Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Unbekannter Autostart

Unbekannter Autostart


Log-Analyse und Auswertung: Unbekannter Autostart

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 31.12.2010, 08:37   #1
WinstonWolf
 
Unbekannter Autostart - Standard

Unbekannter Autostart


Hallo,
Ich habe heute den Autostart meines System mittels CCleaner überprüft.
Folgender Autostart ist mir suspekt:
InnoSetupRegFile.0000000001 "C:\Windows\is-4EHDL.exe" /REG /REGSVRMODE
Eine Googlesuche blieb ergebnislos.
Vielleicht kennt ja jemand diese .exe?
Ich hatte bisher keinerlei Auffälligkeiten.
Betriebssystem ist Windows 7 64bit.Ich arbeite eigentlich ausschließlich im eingeschränkten Konto.

Hier noch doe Logs:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5426

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

31.12.2010 08:15:05
mbam-log-2010-12-31 (08-15-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 253955
Laufzeit: 17 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter
OTL logfile created on: 31.12.2010 08:18:25 - Run 1
OTL by OldTimer - Version 3.2.18.2     Folder = C:\Users\Michael&Diana\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 64,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 61,45 Gb Free Space | 62,99% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 87,90 Gb Free Space | 90,01% Space Free | Partition Type: NTFS
Drive E: | 270,45 Gb Total Space | 142,24 Gb Free Space | 52,59% Space Free | Partition Type: NTFS
 
Computer Name: HOMEOFFICE | User Name: Michael&Diana_2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Michael&Diana\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\WinTV\TVServer\CaptureGenUSB.exe (Hauppauge Computer Works)
PRC - C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Michael&Diana\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (HauppaugeTVServer) -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (cmuda3) -- C:\Windows\SysNative\drivers\cmudax3.sys (C-Media Inc)
DRV:64bit: - (hcw95rc) -- C:\Windows\SysNative\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hcw95bda) -- C:\Windows\SysNative\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV - (HWiNFO32) -- C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS (REALiX(tm))
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F4 52 D2 9F 36 A3 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 23:12:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 23:12:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.12.10 07:06:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.11.24 18:28:41 | 000,000,000 | ---D | M]
 
