| |
| |||||||
Log-Analyse und Auswertung: Exploit:JS/Blacole.HPWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
30.07.2012, 14:29
| #1 |
 |  Exploit:JS/Blacole.HP Hallo, ich hoffe das ich es nun richtig gemacht habe. OTL: Code:
ATTFilter OTL logfile created on: 29.07.2012 11:47:07 - Run 2 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\****\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,55 Gb Available Physical Memory | 82,10% Memory free 15,96 Gb Paging File | 14,46 Gb Available in Paging File | 90,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,75 Gb Total Space | 399,47 Gb Free Space | 85,77% Space Free | Partition Type: NTFS Computer Name: ****-PC | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (lxbc_device) -- C:\Windows\SysNative\lxbccoms.exe ( ) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (lxbc_device) -- C:\Windows\SysWOW64\lxbccoms.exe ( ) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\drivers\RtNdPt60.sys (Realtek ) DRV:64bit: - (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.2) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation) DRV:64bit: - (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.2) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation) DRV:64bit: - (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (irsir) -- C:\Windows\SysNative\drivers\irsir.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 43 09 C6 B5 12 17 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.10 13:55:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.19 22:18:45 | 000,000,000 | ---D | M] [2012.03.19 14:19:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2012.05.02 20:55:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\5gnh8x9j.default\extensions [2012.07.10 13:55:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{173B8E0F-E426-49EB-BBD8-55201AD9441D}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B205F2C6-102F-49AE-9C90-C73D4F4F90D3}: DhcpNameServer = 192.168.1.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.29 10:47:46 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes [2012.07.29 10:47:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.29 10:47:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.29 10:47:28 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.29 10:47:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.28 16:36:13 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2012.07.28 16:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.07.28 16:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.07.28 16:03:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.07.21 16:05:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.07.21 15:58:32 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012.07.21 15:58:32 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012.07.21 15:58:31 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012.07.19 18:16:21 | 000,962,612 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42d.dll [2012.07.19 18:16:21 | 000,434,252 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVCRTD.DLL [2012.07.18 21:28:33 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Quadra [2012.07.18 21:27:59 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Quadra [2012.07.18 21:27:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quadra [2012.07.18 21:27:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quadra [2012.07.18 19:29:51 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\TS3Client [2012.07.18 19:29:42 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2012.07.18 19:29:39 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\TeamSpeak 3 Client [2012.07.18 17:32:33 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.07.18 17:32:33 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.07.18 17:32:32 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.07.18 17:32:32 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.07.18 17:32:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.07.18 17:32:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.07.18 17:32:31 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.07.18 17:32:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.07.18 17:32:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.07.18 17:32:29 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.07.18 17:32:29 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.07.18 17:32:29 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.07.18 17:32:29 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.07.18 17:30:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.18 17:30:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.18 17:30:01 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.18 17:29:42 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.07.18 17:29:41 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.07.18 17:25:05 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\AMD [2012.07.18 17:24:49 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\ATI [2012.07.18 17:24:49 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\ATI [2012.07.18 17:24:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.07.18 17:18:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name [2012.07.18 17:17:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.07.18 17:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2012.07.18 17:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2012.07.18 17:17:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2012.07.18 17:17:19 | 000,114,704 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\AtihdW76.sys [2012.07.18 17:16:44 | 000,462,848 