| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.Win32.AMN auf PCWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.10.2012, 07:51
| #1 |
 |  Trojan.Win32.AMN auf PC Hallo Ihr klugen Köpfe, mein Antiviren-Programm zeigt mir einen Trojan.Win32.AMN sowie fünf weitere gefährliche Erscheinungen mit einem hohen Risikolevel an. Auf Anraten des Antivviren-Programms habe ich alles sofort in Quarantäne verschoben und erbitte jetzt Eure Hilfe, um die Dinger wieder loszuwerden. Auffällige Beeinträchtigungen zeigt der Computer nicht, könnte sein, dass er etwas langsamer läuft als üblich. Ich poste die geforderten Dateien sowie den letzten Bericht von Emsisoft. Vielen Dank schonmal für Eure Hilfe. Claudia PS: Darf ich den (defogger) Re-enable - Button mittlerweile drücken oder noch nicht?OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.10.2012 07:19:49 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,86 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 61,80% Memory free 3,71 Gb Paging File | 2,50 Gb Available in Paging File | 67,45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 229,91 Gb Total Space | 114,55 Gb Free Space | 49,82% Space Free | Partition Type: NTFS Drive D: | 68,18 Gb Total Space | 26,91 Gb Free Space | 39,46% Space Free | Partition Type: NTFS Computer Name: CLAUDIA-PC | User Name: Claudia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.14 07:18:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe PRC - [2012.10.07 21:25:36 | 003,084,176 | ---- | M] (Emsisoft GmbH) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe PRC - [2012.09.19 06:25:37 | 003,363,240 | ---- | M] (Emsisoft GmbH) -- C:\Programme\Emsisoft Anti-Malware\a2guard.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.02.10 15:32:56 | 000,208,472 | ---- | M] (Emsi Software GmbH) -- C:\Programme\Online Armor\oacat.exe PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.08.11 20:46:34 | 001,597,440 | ---- | M] () -- C:\Programme\asus\Wireless Console 3\wcourier.exe PRC - [2010.05.21 00:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.21 00:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe ========== Modules (No Company Name) ========== MOD - [2010.08.11 20:46:34 | 001,597,440 | ---- | M] () -- C:\Programme\asus\Wireless Console 3\wcourier.exe MOD - [2010.05.04 16:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - [2012.10.12 07:36:06 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.07 21:25:36 | 003,084,176 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Programme\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2012.09.07 02:01:21 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.02.10 15:33:00 | 004,369,208 | ---- | M] (Emsi Software GmbH) [On_Demand | Stopped] -- C:\Programme\Online Armor\oasrv.exe -- (SvcOnlineArmor) SRV - [2012.02.10 15:32:56 | 000,208,472 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Programme\Online Armor\oacat.exe -- (OAcat) SRV - [2011.05.13 15:27:02 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.09.22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - [2012.06.18 19:32:52 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Running] -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc) DRV - [2012.06.18 19:32:51 | 000,037,856 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver) DRV - [2012.02.10 15:33:38 | 000,042,152 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\oahlp32.sys -- (oahlpXX) DRV - [2012.02.10 15:33:14 | 000,029,312 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OAnet.sys -- (OAnet) DRV - [2012.02.10 15:33:14 | 000,025,192 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\System32\drivers\OAmon.sys -- (OAmon) DRV - [2012.02.10 15:33:12 | 000,205,864 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\OADriver.sys -- (OADevice) DRV - [2011.05.19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.05.05 09:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2util32.sys -- (a2util) DRV - [2009.10.05 17:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.09.17 20:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) DRV - [2007.07.31 03:39:00 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 4C A1 72 5B 9C CC 01 [binary data] IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{945BA5EF-4688-49A0-9499-452A8DC3725F}: "URL" = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..CT2319825.