[2010.12.10 06:47:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael&Diana_2\AppData\Roaming\mozilla\Extensions
[2010.12.10 06:47:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael&Diana_2\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.12.13 19:08:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael&Diana_2\AppData\Roaming\mozilla\Firefox\Profiles\olsiznwm.default\extensions
[2010.12.13 19:08:05 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Michael&Diana_2\AppData\Roaming\mozilla\Firefox\Profiles\olsiznwm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.12.13 19:08:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.08.20 06:03:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.24 16:07:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [CmPCIaudio] C:\Windows\Syswow64\CMICNFG3.DLL (C-Media Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-4EHDL.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Michael&Diana_2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Michael&Diana_2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.28 07:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HWiNFO32
[2010.12.26 13:53:43 | 000,000,000 | ---D | C] -- C:\Users\Michael&Diana_2\AppData\Local\PokerStars.NET
[2010.12.26 13:53:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars.NET
[2010.12.24 07:52:05 | 000,000,000 | ---D | C] -- C:\Users\Michael&Diana_2\AppData\Roaming\Amazon
[2010.12.18 06:55:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2010.12.18 06:54:59 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client
[2010.12.18 06:54:51 | 000,374,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2010.12.15 07:10:12 | 000,000,000 | ---D | C] -- C:\Users\Michael&Diana_2\AppData\Local\ashampoo
[2010.12.15 06:45:43 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.12.15 06:45:43 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.12.15 06:45:43 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.12.15 06:45:43 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.12.15 06:45:38 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010.12.15 06:45:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.12.15 06:45:37 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010.12.15 06:45:37 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010.12.15 06:45:37 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.12.15 06:45:37 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.12.15 06:45:37 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.12.15 06:45:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.12.15 06:45:37 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010.12.15 06:45:37 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010.12.15 06:45:37 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010.12.15 06:45:37 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010.12.15 06:45:37 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.12.15 06:45:37 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.12.15 06:45:34 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2010.12.15 06:45:34 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2010.12.15 06:45:34 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2010.12.15 06:45:33 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2010.12.15 06:45:33 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2010.12.15 06:45:33 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2010.12.15 06:45:33 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2010.12.15 06:45:33 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2010.12.15 06:45:31 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2010.12.15 06:45:31 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2010.12.15 06:45:07 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2010.12.13 19:08:05 | 000,000,000 | ---D | C] -- C:\Users\Michael&Diana_2\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.12.13 19:08:02 | 000,000,000 | ---D | C] -- C:\Users\Michael&Diana_2\Documents\DVDVideoSoft
[2010.12.13 19:07:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2010.12.13 19:07:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2010.12.12 07:32:47 | 000,521,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2010.12.12 07:32:47 | 000,189,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2010.12.12 07:32:47 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2010.12.12 07:32:47 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2010.12.12 07:32:39 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2010.12.10 15:30:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VID_0E8F&PID_0003
[2010.12.10 15:30:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010.12.10 14:23:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010.12.10 14:23:12 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2010.12.10 14:23:12 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2010.12.10 14:23:12 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2010.12.10 14:23:12 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2010.12.10 14:23:12 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2010.12.10 14:23:12 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2010.12.10 14:23:12 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2010.12.10 14:23:12 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2010.12.10 14:23:11 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2010.12.10 14:23:11 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2010.12.10 14:23:11 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2010.12.10 14:23:11 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2010.12.10 14:23:11 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2010.12.10 14:23:11 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2010.12.10 14:23:10 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2010.12.10 14:23:10 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2010.12.10 14:23:10 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2010.12.10 14:23:10 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2010.12.10 14:23:10 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010.12.10 14:23:10 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2010.12.10 14:23:09 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2010.12.10 14:23:09 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010.12.10 14:23:09 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2010.12.10 14:23:09 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2010.12.10 14:23:09 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010.12.10 14:23:09 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2010.12.10 14:23:08 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2010.12.10 14:23:08 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010.12.10 14:23:08 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2010.12.10 14:23:08 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2010.12.10 14:23:07 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2010.12.10 14:23:07 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2010.12.10 14:23:07 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2010.12.10 14:23:07 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2010.12.10 14:23:07 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010.12.10 14:23:07 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010.12.10 14:23:07 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2010.12.10 14:23:07 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2010.12.10 14:23:06 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2010.12.10 14:23:06 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2010.12.10 14:23:06 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2010.12.10 14:23:06 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2010.12.10 14:23:05 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2010.12.10 14:23:05 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2010.12.10 14:23:05 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2010.12.10 14:23:05 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2010.12.10 14:23:05 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2010.12.10 14:23:05 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2010.12.10 14:23:05 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2010.12.10 14:23:05 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010.12.10 14:23:04 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2010.12.10 14:23:04 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2010.12.10 14:23:03 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2010.12.10 14:23:03 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010.12.10 14:23:03 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2010.12.10 14:23:03 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2010.12.10 14:23:03 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2010.12.10 14:23:03 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2010.12.10 14:23:03 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2010.12.10 14:23:03 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2010.12.10 14:23:03 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2010.12.10 14:23:03 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2010.12.10 14:23:02 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2010.12.10 14:23:02 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2010.12.10 14:23:02 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2010.12.10 14:23:02 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2010.12.10 14:23:02 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2010.12.10 14:23:02 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2010.12.10 14:23:02 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2010.12.10 14:23:02 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2010.12.10 14:23:01 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2010.12.10 14:23:01 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2010.12.10 14:23:01 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2010.12.10 14:23:01 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2010.12.10 14:23:01 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2010.12.10 14:23:01 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2010.12.10 14:23:00 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2010.12.10 14:23:00 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2010.12.10 14:23:00 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2010.12.10 14:23:00 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2010.12.10 14:23:00 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2010.12.10 14:23:00 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2010.12.10 14:22:59 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2010.12.10 