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll [2012.07.18 17:15:54 | 000,058,880 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll [2012.07.18 17:15:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2012.07.18 17:11:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS [2012.07.18 17:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS [2012.07.18 17:10:58 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.18 17:10:57 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.07.18 17:08:55 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll [2012.07.18 17:06:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2012.07.18 17:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2012.07.18 17:06:10 | 002,580,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2012.07.18 17:06:09 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2012.07.18 17:06:09 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll [2012.07.18 17:06:09 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2012.07.18 17:06:09 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2012.07.18 17:06:09 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2012.07.18 17:06:09 | 000,121,744 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll [2012.07.18 17:06:09 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll [2012.07.18 17:06:09 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll [2012.07.18 17:06:09 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2012.07.18 17:06:08 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2012.07.18 17:06:07 | 002,813,544 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2012.07.18 17:06:07 | 002,186,344 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2012.07.18 17:06:07 | 000,626,792 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2012.07.18 17:06:07 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2012.07.18 17:06:06 | 001,247,848 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll [2012.07.18 17:06:06 | 001,146,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2012.07.18 17:06:06 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2012.07.18 17:06:05 | 000,544,768 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat [2012.07.18 17:06:05 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2012.07.18 17:06:05 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2012.07.18 17:06:05 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2012.07.18 17:06:05 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2012.07.18 17:06:05 | 000,083,048 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll [2012.07.18 17:06:05 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2012.07.18 17:06:02 | 001,718,616 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll [2012.07.18 17:06:02 | 000,421,720 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll [2012.07.18 17:06:02 | 000,127,832 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll [2012.07.18 17:06:02 | 000,108,888 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll [2012.07.18 17:06:02 | 000,074,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll [2012.07.18 17:06:01 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2012.07.18 17:06:01 | 001,870,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll [2012.07.18 17:06:01 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll [2012.07.18 17:06:01 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll [2012.07.18 17:06:01 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2012.07.18 17:05:56 | 001,937,312 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2012.07.18 17:05:55 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2012.07.18 17:05:55 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2012.07.18 17:05:55 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll [2012.07.18 17:05:55 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2012.07.18 17:05:54 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2012.07.18 17:05:54 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2012.07.18 17:05:54 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2012.07.18 17:05:54 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2012.07.18 17:05:54 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2012.07.18 17:05:54 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2012.07.18 17:05:54 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2012.07.18 17:05:54 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll [2012.07.18 17:05:53 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll [2012.07.18 17:05:53 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll [2012.07.18 17:05:19 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2012.07.18 17:05:17 | 001,251,944 | R--- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2012.07.18 17:05:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2012.07.18 17:04:23 | 000,016,440 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\drivers\AtiPcie.sys [2012.07.18 17:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2012.07.18 17:03:17 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2012.07.18 17:01:36 | 000,048,416 | R--- | C] (Realtek Corporation) -- C:\Windows\SysNative\drivers\RtTeam60.sys [2012.07.18 17:01:30 | 000,029,472 | R--- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\RtVlan60.sys [2012.07.18 17:01:23 | 000,032,544 | R--- | C] (Realtek ) -- C:\Windows\SysNative\drivers\RtNdPt60.sys [2012.07.18 17:01:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2012.07.18 17:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek [2012.07.10 13:55:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.07.10 