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?SSPV=FFSB10&ctid=CT2319825&SearchSource=13" FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3 FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10 FF - prefs.js..extensions.enabledAddons: {40c3cc16-7269-4b32-9531-17f2950fb06f}:10.10.27.6 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.2.3 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {b106b661-3e1b-4015-af5c-195e909f35c6}:3.10.0.1 FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0 FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.2.0.2 FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.5.3 FF - prefs.js..extensions.enabledItems: {1266764D-FC4F-4FA7-B63B-884D53B1680F}:3.6.5 FF - prefs.js..extensions.enabledItems: adapter@babylontc.com:1.0.0.1 FF - prefs.js..extensions.enabledItems: ocr@babylon.com:1.0 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "hxxp://g.live.com/1rewlive4startup/home" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 02:01:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.07 02:01:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.27 23:31:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.01.14 16:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\Extensions [2011.01.14 16:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.08.28 09:35:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\di1k0jef.default\extensions [2012.08.28 09:35:21 | 000,000,000 | ---D | M] (Winload) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\di1k0jef.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2011.02.18 10:23:14 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\di1k0jef.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.08.22 22:16:02 | 000,000,000 | ---D | M] (NCH DE Community Toolbar) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\di1k0jef.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6} [2011.10.09 10:21:30 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\di1k0jef.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2012.03.09 18:14:13 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\di1k0jef.default\extensions\youtube2mp3@mondayx.de [2012.08.19 22:47:16 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\firefox\profiles\di1k0jef.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.04.18 23:40:45 | 000,001,832 | ---- | M] () -- C:\Users\Claudia\AppData\Roaming\mozilla\firefox\profiles\di1k0jef.default\searchplugins\bing.xml [2012.05.25 23:25:55 | 000,000,939 | ---- | M] () -- C:\Users\Claudia\AppData\Roaming\mozilla\firefox\profiles\di1k0jef.default\searchplugins\conduit.xml [2011.10.09 10:21:19 | 000,003,915 | ---- | M] () -- C:\Users\Claudia\AppData\Roaming\mozilla\firefox\profiles\di1k0jef.default\searchplugins\sweetim.xml [2012.09.07 02:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.07 02:00:44 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2012.09.07 02:01:24 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.10 21:26:08 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.05.25 22:59:00 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll [2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.05 21:49:15 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = c:\program files\google\chrome\application\17.0.963.78\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = c:\program files\google\chrome\application\17.0.963.78\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = c:\program files\google\chrome\application\17.0.963.78\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.1_0\BabylonChromePI.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: PriceGong = C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.5.3_0\ CHR - Extension: YouTube = C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: DealPly = C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\ CHR - Extension: Google Mail = C:\Users\Claudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2012.03.09 18:10:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found. O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH) O4 - HKLM..