14:22:59 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2010.12.10 14:22:59 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2010.12.10 14:22:59 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2010.12.10 14:22:59 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2010.12.10 14:22:59 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2010.12.10 14:22:59 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2010.12.10 14:22:59 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2010.12.10 14:22:58 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2010.12.10 14:22:58 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2010.12.10 14:22:58 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2010.12.10 14:22:58 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2010.12.10 14:22:57 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2010.12.10 14:22:57 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2010.12.10 14:22:57 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2010.12.10 14:22:57 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2010.12.10 14:22:57 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2010.12.10 14:22:57 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2010.12.10 14:22:57 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2010.12.10 14:22:57 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2010.12.10 14:22:56 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2010.12.10 14:22:56 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2010.12.10 14:22:56 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2010.12.10 14:22:56 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2010.12.10 14:22:55 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2010.12.10 14:22:55 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2010.12.10 14:22:55 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2010.12.10 14:22:55 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2010.12.10 14:22:55 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2010.12.10 14:22:55 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2010.12.10 14:22:54 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2010.12.10 14:22:54 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2010.12.10 14:22:53 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2010.12.10 14:22:53 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2010.12.10 14:22:53 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2010.12.10 14:22:53 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2010.12.10 14:22:53 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2010.12.10 14:22:53 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2010.12.10 14:22:52 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2010.12.10 14:22:52 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2010.12.10 14:22:52 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2010.12.10 14:22:52 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2010.12.10 14:22:52 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2010.12.10 14:22:52 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2010.12.10 14:22:52 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2010.12.10 14:22:52 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2010.12.10 14:22:52 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2010.12.10 14:22:52 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2010.12.10 14:22:51 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2010.12.10 14:22:51 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2010.12.10 14:22:51 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2010.12.10 14:22:51 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2010.12.10 14:22:51 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2010.12.10 14:22:51 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2010.12.10 14:22:51 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2010.12.10 14:22:51 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2010.12.10 14:22:50 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2010.12.10 14:22:50 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2010.12.10 14:22:49 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2010.12.10 14:22:49 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2010.12.10 14:22:49 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2010.12.10 14:22:49 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2010.12.10 14:22:48 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2010.12.10 14:22:48 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010.12.10 14:22:48 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2010.12.10 14:22:48 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2010.12.10 14:22:47 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2010.12.10 14:22:47 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2010.12.10 14:22:47 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2010.12.10 14:22:47 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2010.12.10 14:22:47 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2010.12.10 14:22:47 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2010.12.10 14:22:46 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2010.12.10 14:22:46 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2010.12.10 14:22:46 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2010.12.10 14:22:46 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2010.12.10 14:22:45 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2010.12.10 14:22:45 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2010.12.10 14:22:45 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2010.12.10 14:22:45 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2010.12.10 14:22:44 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2010.12.10 14:22:44 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2010.12.10 14:22:40 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2010.12.10 14:22:40 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2010.12.10 14:22:39 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2010.12.10 14:22:39 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2010.12.10 14:22:39 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2010.12.10 14:22:39 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2010.12.10 14:22:38 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2010.12.10 14:22:38 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2010.12.10 14:22:38 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2010.12.10 14:22:38 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2010.12.10 14:22:38 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2010.12.10 14:22:38 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2010.12.10 14:22:37 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2010.12.10 14:22:37 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2010.12.10 14:22:37 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2010.12.10 14:22:37 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2010.12.10 14:22:36 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2010.12.10 14:22:36 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2010.12.10 13:54:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010.12.10 13:54:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2010.12.10 13:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010.12.10 13:50:16 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\ATI Technologies
[2010.12.10 13:50:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2010.12.10 13:50:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI
[2010.12.10 13:49:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2010.12.10 13:48:16 | 000,000,000 | ---D | C] -- C:\ATI
[2010.12.10 06:46:58 | 000,000,000 | ---D | C] -- C:\Users\Michael&Diana_2\AppData\Roaming\Thunderbird
[2010.12.10 06:46:58 | 000,000,000 | ---D | C] -- C:\Users\Michael&Diana_2\AppData\Local\Thunderbird
[2010.12.07 17:56:15 | 000,000,000 | ---D | C] -- C:\Users\Michael&Diana_2\SecurityScans
[2010.12.07 17:55:57 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Baseline Security Analyzer 2
[2010.12.05 07:54:46 | 000,000,000 | ---D | C] -- C:\Programme\DIFX
[2010.12.05 07:53:58 | 000,000,000 | ---D | C] -- C:\Programme\ATI
[2010.12.05 07:53:18 | 000,000,000 | ---D | C] -- C:\Programme\ATI Technologies
[2010.12.05 07:51:27 | 000,000,000 | ---D | C] -- C:\Users\Michael&Diana_2\Desktop\win7-64bit
[2010.12.04 09:23:15 | 000,000,000 | ---D | C] -- C:\Users\Michael&Diana_2\AppData\Roaming\Macromedia
[2010.12.04 09:23:15 | 000,000,000 | ---D | C] -- C:\Users\Michael&Diana_2\AppData\Roaming\Adobe
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.31 07:41:44 | 000,014,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.31 07:41:44 | 000,014,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.31 07:38:47 | 001,505,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.12.31 07:38:47 | 000,656,028 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.12.31 07:38:47 | 000,617,910 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.12.31 07:38:47 | 000,130,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.12.31 07:38:47 | 000,107,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.12.31 07:34:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.31 07:34:27 | 3218,939,904 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.28 07:55:57 | 000,709,456 | ---- | M] () -- C:\Windows\is-4EHDL.exe
[2010.12.28 07:55:57 | 000,012,846 | ---- | M] () -- C:\Windows\is-4EHDL.msg
[2010.12.28 07:55:57 | 000,000,373 | ---- | M] () -- C:\Windows\is-4EHDL.lst
[2010.12.26 13:53:41 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.net.lnk
[2010.12.22 06:39:11 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.12.18 06:55:35 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2010.12.18 06:55:12 | 001,526,060 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.18 06:52:04 | 000,001,730 | ---- | M] () -- C:\Users\Michael&Diana_2\Documents\cc_20101218_065201.reg
[2010.12.15 06:50:05 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.12.13 19:08:12 | 000,001,239 | ---- | M] () -- C:\Users\Michael&Diana_2\Desktop\DVDVideoSoft Free Studio.lnk
[2010.12.13 19:07:50 | 000,001,398 | ---- | M] () -- C:\Users\Michael&Diana_2\Desktop\Free YouTube to MP3 Converter.lnk
[2010.12.12 07:32:41 | 000,521,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2010.12.12 07:32:41 | 000,189,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2010.12.12 07:32:41 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2010.12.12 07:32:41 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2010.12.10 14:02:27 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010.12.10 06:47:00 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
 