13:55:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service ========== Files - Modified Within 30 Days ========== [2012.07.29 11:29:23 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.29 11:29:23 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.29 11:22:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.29 11:21:56 | 2133,417,983 | -HS- | M] () -- C:\hiberfil.sys [2012.07.28 16:41:40 | 001,505,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.28 16:41:40 | 000,656,028 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.28 16:41:40 | 000,617,910 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.28 16:41:40 | 000,130,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.28 16:41:40 | 000,107,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.28 16:36:17 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2012.07.19 15:34:08 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.07.19 15:34:08 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.07.18 19:29:42 | 000,001,207 | ---- | M] () -- C:\Users\****\Desktop\TeamSpeak 3 Client.lnk [2012.07.18 17:55:47 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.18 17:11:30 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini [2012.07.18 16:59:55 | 000,031,754 | ---- | M] () -- C:\Windows\Ascd_tmp.ini [2012.07.07 16:40:48 | 003,989,338 | ---- | M] () -- C:\Users\****\Desktop\VW-T1-Samba-560x373-1e6abec257387f9d.psd [2012.07.05 21:57:47 | 000,074,708 | ---- | M] () -- C:\Users\****\Desktop\küche.png [2012.07.05 21:20:10 | 000,053,372 | ---- | M] () -- C:\Users\****\Desktop\VW-T1-Samba-560x373-1e6abec257387f9d.jpg [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012.07.18 19:29:42 | 000,001,207 | ---- | C] () -- C:\Users\****\Desktop\TeamSpeak 3 Client.lnk [2012.07.18 17:16:45 | 000,032,635 | ---- | C] () -- C:\Windows\atiogl.xml [2012.07.18 17:16:44 | 000,166,624 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb [2012.07.18 17:16:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.07.18 17:16:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat [2012.07.18 17:11:48 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2012.07.18 17:11:48 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2012.07.18 16:59:45 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.07.07 16:40:47 | 003,989,338 | ---- | C] () -- C:\Users\****\Desktop\VW-T1-Samba-560x373-1e6abec257387f9d.psd [2012.07.05 21:36:37 | 000,074,708 | ---- | C] () -- C:\Users\****\Desktop\küche.png [2012.07.05 21:20:05 | 000,053,372 | ---- | C] () -- C:\Users\****\Desktop\VW-T1-Samba-560x373-1e6abec257387f9d.jpg [2012.05.02 14:45:48 | 000,000,290 | ---- | C] () -- C:\Windows\Lexstat.ini [2012.05.02 14:44:28 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcinpa.dll [2012.05.02 14:44:28 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbciesc.dll [2012.05.02 14:44:28 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBCinst.dll [2012.05.02 14:44:27 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcpmui.dll [2012.05.02 14:44:27 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbcutil.dll [2012.05.02 14:44:26 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcserv.dll [2012.05.02 14:44:26 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcusb1.dll [2012.05.02 14:44:25 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbclmpm.dll [2012.05.02 14:44:25 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcppls.exe [2012.05.02 14:44:25 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcprox.dll [2012.05.02 14:44:25 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcpplc.dll [2012.05.02 14:44:24 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbchbn3.dll [2012.05.02 14:44:24 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcih.exe [2012.05.02 14:44:23 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccoms.exe [2012.05.02 14:44:23 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccomm.dll [2012.05.02 14:44:22 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccomc.dll [2012.05.02 14:44:21 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccfg.exe [2012.04.02 17:26:13 | 000,018,742 | ---- | C] () -- C:\Users\****\UStVA2011_IV._*****.elfo [2012.03.19 14:38:40 | 000,031,754 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.03.19 14:22:32 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.19 12:41:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll < End of report > Code:
ATTFilter OTL Extras logfile created on: 29.07.2012 11:47:07 - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 6,55 Gb Available Physical Memory | 82,10% Memory free
15,96 Gb Paging File | 14,46 Gb Available in Paging File | 90,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,75 Gb Total Space | 399,47 Gb Free Space | 85,77% Space Free | Partition Type: NTFS
Computer Name: ****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.hta [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.jse [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- Reg Error: Value error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0553DA67-8F2D-4E99-B6C3-FEBBC60436E6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4AC613DC-C6FA-435A-A839-CDC9A4B72A95}" = lport=445 | protocol=6 | dir=in | app=system |
"{4BD6FE31-A7E0-47EC-9CFB-C88176FA78F2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{510F404E-515A-42F2-9134-4BE015B9A8C2}" = rport=139 | protocol=6 | dir=out | app=system |
"{571E06BB-395E-440A-BDD3-F2638A85B423}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{635AF3E1-E3AC-4594-943D-D78C16D38860}" = lport=137 | protocol=17 | dir=in | app=system |