\Run: [Wireless Console 3] C:\Programme\asus\Wireless Console 3\wcourier.exe () O4 - Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\Claudia\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EA25103-661B-461F-9C6E-9B3765699E99}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Programme\Online Armor\oaevent.dll (Emsi Software GmbH) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.12 07:07:23 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Local\Macromedia [2012.10.02 00:56:09 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Documents\FFOutput [2012.10.02 00:55:49 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory [2012.10.02 00:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\FreeTime [2012.10.02 00:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs [2012.10.02 00:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite [2012.09.28 14:04:16 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Desktop\Batman [2012.09.24 21:19:51 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Desktop\syd [2012.09.23 00:19:15 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Local\{8B0B796D-C974-43B2-8CB5-F8C5475ECB25} [2012.09.18 22:42:10 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Desktop\Spiderman [2012.09.17 08:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.09.17 08:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.09.14 13:43:04 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Local\{EA64B8D2-54DD-48F1-BB7C-4A96CB2E2D1D} [2012.09.14 09:49:56 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Desktop\Neuer Ordner [2011.05.20 09:31:06 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Claudia\AppData\Roaming\pcouffin.sys ========== Files - Modified Within 30 Days ========== [2012.10.14 07:16:25 | 000,000,000 | ---- | M] () -- C:\Users\Claudia\defogger_reenable [2012.10.14 07:12:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.14 07:11:58 | 000,013,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.14 07:11:58 | 000,013,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.14 07:11:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.13 19:18:20 | 1494,515,712 | -HS- | M] () -- C:\hiberfil.sys [2012.10.10 08:34:45 | 007,883,983 | ---- | M] () -- C:\Users\Claudia\Desktop\03 - Ten O'Clock Postman.mp3 [2012.10.10 08:34:26 | 000,032,805 | -HS- | M] () -- C:\Users\Claudia\Desktop\Folder.jpg [2012.10.10 08:34:26 | 000,032,805 | -HS- | M] () -- C:\Users\Claudia\Desktop\AlbumArt_{9A21D9E6-5142-4BCD-9779-5D2CA62D4119}_Large.jpg [2012.10.10 08:34:26 | 000,007,196 | -HS- | M] () -- C:\Users\Claudia\Desktop\AlbumArt_{9A21D9E6-5142-4BCD-9779-5D2CA62D4119}_Small.jpg [2012.10.10 08:34:18 | 000,007,196 | -HS- | M] () -- C:\Users\Claudia\Desktop\AlbumArtSmall.jpg [2012.10.08 20:56:49 | 007,170,319 | ---- | M] () -- C:\Users\Claudia\Desktop\01 - Follow Me.mp3 [2012.10.04 21:39:16 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.04 21:39:16 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.04 21:39:16 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.04 21:39:16 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.02 00:51:22 | 038,755,276 | ---- | M] () -- C:\Users\Claudia\Desktop\FFSetup296.zip [2012.09.18 18:29:12 | 000,041,340 | ---- | M] () -- C:\Users\Claudia\Desktop\BA.Zimper.pdf [2012.09.17 08:32:51 | 000,001,264 | ---- | M] () -- C:\Users\Claudia\Desktop\Free YouTube Download.lnk ========== Files Created - No Company Name ========== [2012.10.14 07:16:25 | 000,000,000 | ---- | C] () -- C:\Users\Claudia\defogger_reenable [2012.10.12 07:04:31 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.10 08:34:26 | 000,032,805 | -HS- | C] () -- C:\Users\Claudia\Desktop\AlbumArt_{9A21D9E6-5142-4BCD-9779-5D2CA62D4119}_Large.jpg [2012.10.10 08:34:26 | 000,007,196 | -HS- | C] () -- C:\Users\Claudia\Desktop\AlbumArt_{9A21D9E6-5142-4BCD-9779-5D2CA62D4119}_Small.jpg [2012.10.10 08:34:19 | 000,032,805 | -HS- | C] () -- C:\Users\Claudia\Desktop\Folder.jpg [2012.10.10 03:18:44 | 000,007,196 | -HS- | C] () -- C:\Users\Claudia\Desktop\AlbumArtSmall.jpg [2012.10.08 20:57:19 | 007,883,983 | ---- | C] () -- C:\Users\Claudia\Desktop\03 - Ten O'Clock Postman.mp3 [2012.10.08 20:57:15 | 007,170,319 | ---- | C] () -- C:\Users\Claudia\Desktop\01 - Follow Me.mp3 [2012.10.02 00:53:11 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Videodatei-Konverter.lnk [2012.10.02 00:50:06 | 038,755,276 | ---- | C] () -- C:\Users\Claudia\Desktop\FFSetup296.zip [2012.09.18 18:29:12 | 000,041,340 | ---- | C] () -- C:\Users\Claudia\Desktop\BA.Zimper.pdf [2012.05.25 22:50:50 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2012.05.25 22:50:46 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2012.05.25 22:50:41 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2012.05.25 22:50:41 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2012.05.25 22:50:39 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2012.03.13 12:58:01 | 000,205,864 | ---- | C] () -- C:\Windows\System32\drivers\OADriver.sys [2012.03.13 12:58:01 | 000,042,152 | ---- | C] () -- C:\Windows\System32\drivers\oahlp32.sys [2011.10.31 02:50:53 | 000,017,408 | ---- | C] () -- C:\Users\Claudia\AppData\Local\WebpageIcons.db [2011.09.11 22:39:36 | 000,006,144 | ---- | C] () -- C:\Users\Claudia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.04 10:48:28 | 000,000,275 | ---- | C] () -- C:\Users\Claudia\AppData\Local\HamsterVideoConverterSettings.cfg [2011.06.24 00:56:57 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.06.24 00:55:30 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.05.20 09:40:50 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011.05.20 09:31:06 | 000,007,887 | ---- | C] () -- C:\Users\Claudia\AppData\Roaming\pcouffin.cat [2011.05.20 09:31:06 | 000,001,144 | ---- | C] () -- C:\Users\Claudia\AppData\Roaming\pcouffin.inf [2011.01.28 12:18:45 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.01.14 00:17:34 | 000,000,033 | ---- | C] () -- C:\Windows\System32\VGAunistlog.ini ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.03.30 21:19:35 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Amazon [2012.03.25 21:51:31 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Audacity [2012.05.31 12:07:16 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Canneverbe Limited [2011.10.28 07:09:29 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Digiarty [2012.09.17 08:35:20 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\DVDVideoSoft [2012.08.20 12:37:38 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\DVDVideoSoftIEHelpers [2011.09.23 09:14:23 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\GHISLER [2012.05.26 08:14:52 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\loadtbs [2012.05.01 23:05:48 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\MAXQDA10 [2012.03.13 13:00:55 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\OnlineArmor [2012.09.17 08:30:26 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\OpenCandy [2011.01.06 22:59:53 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\OpenOffice.org [2012.03.07 20:31:39 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Opera [2012.03.02 11:06:56 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\TeamViewer [2011.01.14 16:05:12 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Thunderbird [2011.11.22 23:07:09 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\TuneUp Software [2012.03.10 22:08:36 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Vso [2011.08.16 20:48:04 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Xilisoft [2011.04.17 00:05:21 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\XMedia Recode ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:32EA0134 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.10.2012 07:19:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,86 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 61,80% Memory free
3,71 Gb Paging File | 2,50 Gb Available in Paging File | 67,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229,91 Gb Total Space | 114,55 Gb Free Space | 49,82% Space Free | Partition Type: NTFS
Drive D: | 68,18 Gb Total Space | 26,91 Gb Free Space | 39,46% Space Free | Partition Type: NTFS
Computer Name: CLAUDIA-PC | User Name: Claudia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0582EC68-AE5B-4C2B-9964-C1A97E09C62B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{05A79807-5F1D-48DE-ABFB-5AB77343F6A0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{064C5A27-D83D-4005-895E-170CCEE8890E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0983FDBE-CB33-4CBF-BF71-698F466FE150}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{09CE35D5-2A4E-4C0B-B209-6936030E5F7F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2C12A457-E690-4381-B221-4D05691C854F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{342770D3-4819-4385-94C5-D7BBB34B3236}" = rport=138 | protocol=17 | dir=out | app=system |
"{3C8B23FE-B766-4614-8CEB-25C7C74BB268}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4149D760-4E32-4F95-A6A4-BA7D39257B55}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{44F63212-AAA3-4C76-8709-16CBADDE5C16}" = lport=139 | protocol=6 | dir=in | app=system |
"{4D63C60F-8FF9-4A60-B3B9-D6A737BAEA87}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4E232B2D-FDE1-4AF4-8DD7-A6B03CDBA313}" = rport=137 | protocol=17 | dir=out | app=system |
"{540A8B58-ACA7-4DAE-86D1-F7D5D3A86A8E}" = rport=445 | protocol=6 | dir=out | app=system |
"{5E0CDA49-9116-4BB4-8030-1E5AD52F654A}" = rport=139 | protocol=6 | dir=out | app=system |