========== Files Created - No Company Name ==========
 
[2010.12.28 07:55:57 | 000,709,456 | ---- | C] () -- C:\Windows\is-4EHDL.exe
[2010.12.28 07:55:57 | 000,012,846 | ---- | C] () -- C:\Windows\is-4EHDL.msg
[2010.12.28 07:55:57 | 000,000,373 | ---- | C] () -- C:\Windows\is-4EHDL.lst
[2010.12.26 13:53:41 | 000,001,093 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.net.lnk
[2010.12.18 06:55:35 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2010.12.18 06:55:12 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.18 06:52:03 | 000,001,730 | ---- | C] () -- C:\Users\Michael&Diana_2\Documents\cc_20101218_065201.reg
[2010.12.13 19:08:04 | 000,001,239 | ---- | C] () -- C:\Users\Michael&Diana_2\Desktop\DVDVideoSoft Free Studio.lnk
[2010.12.13 19:07:50 | 000,001,398 | ---- | C] () -- C:\Users\Michael&Diana_2\Desktop\Free YouTube to MP3 Converter.lnk
[2010.12.10 13:54:34 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010.12.10 06:47:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.08.20 06:10:23 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.08.20 06:10:23 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.08.20 06:09:33 | 000,006,245 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2010.08.20 05:25:56 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP6.dll
[2010.08.20 05:25:56 | 000,000,188 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl
[2010.08.20 05:25:36 | 000,002,123 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg
[2010.08.20 05:25:36 | 000,000,621 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi
[2010.08.20 05:25:35 | 000,002,641 | ---- | C] () -- C:\Windows\cmudax3.ini
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
 
========== LOP Check ==========
 
[2010.12.24 07:52:05 | 000,000,000 | ---D | M] -- C:\Users\Michael&Diana_2\AppData\Roaming\Amazon
[2010.12.13 19:08:05 | 000,000,000 | ---D | M] -- C:\Users\Michael&Diana_2\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.12.10 06:46:59 | 000,000,000 | ---D | M] -- C:\Users\Michael&Diana_2\AppData\Roaming\Thunderbird
[2009.07.14 06:08:49 | 000,027,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Code:
ATTFilter
OTL Extras logfile created on: 31.12.2010 08:18:26 - Run 1
OTL by OldTimer - Version 3.2.18.2     Folder = C:\Users\Michael&Diana\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 64,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 61,45 Gb Free Space | 62,99% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 87,90 Gb Free Space | 90,01% Space Free | Partition Type: NTFS
Drive E: | 270,45 Gb Total Space | 142,24 Gb Free Space | 52,59% Space Free | Partition Type: NTFS
 
