[2011.06.05 14:04:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.21 15:50:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.12.09 16:11:28 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2011.12.09 20:05:45 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\PROGRAM FILES\PC TOOLS\PC TOOLS SECURITY\BDT\FIREFOX
[2011.11.11 14:48:07 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.11 14:48:03 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.11 14:48:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.11 14:48:03 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.11 14:48:03 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.11 14:48:03 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.11 14:48:03 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - Extension: DivX HiQ = C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\MEDION\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - G:\Spybot - Search & Destroy\SDHelper.dll File not found
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] G:\Spybot - Search & Destroy\TeaTimer.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\Spybot - Search & Destroy\SDHelper.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E26C523-76DB-460F-BC8B-080A024841E5}: DhcpNameServer = 194.90.1.5 212.143.212.143
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F118D1DF-4D6E-4617-AE45-683E52CBFD45}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\MEDION\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\MEDION\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.10 18:18:14 | 000,000,000 | ---D | C] -- C:\Users\MEDION\AppData\Roaming\Malwarebytes
[2011.12.10 18:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.10 18:18:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.10 18:17:59 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.10 18:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.10 18:10:30 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011.12.10 11:51:58 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.12.10 11:51:55 | 000,028,992 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2011.12.09 22:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.12.09 22:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.12.09 20:05:43 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2011.12.09 20:05:43 | 000,056,840 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTBD.sys
[2011.12.09 20:05:42 | 002,246,608 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2011.12.09 20:05:42 | 001,681,360 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2011.12.09 20:04:37 | 000,253,096 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2011.12.09 20:04:37 | 000,105,792 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2011.12.09 20:04:27 | 000,017,848 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys
[2011.12.09 20:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011.12.09 20:04:22 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2011.12.09 20:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2011.12.09 19:52:18 | 000,660,992 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2011.12.09 19:52:18 | 000,341,656 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2011.12.09 19:52:12 | 000,331,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2011.12.09 19:52:12 | 000,162,584 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2011.12.09 19:52:08 | 000,185,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2011.12.09 19:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011.12.09 19:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.12.09 19:51:08 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011.12.09 19:51:07 | 000,000,000 | ---D | C] -- C:\Users\MEDION\AppData\Roaming\TestApp
[2011.12.09 17:12:41 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011.12.09 17:08:06 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011.12.09 17:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2011.12.09 17:06:25 | 000,000,000 | ---D | C] -- C:\Users\MEDION\AppData\Roaming\TuneUp Software
[2011.12.09 17:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012
[2011.12.09 17:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011.12.09 17:03:56 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011.12.09 16:11:50 | 000,000,000 | ---D | C] -- C:\Users\MEDION\AppData\Roaming\AVG2012
[2011.12.09 16:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011.12.09 16:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011.12.09 16:09:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011.12.09 16:08:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011.12.09 15:43:59 | 000,000,000 | ---D | C] -- C:\Users\MEDION\Desktop\antivirus programm
[2011.12.09 15:19:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011.12.09 15:18:37 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011.11.11 20:44:44 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.11.11 20:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2008.02.26 06:02:49 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2008.02.26 06:02:49 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.10 18:48:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.10 18:18:05 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.10 17:45:43 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.10 17:45:43 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.10 16:48:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.10 13:45:45 | 111,777,817 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011.12.10 09:47:53 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D02EC3D7-C822-42F6-A26D-F7916F04DEC0}.job
[2011.12.10 09:45:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.10 09:45:35 | 3217,502,208 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.10 01:27:57 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.12.09 22:08:24 | 000,000,654 | ---- | M] () -- C:\Users\MEDION\Desktop\Spybot - Search & Destroy.lnk
[2011.12.09 21:44:41 | 000,619,742 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2011.12.09 20:04:28 | 000,001,953 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor.lnk