"{60A25F5C-793B-4ED8-981C-E8138473E32B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{64BA6F09-277A-481F-B0F2-14985224F5BB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6B78382E-20C1-4FDD-8EA8-AC1EA62BD832}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{713B3F43-BA88-4B91-B596-614EF50E9CC9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7E9D5BFE-AD0B-4462-BE45-1528B8317586}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8670B86A-47BE-4CFE-95DF-5322C7B688CB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{907B794A-C2FE-412E-B95C-7F0E38408640}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{961F6563-A62D-452D-8892-3C0CCE61E5A6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9E4855D9-878C-4438-92D2-C158BAEECF77}" = lport=445 | protocol=6 | dir=in | app=system |
"{A746C2F4-0D5E-47BE-A528-E9BFDC029EDA}" = lport=137 | protocol=17 | dir=in | app=system |
"{B3AE223D-5DCB-4560-952D-0A2AD26642E7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B93BD0B8-D0F9-4321-A962-DE2F59951987}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B991110E-3655-4FEC-8D12-63FC0BE253FC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C1D85B95-4D59-4E47-B6F8-2C67C1E3A452}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C7792345-41B0-43C4-AA34-03BB59843510}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D7E69AB4-1A52-4504-B8E0-D5D5ACC40694}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EBA70F70-EC25-40A2-B258-43860669B6C2}" = lport=138 | protocol=17 | dir=in | app=system |
"{FA8F36B5-8B53-4653-A3C0-2553D177244C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FE4EF88D-3A1F-4B97-8EC8-C285BBC31D88}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15FCD856-00AF-449C-86A0-A1CC3BA8A23D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{178E887D-601D-4B0D-B163-BAD55C85AA7C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{38DE018C-0F98-43ED-94D0-175D050C76B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{41111A26-DBD1-4917-8B29-FD780DFBD187}" = dir=in | app=c:\users\claudia\desktop\pcp_claro.exe |
"{4A0E466F-9B87-42E4-8062-22ABE1C40BC7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4CE8ED90-8C75-4F3E-98B2-FE6F16A4EB54}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{50CB4CBB-D9E9-4B89-9175-95A182B25C9B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{54496A3A-8A7D-4600-A406-8F636AD5E409}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5682CD53-B34D-4C44-93F8-45B9D26E7A6E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6A854A0C-AC1C-495A-97CF-8B84076E8CBC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6CE59296-310E-46A3-A5DF-3B008B1DF6D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{85DBDDF1-6FA1-4664-95B6-A43ECDD91847}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8A805266-6C2A-48D7-9E42-BC0AE4CD14C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8CB7A3B1-7721-4D0B-A243-44555B50D909}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8CE31D19-552F-466C-B898-6CEF13E8EC43}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9746A5CF-99BC-4E2F-8269-8A2D04997714}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{9E976134-A118-4FA6-906F-28A2992D8F6C}" = protocol=6 | dir=out | app=system |
"{A1E64016-1D11-4201-9F80-54E2B1EEF806}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BD516417-0ACA-45A8-A491-2409DF6D5D86}" = dir=out | app=c:\users\claudia\desktop\pcp_claro.exe |
"{BD8E3516-67F4-45FD-A754-D78673E37C25}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{C6502241-6E06-4EA6-8545-A17BA36B3994}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EE69B2CB-3871-4F3D-BE06-BFBCD2FE0EC1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{03EA3337-76B3-4715-A60E-0493F3E9D879}C:\program files\infogrames\monopoly\monopoly.exe" = protocol=6 | dir=in | app=c:\program files\infogrames\monopoly\monopoly.exe |
"TCP Query User{1FF403B9-93A7-400F-9754-1169129C018A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{6218BCB4-0236-463C-AC60-FD4D1C997984}C:\program files\infogrames\monopoly\monopoly.exe" = protocol=6 | dir=in | app=c:\program files\infogrames\monopoly\monopoly.exe |
"TCP Query User{64F3217C-A180-48F4-BA6A-4CD2D84A78AC}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{72EB55F8-CBE8-46F4-A4C9-EA5DF2D65ACF}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{CA338600-FBEC-472C-B7D3-CB5BBB92621A}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{354BB6F2-20D6-4048-93C8-5A7D428CB5FD}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{6AD7827B-D635-4725-AC3F-DDAC34E1B22F}C:\program files\infogrames\monopoly\monopoly.exe" = protocol=17 | dir=in | app=c:\program files\infogrames\monopoly\monopoly.exe |