Computer Name: HOMEOFFICE | User Name: Michael&Diana_2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [hitmanpro] -- "C:\Program Files\Hitman Pro 3.5\HitmanPro35_x64.exe" "%1\" File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [hitmanpro] -- "C:\Program Files\Hitman Pro 3.5\HitmanPro35_x64.exe" "%1\"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C3441C-4FAF-48D3-A551-70DD6031734F}" = Microsoft Baseline Security Analyzer 2.2
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{AB3FDAEC-7702-3A47-655B-4A34714CBEFA}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBB03C04-9E78-6758-94C9-5D128401CFF8}" = WMV9/VC-1 Video Playback
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{E974638C-9F47-48C4-672C-B9C65F2BAD62}" = AMD Drag and Drop Transcoding
"{F3FEB53B-0BD3-F481-A8F9-51BA46466A6A}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCAB9F73-BF5D-4E3D-92E7-B0F35C568F20}" = Microsoft Security Client DE-DE Language Pack
"CCleaner" = CCleaner
"C-Media PCI Audio Driver" = Aureon 5.1 PCI
"HitmanPro35" = Hitman Pro 3.5
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0032D29F-7E8F-40E5-AD12-8857AAB0DBFF}" = Catalyst Control Center - Branding
"{034C3647-3240-B744-D10B-637197A1E5B1}" = Catalyst Control Center InstallProxy
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22
"{2C440596-FD75-9EA6-5472-B2EDBF5D222B}" = ccc-core-static
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{48CABD59-C04D-4AE0-AB05-331787E336E6}" = EMET
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56DD3770-2EF5-42D0-BA5A-A8135E9D4A9E}" = USB Dual Vibration PAD
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ACEE78A-537D-2857-1A64-72198BC4A67D}" = Catalyst Control Center Graphics Previews Vista
"{7CD82818-18F2-E4D5-A502-9D1F16C8DF9C}" = Catalyst Control Center Graphics Previews Common
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A76CFCA-4BEC-C88E-3A7B-7CD18E3B86EA}" = CCC Help English
"{BD60F72D-3F2F-4AE1-9C41-3CF75B2CA59A}" = DVR-Studio Pro 2
"AC3Filter_is1" = AC3Filter 1.63b
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10.0.7
"Ashampoo Photo Commander 8_is1" = Ashampoo Photo Commander 8.3.2
"DivX Setup.divx.com" = DivX-Setup
"Foxit Reader" = Foxit Reader
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.31
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"HWiNFO32_is1" = HWiNFO32 Version 3.65
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"PokerStars.net" = PokerStars.net
"SpeedFan" = SpeedFan (remove only)
"Steam App 50130" = Mafia II
"Uninstall_is1" = Uninstall 1.0.0.1
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 24.11.2010 08:51:02 | Computer Name = Homeoffice | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 24.11.2010 08:51:02 | Computer Name = Homeoffice | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 24.11.2010 08:51:02 | Computer Name = Homeoffice | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 24.11.2010 08:51:02 | Computer Name = Homeoffice | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 24.11.2010 08:51:02 | Computer Name = Homeoffice | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 24.11.2010 08:51:02 | Computer Name = Homeoffice | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 04.12.2010 14:01:40 | Computer Name = Homeoffice | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: apc.exe, Version: 1.0.0.0, Zeitstempel:
 0x4c7b8e87  Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7600.16385, Zeitstempel:
 0x4a5bda6f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000a082  ID des fehlerhaften Prozesses:
 0x660  Startzeit der fehlerhaften Anwendung: 0x01cb93dbd74363d2  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Ashampoo\Ashampoo Photo Commander 8\apc.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\msvcrt.dll  Berichtskennung: 8af0dd59-ffd0-11df-9da1-001fd05363e1
 
Error - 10.12.2010 08:49:54 | Computer Name = Homeoffice | Source = ATIeRecord | ID = 16389
Description = ATI EEU the creation of a class has failed
 
Error - 18.12.2010 17:40:49 | Computer Name = Homeoffice | Source = Application Hang | ID = 1002
Description = Programm burningstudio10.exe, Version 10.0.7.151 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 460    Startzeit: 01cb9ecfddb03d02    Endzeit: 19    Anwendungspfad: 
C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 10\burningstudio10.exe    Berichts-ID:
 7332f2cd-0aef-11e0-96f1-001fd05363e1  
 
Error - 24.12.2010 02:53:25 | Computer Name = Homeoffice | Source = EventSystem | ID = 4621
Description = 
 