[2011.12.09 19:54:50 | 002,160,974 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011.12.09 19:51:09 | 000,001,413 | ---- | M] () -- C:\Users\MEDION\Desktop\sdsetup_aff.exe.lnk
[2011.12.09 17:07:54 | 000,001,873 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2011.12.09 17:07:54 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2011.12.09 16:11:28 | 000,000,862 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011.12.08 18:56:44 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011.12.08 18:56:22 | 000,028,992 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2011.12.08 18:56:22 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.12.02 13:23:49 | 002,862,509 | ---- | M] () -- C:\Users\MEDION\Desktop\Muhammad%20Y.%20Muslih.%20The%20Origins%20of%20the%20Palestinian%20Nationalism.pdf
[2011.11.29 09:47:21 | 000,689,976 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.29 09:47:21 | 000,634,400 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.29 09:47:21 | 000,151,168 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.29 09:47:21 | 000,119,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.22 19:43:02 | 000,070,536 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2011.11.22 19:42:40 | 000,185,560 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2011.11.22 19:41:28 | 000,017,848 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys
[2011.11.22 19:38:10 | 000,105,792 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2011.11.22 19:38:04 | 000,253,096 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2011.11.19 18:25:33 | 138,238,657 | ---- | M] () -- C:\Users\MEDION\Desktop\Weihnachtsprojekt.cpr
[2011.11.18 00:14:00 | 000,013,940 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\wklnhst.dat
[2011.11.14 16:07:06 | 000,149,456 | ---- | M] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2011.11.14 16:07:04 | 002,246,608 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2011.11.14 16:07:04 | 001,681,360 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2011.11.14 16:06:54 | 000,767,952 | ---- | M] () -- C:\Windows\BDTSupport.dll
[2011.11.14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2011.11.14 15:12:24 | 000,162,584 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2011.11.11 20:44:44 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2011.12.10 18:18:05 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.10 13:45:45 | 111,777,817 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011.12.09 22:08:24 | 000,000,654 | ---- | C] () -- C:\Users\MEDION\Desktop\Spybot - Search & Destroy.lnk
[2011.12.09 21:44:41 | 000,619,742 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2011.12.09 20:05:43 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2011.12.09 20:05:43 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip
[2011.12.09 20:05:43 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2011.12.09 20:05:43 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2011.12.09 20:05:43 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2011.12.09 20:04:28 | 000,001,953 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor.lnk
[2011.12.09 19:52:18 | 002,160,974 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011.12.09 19:51:09 | 000,001,413 | ---- | C] () -- C:\Users\MEDION\Desktop\sdsetup_aff.exe.lnk
[2011.12.09 19:40:05 | 3217,502,208 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.09 17:07:54 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2011.12.09 17:07:54 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2011.12.09 17:07:46 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2011.12.09 16:11:28 | 000,000,862 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011.12.02 13:23:49 | 002,862,509 | ---- | C] () -- C:\Users\MEDION\Desktop\Muhammad%20Y.%20Muslih.%20The%20Origins%20of%20the%20Palestinian%20Nationalism.pdf
[2011.02.28 22:34:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.12.19 22:30:12 | 000,000,680 | ---- | C] () -- C:\Users\MEDION\AppData\Local\d3d9caps.dat
[2010.12.19 22:12:39 | 000,000,000 | ---- | C] () -- C:\Users\MEDION\AppData\Roaming\Default.PLS
[2010.10.29 23:01:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.10.29 23:00:13 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.06.21 09:59:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.06.16 18:38:20 | 000,046,080 | ---- | C] () -- C:\Users\MEDION\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.16 18:25:55 | 000,013,940 | ---- | C] () -- C:\Users\MEDION\AppData\Roaming\wklnhst.dat
[2009.12.03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.11.17 13:08:34 | 000,197,424 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2008.02.29 09:56:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.02.29 09:56:57 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.02.29 07:19:08 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2008.02.29 07:19:07 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2008.02.26 07:59:51 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI
[2008.02.26 06:21:05 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.02.26 06:03:25 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2008.02.26 06:02:49 | 001,749,760 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008.02.26 06:02:49 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008.02.26 06:02:49 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2008.02.26 06:02:49 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008.02.08 16:34:02 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2008.02.08 16:33:25 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.01.21 09:15:58 | 000,689,976 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,151,168 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.12.04 14:55:36 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007.05.05 20:25:36 | 000,000,094 | ---- | C] () -- C:\Users\MEDION\AppData\Local\fusioncache.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,387,200 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,634,400 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,119,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== Custom Scans ==========
 