"{7F4E3C07-EADE-42D6-B7A5-452AD606470C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{92F9F3F2-3D76-4B0F-8D31-C6EB18D8CF9E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{96F10E80-BAD6-44BE-9598-31957E12ACF4}" = rport=445 | protocol=6 | dir=out | app=system |
"{976D54A7-355F-477D-A07B-B3F18F3EEC43}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A4624D59-AB62-4A27-99C6-0D6FD5559EF7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A5CF3C11-6B4E-432C-9FA3-2EB6AC0AACD0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A61D054B-2F81-4D65-8766-20026477C425}" = lport=138 | protocol=17 | dir=in | app=system |
"{AD1A3D31-76F2-4601-B67E-5A16E6BD2D9C}" = rport=138 | protocol=17 | dir=out | app=system |
"{AE3E9693-E74E-409E-B9BD-53EBDDCF9C99}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C998798A-8C67-4DFE-BA45-327C4018B47C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CD666DC7-8924-4E3F-B3E8-2BAF045AAA9B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D188E45D-EDFB-434B-A76E-0C3081D8128C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DA91B20C-5E46-46FD-B8FC-E9F264A9FA40}" = rport=137 | protocol=17 | dir=out | app=system |
"{EE60F08B-B070-4D62-B0E7-A350F508CC2E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F02D87FA-FDED-44AC-9D8F-1DECAB6553F7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FCEBF00E-40B2-4F4B-8BFB-C2715264FA0C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FF514549-54FD-46B5-9F30-3AE5A2B38477}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0068B66C-72F4-400B-9C51-30578CB67805}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1BDDEACC-3CB7-49EA-BFE5-547B6728C324}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1C0B29E4-7534-4245-AB16-59B502BD9F50}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{1D309F76-473D-478E-8E6A-C0B65F8FE8FC}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbcpswx.exe |
"{2FBAA758-3CC8-473F-ADA5-914DE5A5A484}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{36C29450-7CB0-4384-94EF-5A32FBA1B51C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{418D3882-18CF-4B4E-8A24-8FEE99341482}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{57B2A9A6-15DD-4BA0-851B-ACC97AF5D125}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5E2E3862-839B-4796-B612-9711AB722910}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbccoms.exe |
"{66680C28-BE9E-43D5-9596-55574CEC1E1C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6D786BD1-C774-4C98-AF27-5979D8057E3B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{753A816B-0239-455D-9A75-CBCB1F377750}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbcpswx.exe |
"{7566EC3B-A1D6-43AF-944B-237BC1F67DBB}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{85856365-FB41-45BF-B977-63B63FDDE763}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{88876301-BDBB-43D8-8E56-256EE10CD030}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8A0844A1-2E73-43E0-9637-0172A8963189}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8DFFF0BD-56F1-44B1-BDA9-D6623BB57972}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{94F5BF9A-ACB4-4FAC-B2F5-8B6986434718}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{968A251C-EBE0-4DAE-BAC6-23C5F2665272}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AEF6DBCD-C825-49B5-B330-41587358920D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B1F82DE1-DF5B-4AC1-B55B-ABEFEF630294}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbccoms.exe |
"{B6B9DA9B-1643-491C-A472-7846D893CECE}" = protocol=6 | dir=in | app=c:\windows\system32\lxbccoms.exe |
"{B8BF619B-7836-4708-8007-4356BC987AA5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BAD67134-5B68-4EB4-A5DE-0CA6DF2C27E8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C42BEACC-E2AE-4769-897A-F58D621193C8}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{D378834D-985D-4C1F-808D-1D34068CF14E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D95832C8-3BCC-45BD-8349-5AD26517E336}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{E80AEF1C-B7F6-4123-BA33-9DA491AF1AED}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EF2F591D-2866-40B4-BE9F-01898F1151C1}" = protocol=6 | dir=out | app=system |
"{F1C86BCB-37E9-41B9-A944-AA1EE158BC49}" = protocol=17 | dir=in | app=c:\windows\system32\lxbccoms.exe |
"{F7EDE496-FBFD-44C6-8E8E-EBBE2E618162}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{48E7774F-713E-4C0D-8880-AC7AD9B34981}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{57802DFD-3BD5-4E2F-9141-9E809CE23382}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"TCP Query User{7E05B24A-8D8C-4A46-A30F-F0050429150F}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{95443736-B9FB-415D-96A8-7715AD2AB4B8}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"TCP Query User{BC7BE830-AF38-4895-842C-6B3C3E370027}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"UDP Query User{03BA0E3F-AE55-4D4B-85A7-14C55C94D81B}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{0EB05A25-97CB-40B3-A195-6D80C29A9D57}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{79DA1376-D3E3-41CA-A711-6C2AE539B063}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{95424F0A-89BC-45B6-B43B-6059AE8438D4}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"UDP Query User{BB7AD8CD-E71A-41F3-8C30-061600B23B10}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1B7FF76E-10FF-6EC1-1289-E8089B6423CC}" = AMD Fuel
"{3FD3FC64-DA16-318E-DFD5-57466FF5FEB5}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7CAFBA1E-D090-3F1F-662D-9828FD4D8E4D}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{86E42509-8029-7678-F522-0636D80CD277}" = ATI AVIVO64 Codecs