[ System Events ]
Error - 23.12.2010 13:14:39 | Computer Name = Homeoffice | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.95.2476.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:
 %%852     Quellpfad: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%800     Aktualisierungstyp: %%803     Benutzer: Homeoffice\Michael&Diana_2     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.6402.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 23.12.2010 13:14:39 | Computer Name = Homeoffice | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.95.2476.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:
 %%852     Quellpfad: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%801     Aktualisierungstyp: %%803     Benutzer: Homeoffice\Michael&Diana_2     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.6402.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 23.12.2010 13:14:39 | Computer Name = Homeoffice | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.95.2476.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:
 %%852     Quellpfad: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%800     Aktualisierungstyp: %%803     Benutzer: Homeoffice\Michael&Diana_2     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.6402.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 23.12.2010 13:14:39 | Computer Name = Homeoffice | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.95.2476.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:
 %%852     Quellpfad: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%801     Aktualisierungstyp: %%803     Benutzer: Homeoffice\Michael&Diana_2     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.6402.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 23.12.2010 13:14:39 | Computer Name = Homeoffice | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.95.2476.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:
 %%852     Quellpfad: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%800     Aktualisierungstyp: %%803     Benutzer: Homeoffice\Michael&Diana_2     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.6402.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 23.12.2010 13:14:39 | Computer Name = Homeoffice | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.95.2476.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:
 %%852     Quellpfad: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%801     Aktualisierungstyp: %%803     Benutzer: Homeoffice\Michael&Diana_2     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.6402.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 24.12.2010 09:51:33 | Computer Name = Homeoffice | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?24.?12.?2010 um 14:23:04 unerwartet heruntergefahren.
 
Error - 28.12.2010 05:22:03 | Computer Name = Homeoffice | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 
0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 31.12.2010 02:32:30 | Computer Name = Homeoffice | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?31.?12.?2010 um 07:31:12 unerwartet heruntergefahren.
 
Error - 31.12.2010 02:34:31 | Computer Name = Homeoffice | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?31.?12.?2010 um 07:32:30 unerwartet heruntergefahren.
 
 
< End of report >
__________________
"Inter Arma Enim Silent Leges"

Alt 02.01.2011, 08:05   #2
WinstonWolf
 
Unbekannter Autostart - Standard

Unbekannter Autostart


Guten Morgen und ein frohes neues Jahr,

Ich habe besagte exe mal bei Anubis laufen lassen.
Vielleicht kann jemand was damit anfangen:

Code:
ATTFilter
                          ___                __    _                          
         +  /-            /   |  ____  __  __/ /_  (_)____       -\  +         
        /s  h-           / /| | / __ \/ / / / __ \/ / ___/       -h  s\        
        oh-:d/          / ___ |/ / / / /_/ / /_/ / (__  )        /d:-ho        
        shh+hy-        /_/  |_/_/ /_/\__,_/_.___/_/____/        -yh+hhs        
      -:+hhdhyys/-                                           -\syyhdhh+:-      
    -//////dhhhhhddhhyss-       Analysis Report       -ssyhhddhhhhhd\\\\\\-    
   /++/////oydddddhhyys/     ooooooooooooooooooooo     \syyhhdddddyo\\\\\++\   
 -+++///////odh/-                                             -+hdo\\\\\\\+++- 
 +++++++++//yy+/:                                             :\+yy\\+++++++++ 
/+soss+sys//yyo/os++o+:                                 :+o++so\oyy\\sys+ssos+\
+oyyyys++o/+yss/+/oyyyy:                               :yyyyo\+\ssy+\o++syyyyo+
+oyyyyyyso+os/o/+yyyyyy/                               \yyyyyy+\o\so+osyyyyyyo+


[#############################################################################]
    Analysis Report for c88c64609de58fa3d8637c4866c7c6bb
                   MD5: c88c64609de58fa3d8637c4866c7c6bb
[#############################################################################]

Summary: 
    - Performs Registry Activities:
        The executable reads and modifies registry values. It also creates and
        monitors registry keys.

[=============================================================================]
    Table of Contents
[=============================================================================]

- General information
- c88c64609d.exe
  a) Registry Activities
  b) File Activities
  c) Other Activities


[#############################################################################]
    1. General Information
[#############################################################################]
[=============================================================================]
    Information about Anubis' invocation
[=============================================================================]
        Time needed:        240 s
        Report created:     12/23/10, 22:52:16 UTC
        Termination reason: Timeout
        Program version:    1.74.3195


[#############################################################################]
    2. c88c64609d.exe
[#############################################################################]
[=============================================================================]
    General information about this executable
[=============================================================================]
        Analysis Reason: Primary Analysis Subject
        Filename:        c88c64609d.exe
        MD5:             c88c64609de58fa3d8637c4866c7c6bb
        SHA-1:           b1484070813fe2910385ab92167199d5784ea3ef
        File Size:       709456 Bytes
        Command Line:    "C:\c88c64609d.exe" 
        Process-status
        at analysis end: alive
        Exit Code:       0