"UDP Query User{766F276D-84FE-479C-B747-F76ECBAFF440}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{AB9FF257-B0DD-470B-88D9-A0A8F1B65B11}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{B16DBDF4-911B-420A-A6B0-AEAB9773ECCC}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{E6033685-CFDD-49FE-B0FD-69E260ED4D30}C:\program files\infogrames\monopoly\monopoly.exe" = protocol=17 | dir=in | app=c:\program files\infogrames\monopoly\monopoly.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1" = Hamster Free Video Convertor
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7E7EC5E-4349-4E40-B37C-4342188B86EC}" = Monopoly
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Audacity_is1" = Audacity 2.0
"CCleaner" = CCleaner
"DVDStyler_is1" = DVDStyler v2.0.1
"FormatFactory" = FormatFactory 2.96
"Free YouTube Download_is1" = Free YouTube Download version 3.1.36.916
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Full)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OnlineArmor_is1" = Online Armor 5.5
"Prism" = Prism Videodatei-Konverter
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.04.2012 06:06:33 | Computer Name = Claudia-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 26.05.2012 01:37:16 | Computer Name = Claudia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: dvd.exe, Version: 3.24.0.64, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003224d ID des fehlerhaften Prozesses:
0x12ec Startzeit der fehlerhaften Anwendung: 0x01cd3ab9a1b3cb0e Pfad der fehlerhaften
Anwendung: C:\Program Files\Video DVD Maker\dvd.exe Pfad des fehlerhaften Moduls:
C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: d99a5fa6-a6f4-11e1-8cef-cf2c703f9dee
Error - 29.06.2012 16:22:34 | Computer Name = Claudia-PC | Source = VSS | ID = 8194
Description =
Error - 11.07.2012 04:33:01 | Computer Name = Claudia-PC | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 6.0.310.5 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d50 Startzeit:
01cd54a7cfda9381 Endzeit: 1232 Anwendungspfad: C:\Program Files\Java\jre6\bin\javaw.exe
Berichts-ID:
Error - 11.07.2012 04:33:02 | Computer Name = Claudia-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: a78 Startzeit: 01cd54a7c949afde Endzeit: 2387 Anwendungspfad:
C:\Windows\Explorer.EXE Berichts-ID:
Error - 28.08.2012 00:55:25 | Computer Name = Claudia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514,
Zeitstempel: 0x4ce7a4a7 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e2111c0 Ausnahmecode: 0x0000046b Fehleroffset: 0x0000d36f ID des fehlerhaften
Prozesses: 0x9c4 Startzeit der fehlerhaften Anwendung: 0x01cd7fd6587eb8d5 Pfad der
fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 93dfca74-f0cc-11e1-8eec-c7432b21998c
Error - 03.09.2012 05:44:29 | Computer Name = Claudia-PC | Source = Application Hang | ID = 1002
Description = Programm wmplayer.exe, Version 12.0.7601.17514 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 14ac Startzeit: 01cd89b8685819ac Endzeit: 469 Anwendungspfad:
C:\Program Files\Windows Media Player\wmplayer.exe Berichts-ID: e91f6bc0-f5ab-11e1-ab2d-90a67e66945d
Error - 03.09.2012 05:45:08 | Computer Name = Claudia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514,
Zeitstempel: 0x4ce7a4a7 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e2111c0 Ausnahmecode: 0x0000046b Fehleroffset: 0x0000d36f ID des fehlerhaften
Prozesses: 0xf0c Startzeit der fehlerhaften Anwendung: 0x01cd84d9ce9a4ebf Pfad der
fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 0b874c37-f5ac-11e1-ab2d-90a67e66945d
Error - 17.09.2012 13:55:26 | Computer Name = Claudia-PC | Source = Application Hang | ID = 1002
Description = Programm FreeYTVDownloader.exe, Version 3.1.36.916 kann nicht mehr
unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 109c Startzeit: 01cd949e9818e341 Endzeit: 238 Anwendungspfad:
C:\Program Files\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe Berichts-ID:
bdbd99e9-00f0-11e2-b6e5-d685d42fa7e1
Error - 26.09.2012 07:48:23 | Computer Name = Claudia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: attw.exe, Version: 0.0.0.0, Zeitstempel:
0x4fd9922b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0040fda0 ID des fehlerhaften Prozesses:
0x89c Startzeit der fehlerhaften Anwendung: 0x01cd9bdcc2fcd5dc Pfad der fehlerhaften
Anwendung: C:\Users\Claudia\AppData\Local\Temp\attw.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 12cfded3-07d0-11e2-8d79-f2278a180593
[ System Events ]
Error - 13.10.2012 05:45:51 | Computer Name = Claudia-PC | Source = bowser | ID = 8003
Description =
Error - 13.10.2012 06:49:14 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 13.10.2012 06:49:14 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.