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Lexmark Z500-Z600 Series" = Lexmark Z500-Z600 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"Speccy" = Speccy
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B7710D4-9D75-D5E5-4B6D-40F471E70398}" = HydraVision
"{50B93225-3F76-F555-27A2-A1EAEC83C527}" = Catalyst Control Center InstallProxy
"{57AC79C8-157E-403A-A8D0-DD74EF71BAE2}" = Catalyst Control Center - Branding
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{8334930A-9405-467B-9498-1EBC1878A09D}" = AMD VISION Engine Control Center
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8CC928F6-93A2-D49D-E253-532C2FF053A1}" = Catalyst Control Center Profiles Desktop
"{8CFF08EF-CDF7-C328-AD6B-10BD2E1D1D73}" = CCC Help German
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{90157C5D-D791-4D36-8C2B-7553DC01D601}" = ASUS VGA Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AF9CA86D-83FA-C143-F9C8-EAB535B8B78C}" = Catalyst Control Center Localization All
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{DADC7AB0-E554-4705-9F6A-83EA82ED708E}" = Realtek Ethernet Diagnostic Utility
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"ElsterFormular 13.1.1.8531u" = ElsterFormular
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"FileZilla Client" = FileZilla Client 3.3.5.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Quadra" = Quadra (remove only)
"Sweet Home 3D_is1" = Sweet Home 3D version 3.5
"Winamp" = Winamp
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.06.2012 14:12:19 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
Version: 11.3.300.257, Zeitstempel: 0x4fc82063 Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
Version: 11.3.300.257, Zeitstempel: 0x4fc821fc Ausnahmecode: 0xc0000005 Fehleroffset:
0x0016b4a9 ID des fehlerhaften Prozesses: 0xc90 Startzeit der fehlerhaften Anwendung:
0x01cd50a1fc7269d6 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
cdd471c3-bc95-11e1-9167-0019666430ae
Error - 26.06.2012 14:46:13 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
Version: 11.3.300.257, Zeitstempel: 0x4fc82063 Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
Version: 11.3.300.257, Zeitstempel: 0x4fc821fc Ausnahmecode: 0xc0000005 Fehleroffset:
0x000ccb60 ID des fehlerhaften Prozesses: 0x8f4 Startzeit der fehlerhaften Anwendung:
0x01cd53cbde7a5790 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
3377401c-bfbf-11e1-ba63-0019666430ae
Error - 27.06.2012 14:00:44 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
Version: 11.3.300.257, Zeitstempel: 0x4fc82063 Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
Version: 11.3.300.257, Zeitstempel: 0x4fc821fc Ausnahmecode: 0xc0000005 Fehleroffset:
0x000ccb60 ID des fehlerhaften Prozesses: 0x868 Startzeit der fehlerhaften Anwendung:
0x01cd548ebe803ebf Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
03563af3-c082-11e1-939f-0019666430ae
Error - 18.07.2012 09:58:00 | Computer Name = ****-PC | Source = ATIeRecord | ID = 16388
Description = ATI EEU Client event error
Error - 18.07.2012 10:01:12 | Computer Name = ****-PC | Source = ATIeRecord | ID = 16388
Description = ATI EEU Client event error
Error - 18.07.2012 10:02:10 | Computer Name = ****-PC | Source = RasClient | ID = 20227
Description =
Error - 18.07.2012 10:57:05 | Computer Name = ****-PC | Source = ATIeRecord | ID = 16388
Description = ATI EEU Client event error
Error - 21.07.2012 10:04:52 | Computer Name = ****-PC | Source = MsiInstaller | ID = 11720
Description =
Error - 21.07.2012 10:07:52 | Computer Name = ****-PC | Source = MsiInstaller | ID = 11720
Description =
Error - 28.07.2012 10:22:16 | Computer Name = ****-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
[ System Events ]
Error - 23.07.2012 14:34:49 | Computer Name = ****-PC | Source = DCOM | ID = 10010
Description =
Error - 24.07.2012 15:11:11 | Computer Name = ****-PC | Source = DCOM | ID = 10010
Description =
Error - 25.07.2012 17:12:18 | Computer Name = ****-PC | Source = DCOM | ID = 10010
Description =
Error - 26.07.2012 17:22:41 | Computer Name = ****-PC | Source = DCOM | ID = 10010
Description =
Error - 27.07.2012 15:38:36 | Computer Name = ****-PC | Source = DCOM | ID = 10010
Description =
Error - 28.07.2012 06:44:53 | Computer Name = ****-PC | Source = DCOM | ID = 10010
Description =
Error - 28.07.2012 09:37:34 | Computer Name = ****-PC | Source = DCOM | ID = 10010
Description =
Error - 28.07.2012 09:38:10 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7043
Description = Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines
Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error - 28.07.2012 09:38:42 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7043
Description = Der Dienst AMD FUEL Service konnte nach dem Empfang eines Preshutdown-Steuerelements
nicht richtig heruntergefahren werden.
Error - 29.07.2012 05:21:03 | Computer Name = ****-PC | Source = DCOM | ID = 10010
Description =
< End of report >
Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.29.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 **** :: ****-PC [Administrator] 29.07.2012 10:50:06 mbam-log-2012-07-29 (10-50-06).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 297022 Laufzeit: 28 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Kategorie: Exploit
Beschreibung: Dieses Programm ist gefährlich. Es nutzt die Sicherheitslücken eines Computers aus.
Empfohlene Aktion: Entfernen Sie diese Software unverzüglich.
Elemente:
file:C:\Users\****\AppData\Local\Mozilla\Firefox\Profiles\5gnh8x9j.default\Cache\C\7A\02AA9d01
|
|
| Themen zu Exploit:JS/Blacole.HP |
| entfern, exploit, gefunde, helfer, hoffe, liebe, lieben, malewarbytes, nicht sicher, not, scan, wirklich |
Hybrid-Darstellung