[=============================================================================]
    Load-time Dlls
[=============================================================================]
        Module Name: [ C:\WINDOWS\system32\ntdll.dll ],
               Base Address: [0x7C900000 ], Size: [0x000AF000 ]
        Module Name: [ C:\WINDOWS\system32\kernel32.dll ],
               Base Address: [0x7C800000 ], Size: [0x000F6000 ]
        Module Name: [ C:\WINDOWS\system32\user32.dll ],
               Base Address: [0x7E410000 ], Size: [0x00091000 ]
        Module Name: [ C:\WINDOWS\system32\GDI32.dll ],
               Base Address: [0x77F10000 ], Size: [0x00049000 ]
        Module Name: [ C:\WINDOWS\system32\oleaut32.dll ],
               Base Address: [0x77120000 ], Size: [0x0008B000 ]
        Module Name: [ C:\WINDOWS\system32\ADVAPI32.dll ],
               Base Address: [0x77DD0000 ], Size: [0x0009B000 ]
        Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ],
               Base Address: [0x77E70000 ], Size: [0x00092000 ]
        Module Name: [ C:\WINDOWS\system32\Secur32.dll ],
               Base Address: [0x77FE0000 ], Size: [0x00011000 ]
        Module Name: [ C:\WINDOWS\system32\msvcrt.dll ],
               Base Address: [0x77C10000 ], Size: [0x00058000 ]
        Module Name: [ C:\WINDOWS\system32\ole32.dll ],
               Base Address: [0x774E0000 ], Size: [0x0013D000 ]
        Module Name: [ C:\WINDOWS\system32\mpr.dll ],
               Base Address: [0x71B20000 ], Size: [0x00012000 ]
        Module Name: [ C:\WINDOWS\system32\version.dll ],
               Base Address: [0x77C00000 ], Size: [0x00008000 ]
        Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ],
               Base Address: [0x773D0000 ], Size: [0x00103000 ]
        Module Name: [ C:\WINDOWS\system32\SHLWAPI.dll ],
               Base Address: [0x77F60000 ], Size: [0x00076000 ]
        Module Name: [ C:\WINDOWS\system32\shell32.dll ],
               Base Address: [0x7C9C0000 ], Size: [0x00817000 ]
        Module Name: [ C:\WINDOWS\system32\comdlg32.dll ],
               Base Address: [0x763B0000 ], Size: [0x00049000 ]

[=============================================================================]
    Run-time Dlls
[=============================================================================]
        Module Name: [ C:\WINDOWS\system32\uxtheme.dll ],
               Base Address: [0x5AD70000 ], Size: [0x00038000 ]
        Module Name: [ C:\WINDOWS\system32\MSCTF.dll ],
               Base Address: [0x74720000 ], Size: [0x0004C000 ]

[=============================================================================]
    2.a) c88c64609d.exe - Registry Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Registry Values Read:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Key: [ HKLM\SOFTWARE\Microsoft\CTF\SystemShared\ ], 
             Value Name: [ CUAS ], Value: [ 0 ], 1 time
        Key: [ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager ], 
             Value Name: [ CriticalSectionTimeout ], Value: [ 2592000 ], 1 time
        Key: [ HKLM\SYSTEM\Setup ], 
             Value Name: [ SystemSetupInProgress ], Value: [ 0 ], 1 time
        Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ], 
             Value Name: [ TransparentEnabled ], Value: [ 1 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ], 
             Value Name: [ Language Hotkey ], Value: [ 1 ], 2 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ], 
             Value Name: [ Layout Hotkey ], Value: [ 2 ], 2 times

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Monitored Registry Keys:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Key: [ HKLM\system\CurrentControlSet\control\NetworkProvider\HwOrder ], 
             Watch subtree: [ 0 ], Notify Filter: [ Value Change ], 1 time


[=============================================================================]
    2.b) c88c64609d.exe - File Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Files Read:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        File Name: [ C:\c88c64609d.exe ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Device Control Communication:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        File: [ \Device\KsecDD ], Control Code: [ 0x00390008 ], 8 times

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Memory Mapped Files:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        File Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ]
        File Name: [ C:\WINDOWS\WindowsShell.Manifest ]
        File Name: [ C:\WINDOWS\system32\MSCTF.dll ]
        File Name: [ C:\WINDOWS\system32\imm32.dll ]
        File Name: [ C:\WINDOWS\system32\netmsg.dll ]
        File Name: [ C:\WINDOWS\system32\rpcss.dll ]
        File Name: [ C:\WINDOWS\system32\shell32.dll ]
        File Name: [ C:\WINDOWS\system32\uxtheme.dll ]