 
< Malwarebytes' Anti-Malware 1.51.2.1300 >
 
< www.malwarebytes.org >
 
<  >
 
< Datenbank Version: 8348 >
 
<  >
 
< Windows 6.0.6002 Service Pack 2 >
 
< Internet Explorer 8.0.6001.19154 >
 
<  >
 
< 10.12.2011 18:31:37 >
 
< mbam-log-2011-12-10 (18-31-37).txt >
 
<  >
 
< Art des Suchlaufs: Quick-Scan >
 
< Durchsuchte Objekte: 161115 >
 
< Laufzeit: 8 Minute(n), 14 Sekunde(n) >
 
<  >
 
< Infizierte Speicherprozesse: 0 >
 
< Infizierte Speichermodule: 0 >
 
< Infizierte Registrierungsschlüssel: 1 >
 
< Infizierte Registrierungswerte: 1 >
 
< Infizierte Dateiobjekte der Registrierung: 3 >
 
< Infizierte Verzeichnisse: 0 >
 
< Infizierte Dateien: 1 >
 
<  >
 
< Infizierte Speicherprozesse: >
 
< (Keine bösartigen Objekte gefunden) >
 
<  >
 
< Infizierte Speichermodule: >
 
< (Keine bösartigen Objekte gefunden) >
 
<  >
 
< Infizierte Registrierungsschlüssel: >
 
< HKEY_CLASSES_ROOT\AH (Rogue.MultipleAV) -> Quarantined and deleted successfully. >
 
<  >
 
< Infizierte Registrierungswerte: >
 
< HKEY_CLASSES_ROOT\ah\Content Type (Rogue.MultipleAV) -> Value: Content Type -> Quarantined and deleted successfully. >
 
<  >
 
< Infizierte Dateiobjekte der Registrierung: >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\MEDION\AppData\Local\vgy.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully. >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\MEDION\AppData\Local\vgy.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully. >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\MEDION\AppData\Local\vgy.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully. >
 
<  >
 
< Infizierte Verzeichnisse: >
 
< (Keine bösartigen Objekte gefunden) >
 
<  >
 
< Infizierte Dateien: >
 
< c:\Users\MEDION\downloads\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >
         
OTL Extras
Code:
ATTFilter
OTL Extras logfile created on: 10.12.2011 18:50:58 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\MEDION\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 59,31% Memory free
6,20 Gb Paging File | 4,76 Gb Available in Paging File | 76,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 268,80 Gb Total Space | 184,01 Gb Free Space | 68,46% Space Free | Partition Type: NTFS
Drive D: | 29,28 Gb Total Space | 17,29 Gb Free Space | 59,05% Space Free | Partition Type: FAT32
 