Error - 13.10.2012 06:51:57 | Computer Name = Claudia-PC | Source = bowser | ID = 8003
Description =
Error - 13.10.2012 09:25:12 | Computer Name = Claudia-PC | Source = bowser | ID = 8003
Description =
Error - 13.10.2012 13:01:59 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.
Error - 13.10.2012 13:18:29 | Computer Name = Claudia-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?13.?10.?2012 um 19:16:26 unerwartet heruntergefahren.
Error - 13.10.2012 16:30:03 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 14.10.2012 01:11:42 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.
Error - 14.10.2012 01:14:45 | Computer Name = Claudia-PC | Source = bowser | ID = 8003
Description =
< End of report >
defogger_disable by jpshortstuff (23.02.10.1) Log created at 07:17 on 14/10/2012 (Claudia) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Emsisoft Anti-Malware - Version 7.0 Letztes Update: 12.10.2012 07:05:26 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, D:\ Riskware-Erkennung: Aus Archiv Scan: An ADS Scan: An Dateitypen-Filter: Aus Erweitertes Caching: An Direkter Festplattenzugriff: Aus Scan Beginn: 12.10.2012 07:10:46 C:\Users\Claudia\AppData\Local\Mozilla\Firefox\Profiles\di1k0jef.default\Cache\C\83\B318Cd01 gefunden: Exploit.PDF-JS.GW (B) C:\Users\Claudia\AppData\Local\temp\attw.exe gefunden: Trojan.Downloader.Win32.Karagany.AMN (A) C:\Users\Claudia\AppData\Local\temp\jar_cache4514792908974574046.tmp gefunden: Exploit.Java.CVE (A) C:\Users\Claudia\AppData\Local\temp\KJCHLM gefunden: Exploit.Java.CVE (A) Gescannt 406422 Gefunden 4 Scan Ende: 12.10.2012 08:47:55 Scan Zeit: 1:37:09 C:\Users\Claudia\AppData\Local\temp\jar_cache4514792908974574046.tmp Quarantäne Exploit.Java.CVE (A) C:\Users\Claudia\AppData\Local\temp\KJCHLM Quarantäne Exploit.Java.CVE (A) C:\Users\Claudia\AppData\Local\temp\attw.exe Quarantäne Trojan.Downloader.Win32.Karagany.AMN (A) C:\Users\Claudia\AppData\Local\Mozilla\Firefox\Profiles\di1k0jef.default\Cache\C\83\B318Cd01 Quarantäne Exploit.PDF-JS.GW (B) Quarantäne 4 |
| Themen zu Trojan.Win32.AMN auf PC |
| 7-zip, antiviren-programm, bho, computer, dealply, desktop, einstellungen, error, exploit.java.cve, exploit.pdf-js.gw, fehler, festplatte, firefox, flash player, format, google, helper, jdownloader, logfile, mozilla, mp3, nodrives, ntdll.dll, object, online armor, plug-in, registry, rundll, scan, security, software, svchost.exe, traces, udp, windows |
Baum-Darstellung