[=============================================================================]
    2.c) c88c64609d.exe - Other Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Mutexes Created:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Mutex: [ CTF.Asm.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
        Mutex: [ CTF.Compart.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
        Mutex: [ CTF.LBES.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
        Mutex: [ CTF.Layouts.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
        Mutex: [ CTF.TMD.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
        Mutex: [ CTF.TimListCache.FMPDefaultS-1-5-21-842925246-1425521274-308236825-500MUTEX.DefaultS-1-5-21-842925246-1425521274-308236825-500 ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Windows SEH exceptions:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Description: [ Exception 0xeedface at 0x7c812aeb ], 1 time





[#############################################################################]
                       International Secure Systems Lab                        
                            http://www.iseclab.org                             

Vienna University of Technology     Eurecom France            UC Santa Barbara
http://www.tuwien.ac.at          http://www.eurecom.fr  http://www.cs.ucsb.edu

                          Contact: anubis@iseclab.org
__________________

__________________
Alt 02.01.2011, 10:36   #3
Larusso
/// Selecta Jahrusso
 
Unbekannter Autostart - Standard

Unbekannter Autostart


Hy,

Dieser Eintrag dient eigentlich nur dazu, falls Windows einen Neustart verlangt, nach dem Neustart noch anderes zu "installieren". Sollte für gewöhnlich danach weg sein.

Kommt dir folgendes bekannt vor ? Inno Setup
__________________
__________________
Alt 05.01.2011, 14:39   #4
Larusso
/// Selecta Jahrusso
 
Unbekannter Autostart - Standard

Unbekannter Autostart


Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie
Antwort

Themen zu Unbekannter Autostart
.dll, 64-bit, adobe, adobe flash player, autorun, c:\windows\system32\rundll32.exe, converter, error, escan, explorer, firefox, firefox.exe, flash player, format, hitman pro, home, home premium, ieframe.dll, install.exe, langs, location, logfile, microsoft security, mozilla, mozilla thunderbird, mp3, nvidia, oldtimer, otl.exe, plug-in, programdata, programme, realtek, registry, rundll, saver, scan, searchplugins, security, shell32.dll, shortcut, software, suspekt, system, syswow64, webcheck, windows


« Pc ist plötzlich langsam. | RegistryBooster meldet 818 Fehler. Wo sind sie? »


Ähnliche Themen: Unbekannter Autostart


  1. Autostart unter w8.1
    Alles rund um Windows - 26.11.2014 (4)
  2. Anwendung in den Autostart
    Alles rund um Mac OSX & Linux - 03.04.2014 (12)
  3. tbhcn.exe im Autostart
    Plagegeister aller Art und deren Bekämpfung - 15.08.2013 (13)
  4. Unbekannter Eintrag im Autostart
    Log-Analyse und Auswertung - 12.03.2013 (1)
  5. tcbhn im Autostart!
    Plagegeister aller Art und deren Bekämpfung - 06.03.2013 (58)
  6. runcft.ink im Autostart
    Plagegeister aller Art und deren Bekämpfung - 19.02.2013 (33)
  7. Autostart von eleet
    Plagegeister aller Art und deren Bekämpfung - 15.08.2009 (0)
  8. Autostart abstellen
    Alles rund um Windows - 12.03.2009 (8)
  9. Spyware im Autostart
    Plagegeister aller Art und deren Bekämpfung - 07.09.2008 (1)
  10. svchost.exe im autostart
    Plagegeister aller Art und deren Bekämpfung - 13.05.2007 (1)
  11. Winfixer2005ScannerInstallDE im Autostart
    Log-Analyse und Auswertung - 01.02.2007 (6)
  12. Kein Autostart
    Log-Analyse und Auswertung - 09.01.2007 (5)
  13. Systemkonfiguration und Autostart
    Alles rund um Windows - 06.08.2006 (2)
  14. Trojaner (?) im Autostart!!
    Plagegeister aller Art und deren Bekämpfung - 08.06.2006 (20)
  15. CD/DVD-Autostart abschalten?
    Alles rund um Windows - 27.04.2006 (4)
  16. Autostart geändert?
    Log-Analyse und Auswertung - 23.12.2005 (2)
  17. Autostart Ereignisse;
    Mülltonne - 10.09.2005 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Unbekannter Autostart - Hallo, Ich habe heute den Autostart meines System mittels CCleaner überprüft. Folgender Autostart ist mir suspekt: InnoSetupRegFile.0000000001 "C:\Windows\is-4EHDL.exe" /REG /REGSVRMODE Eine Googlesuche blieb ergebnislos. Vielleicht kennt ja jemand diese .exe? - Unbekannter Autostart...
Archiv
Du betrachtest: Unbekannter Autostart auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131