Computer Name: MEDION-PC | User Name: MEDION | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F04DC29-A988-478A-A414-ADAD68CA53FE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{5871A128-D06C-441B-A60E-E3652938398C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{79B8885D-894A-4C62-8C50-AB5CD428DF1D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{80021563-F1FC-48E0-A867-9FCCDE122FB3}" = rport=445 | protocol=6 | dir=out | app=system | 
"{86F2F92F-C77C-49C2-B8A9-D5A0801B8FE9}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A046455A-D426-4736-8403-67E0E0C438A9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A78F7028-CD74-42D4-A314-96F2C916F3DC}" = rport=139 | protocol=6 | dir=out | app=system | 
"{AE14C2AF-8138-4900-A3F3-572F1ECDBE23}" = lport=139 | protocol=6 | dir=in | app=system | 
"{BFF5A569-E021-4937-ACBC-21AB0D4F66BE}" = lport=138 | protocol=17 | dir=in | app=system | 
"{CB60C474-1A66-438E-A48B-1500C17CE29C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D5C8D36E-B097-47E4-B79E-4A548718DE56}" = rport=137 | protocol=17 | dir=out | app=system | 
"{EB7BBFF7-0FF8-4672-B345-0F1C0487297A}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06A8F49D-54E3-461C-B330-B548C8EB6C3A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{1A53F4DF-341C-4E6C-9997-02A0B28CAA69}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{1BF44B7F-E3FC-4649-A60F-FDD04C2FBBDC}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | 
"{234D96D6-BC07-41BC-9DCE-F48CFD38B7C8}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{24A50AEE-D406-4048-B0BC-02A5913D469D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{369E06B9-9E10-43C1-8F95-2DDF1C2672C8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | 
"{3AFE447D-B134-400E-92F6-B96443EE77BC}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{433994F5-17BB-4902-BB2E-297B4C7D60C5}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{48937070-61A5-401C-B3C4-38C81E428771}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | 
"{4B28BE95-337C-4A53-979B-A9FFC7EAC534}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | 
"{4D5E61F0-2354-47B5-8DFD-C86CA91559CF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{51BEA9BF-0AA5-493E-A38E-A2FD47CCCF64}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{5C97BE55-1E38-4BF9-B224-A9641EA98DA3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{68482338-E920-41E6-9C33-64FAA8D07912}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{687B5CEF-BC5F-4893-A514-A606B79C2497}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{6C0DA55C-2572-45EF-B1E0-B722D0E2A190}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{78E3D703-D8B8-4CFD-8BCD-714AFE877C87}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{7B2476E8-18E4-417E-9043-89CDA1BFC6E2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{9704CA39-F5D1-43E2-A12A-F637C47846AA}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{A6153416-F334-494D-8B21-23835C9E9DA2}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{AD28BA41-2EBF-41DE-9113-6C65A4AE6330}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{B46E3084-F6F1-416B-84D3-505B4094EBB8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B8705B89-29F5-43D7-B666-5E64FD5D30F6}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | 
"{BFBD3A98-B585-400D-A6D1-CAB6C743F17E}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{C54EDCAB-9FFB-40C1-B375-3C8B78D82964}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{CC62E603-FA70-43F0-916F-B22ABF1ED8FC}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | 
"{CDE6BF11-182C-4241-BCD1-9D12461F9431}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{EA6F3C65-895C-4EC8-8116-E1991A7924F7}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{EC0872FF-D71B-4F00-AD47-1179846BCF4B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{F2832B73-7E32-46EE-977A-7EF81985EB1D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | 
"{F55B1238-08BE-4EFF-AEF9-E57D9702781A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{98382FC9-429C-408D-96EF-1F39D9FB9D37}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{9E09941F-A3FD-4925-A748-4E46EE7F2B5D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6000
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{53DF73B1-37F5-4B7F-86ED-FA7CC4041031}" = Nero 8 Essentials
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F1ECD36-0DFA-4C58-830B-0F089083407F}" = AVG 2012
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80F28669-97B7-4CC9-B256-1F1BCFB7FDCF}" = AVG 2012
"{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}" = EndNote X4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink Wireless LAN
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD1587F7-B8D0-4111-8F1F-3327628AB02F}" = 3531-W-D
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E815FB81-995F-4F33-8E25-F16712123AB7}" = AuthenTec Fingerprint Sensor Minimum Install
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.00.91
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ALDI Bestellsoftware" = ALDI Bestellsoftware 4.11.0
"AVG" = AVG 2012
"Browser Defender_is1" = Browser Defender 4.0
"DivX Setup.divx.com" = DivX-Setup
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LetsTrade" = LetsTrade Komponenten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"Spyware Doctor" = PC Tools Spyware Doctor 9.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 1.1.11
"X10Hardware" = X10 Hardware(TM)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 09.12.2011 13:30:03 | Computer Name = MEDION-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.12.2011 13:38:22 | Computer Name = MEDION-PC | Source = Wininit | ID = 1015
Description = Ein kritischer Systemprozess C:\Windows\system32\lsm.exe ist fehlgeschlagen
 mit den Statuscode 1. Der Computer muss neu gestartet werden.
 
Error - 09.12.2011 13:41:38 | Computer Name = MEDION-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.12.2011 13:47:58 | Computer Name = MEDION-PC | Source = Application Hang | ID = 1002
Description = Programm vgy.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows 
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 1234  Anfangszeit: 01ccb699b11c28f0  Zeitpunkt der Beendigung:
 32
 
Error - 09.12.2011 18:00:56 | Computer Name = MEDION-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.12.2011 03:46:16 | Computer Name = MEDION-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.12.2011 03:54:42 | Computer Name = MEDION-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung TeaTimer.exe, Version 0.0.0.0, Zeitstempel 0x2a425e19,
 fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436, Ausnahmecode
 0xc0000005, Fehleroffset 0x0003943e,  Prozess-ID 0x9f4, Anwendungsstartzeit 01ccb70fbf090f03.
 
Error - 10.12.2011 05:51:22 | Computer Name = MEDION-PC | Source = MsiInstaller | ID = 11321
Description = 
 
Error - 10.12.2011 05:51:24 | Computer Name = MEDION-PC | Source = MsiInstaller | ID = 11321
Description = 
 
Error - 10.12.2011 05:51:35 | Computer Name = MEDION-PC | Source = MsiInstaller | ID = 11321
Description = 
 
[ System Events ]
Error - 27.07.2010 07:23:43 | Computer Name = MEDION-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 27.07.2010 07:23:45 | Computer Name = MEDION-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Microsoft Office Document Image
 Writer nicht unter dem Namen Microsoft Office Document Image Writer freigeben. 
Fehler: 2114. Der Drucker kann nicht von anderen Benutzern im Netzwerk verwendet
 werden.
 
Error - 27.07.2010 07:24:10 | Computer Name = MEDION-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.08.2010 01:24:40 | Computer Name = MEDION-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 01.08.2010 01:24:46 | Computer Name = MEDION-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Microsoft Office Document Image
 Writer nicht unter dem Namen Microsoft Office Document Image Writer freigeben. 
Fehler: 2114. Der Drucker kann nicht von anderen Benutzern im Netzwerk verwendet
 werden.
 
Error - 01.08.2010 01:24:46 | Computer Name = MEDION-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker An OneNote 2007 senden nicht unter
 dem Namen An OneNote 2007 senden freigeben. Fehler: 2114. Der Drucker kann nicht
 von anderen Benutzern im Netzwerk verwendet werden.
 
Error - 01.08.2010 01:25:12 | Computer Name = MEDION-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.08.2010 01:29:47 | Computer Name = MEDION-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 01.08.2010 01:31:40 | Computer Name = MEDION-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 02.08.2010 17:15:01 | Computer Name = MEDION-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 01.08.2010 um 09:07:43 unerwartet heruntergefahren.
 
 
< End of report >
         

Alt 12.12.2011, 12:19   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vista Home Security 2012  OTL log - Standard

Vista Home Security 2012 OTL log



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________

__________________

Antwort

Themen zu Vista Home Security 2012 OTL log
alternate, antivirus, bho, browser, desktop, document, entfernen, error, excel.exe, flash player, geld, google chrome, helper, hijack.startmenuinternet, home, iexplore.exe, install.exe, logfile, microsoft office word, mozilla, msiinstaller, netzwerk, nicht sicher, ntdll.dll, nvlddmkm.sys, office 2007, realtek, registry, security, security update, senden, software, spyware, svchost.exe, systemprozess, usb, usb 2.0, vista



Ähnliche Themen: Vista Home Security 2012 OTL log


  1. Vista Home Security 2013 entfernen
    Anleitungen, FAQs & Links - 11.01.2013 (2)
  2. Security Shield 2012/Vista
    Log-Analyse und Auswertung - 19.03.2012 (3)
  3. Vista Security 2012 Angriff - Bereinigungs Unterstützung nach Spybot S&D Lauf
    Log-Analyse und Auswertung - 19.01.2012 (6)
  4. Vista Home Security 2012 entfernen
    Log-Analyse und Auswertung - 19.01.2012 (3)
  5. Sicherheitscenter und Defender Dienste verschwunden nach Befall von "Win 7 Home Security 2012"
    Plagegeister aller Art und deren Bekämpfung - 16.01.2012 (7)
  6. Windows 7 Home Security 2012 Virus loswerden?
    Plagegeister aller Art und deren Bekämpfung - 03.01.2012 (2)
  7. Blockade von exe dateien nach windows 7 home security 2012 trojaner
    Log-Analyse und Auswertung - 24.12.2011 (1)
  8. Win 7 Home Security 2012 entfernen
    Anleitungen, FAQs & Links - 05.12.2011 (2)
  9. Vista Security 2012 entfernen
    Anleitungen, FAQs & Links - 05.12.2011 (2)
  10. Vista Home Security 2012 entfernen
    Anleitungen, FAQs & Links - 05.12.2011 (2)
  11. Vista Internet Security 2012 entfernen
    Anleitungen, FAQs & Links - 05.12.2011 (2)
  12. XP Home Security 2012 entfernen
    Anleitungen, FAQs & Links - 04.12.2011 (2)
  13. Avira erkennt Acronis True Image Home 2012 als Rootkit
    Log-Analyse und Auswertung - 29.11.2011 (6)
  14. Scareware-Befall: "XP Home Security 2012"
    Plagegeister aller Art und deren Bekämpfung - 09.09.2011 (3)
  15. Vista Home Security 2012 Scareware restlos entfernt ?
    Log-Analyse und Auswertung - 23.06.2011 (21)
  16. vista antivirus 2012
    Plagegeister aller Art und deren Bekämpfung - 19.06.2011 (1)
  17. Win 7 Antispyware 2012, Vista Antivirus 2012, XP Security 2012 entfernen
    Anleitungen, FAQs & Links - 07.06.2011 (2)

Zum Thema Vista Home Security 2012 OTL log - Hallo, ich hatte Vista Home Security 2012 Scareware auf meinen PC. Mit Hilfe von " Malwarebytes Anti-Malware " und "Spybot - Search & Destroy" konnte ich die Scareware entfernen, sodass - Vista Home Security 2012 OTL log...
Archiv
Du betrachtest: Vista Home Security 2012 OTL log auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.