| |
| |||||||
Log-Analyse und Auswertung: C:\system32\winlogon.exe <-- nicht normal?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.12.2011, 22:09
| #1 |
| |  C:\system32\winlogon.exe <-- nicht normal? Hallo, Ich war letztens am Computer von einem Kumpel und habe den Ordner "C:\system32\winlogon.exe" gefunden. Das ist doch nicht normal oder? Normalerweiße ist der system32 ordner doch im Ordner Windows... Hier die zwei Scanlogs (er hat ein 64bit system): Code:
ATTFilter OTL logfile created on: 21.12.2011 21:51:37 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bennibaba\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,78 Gb Available Physical Memory | 69,43% Memory free 8,00 Gb Paging File | 6,61 Gb Available in Paging File | 82,70% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 58,50 Gb Total Space | 20,09 Gb Free Space | 34,34% Space Free | Partition Type: NTFS Drive D: | 311,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 239,49 Gb Total Space | 212,73 Gb Free Space | 88,83% Space Free | Partition Type: NTFS Drive H: | 1863,01 Gb Total Space | 910,00 Gb Free Space | 48,85% Space Free | Partition Type: NTFS Computer Name: BB-LI-W7 | User Name: Bennibaba | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.21 21:50:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bennibaba\Desktop\OTL.exe PRC - [2011.06.28 16:33:19 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.03 15:33:42 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.21 22:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2010.11.30 18:12:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.11 09:27:40 | 000,193,856 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe PRC - [2010.07.12 17:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2010.05.20 23:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.20 23:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe ========== Modules (No Company Name) ========== MOD - [2011.03.21 22:10:36 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.03.21 22:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.08.05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV:64bit: - [2011.08.05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm) SRV:64bit: - [2011.08.05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV:64bit: - [2010.09.29 02:51:08 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.06.28 16:33:19 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.03 15:33:42 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.20 12:53:19 | 000,047,208 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd) DRV:64bit: - [2011.10.11 22:08:31 | 000,508,472 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011.06.28 16:33:20 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.06.28 16:33:20 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.19 21:07:19 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.01.19 21:07:18 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.09.29 03:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.09.29 03:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.09.29 02:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.08.16 11:42:00 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 B4 55 70 FB 7F CB 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.1 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: refspoof@mozdev.org:0.9.5 FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.04.04 21:35:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.04.04 21:35:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.21 01:44:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.01.13 19:34:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bennibaba\AppData\Roaming\mozilla\Extensions [2011.12.18 15:11:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bennibaba\AppData\Roaming\mozilla\Firefox\Profiles\g1dldky4.default\extensions [2011.04.10 15:36:34 | 000,000,000 | ---D | M] (refspoof) -- C:\Users\Bennibaba\AppData\Roaming\mozilla\Firefox\Profiles\g1dldky4.default\extensions\refspoof@mozdev.org [2011.12.21 01:44:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions () (No name found) -- C:\USERS\BENNIBABA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G1DLDKY4.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI [2011.12.21 01:44:07 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.27 19:02:11 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.27 19:02:11 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.10.27 19:02:11 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.27 19:02:11 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.27 19:02:11 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.27 19:02:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.12.21 19:02:06 | 000,001,166 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: # Copyright (c) 1993-2009 Microsoft Corp. O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com O1 - Hosts: 127.0.0.1 orbitservice.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com O1 - Hosts: 127.0.0.1 psdto.com O1 - Hosts: 127.0.0.1 www.shapecollage.com O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [winlogon] C:\system32\winlogon.exe (Microsoft Corporation) O4 - Startup: C:\Users\Bennibaba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\Bennibaba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.161 83.169.184.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FE9C31D-8401-4CC4-8303-AAE6FADE0992}: DhcpNameServer = 83.169.184.161 83.169.184.225 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.11.17 01:01:57 | 000,000,131 | R--- | M] () - D:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{a3b8b5d0-6907-11e0-9549-0019dbf38d50}\Shell - "" = AutoRun O33 - MountPoints2\{a3b8b5d0-6907-11e0-9549-0019dbf38d50}\Shell\AutoRun\command - "" = G:\unlock.exe autoplay=true O33 - MountPoints2\{d40ab965-ebeb-11df-9e2c-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d40ab965-ebeb-11df-9e2c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2010.11.17 01:01:57 | 000,297,832 | R--- | M] (Hewlett-Packard Co.) O33 - MountPoints2\{e121ba44-ecf9-11df-bf0c-0019dbf38d50}\Shell - "" = AutoRun O33 - MountPoints2\{e121ba44-ecf9-11df-bf0c-0019dbf38d50}\Shell\AutoRun\command - "" = F:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (bootdelete) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.12.21 21:50:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Bennibaba\Desktop\OTL.exe [2011.12.21 21:38:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.12.21 21:31:04 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe [2011.12.21 21:16:34 | 007,514,432 | ---- | C] (SurfRight B.V.) -- C:\Users\Bennibaba\Desktop\HitmanPro35_x64.exe [2011.12.21 21:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro [2011.12.21 21:16:06 | 006,480,192 | ---- | C] (SurfRight B.V.) -- C:\Users\Bennibaba\Desktop\HitmanPro3.5.9.130.exe [2011.12.21 21:14:23 | 000,000,000 | -H-D | C] -- C:\$AVG [2011.12.21 20:14:51 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\AppData\Roaming\AVG10 [2011.12.21 20:13:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2011.12.21 20:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10 [2011.12.21 20:12:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG [2011.12.21 20:11:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2011.12.21 20:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2011.12.21 19:52:56 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\Desktop\AVG_upped_by_der_kara [2011.12.21 18:59:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shape Collage [2011.12.21 18:59:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shape Collage [2011.12.21 18:59:20 | 001,027,115 | ---- | C] (Shape Collage Inc.) -- C:\Users\Bennibaba\Desktop\ShapeCollage-2.5.3-Setup.exe [2011.12.21 18:30:09 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\Desktop\Neuer Ordner (2) [2011.12.21 02:01:05 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\AppData\Local\CrashRpt [2011.12.21 02:01:01 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin [2011.12.21 02:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\RapidSolution [2011.12.21 01:59:11 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\AppData\Local\RapidSolution [2011.12.21 01:54:39 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\Documents\TubeBox! [2011.12.21 01:54:39 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\AppData\Roaming\Jens Lorek [2011.12.21 01:54:29 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TubeBox! [2011.12.20 19:36:00 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\Desktop\Neuer Ordner [2011.12.20 18:12:23 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\Documents\Updater [2011.12.20 18:09:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF [2011.12.20 18:09:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared [2011.12.20 12:53:19 | 000,047,208 | ---- | C] (RapidSolution Software AG) -- C:\Windows\SysNative\drivers\tbhsd.sys [2011.12.20 01:51:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2011.12.20 01:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Postal 3 [2011.12.18 20:39:19 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard [2011.12.18 20:24:09 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\AppData\Roaming\HpUpdate [2011.12.18 20:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2011.12.18 20:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2011.12.18 20:23:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2011.12.18 20:22:52 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2011.12.18 20:22:04 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\AppData\Local\HP [2011.12.18 19:08:38 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\AppData\Roaming\PC Remote [2011.12.01 19:00:45 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\Documents\ANNO 2070 [2011.11.29 00:28:19 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\Documents\Assassin's Creed Revelations [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.21 21:51:28 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.21 21:51:28 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.21 21:50:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bennibaba\Desktop\OTL.exe [2011.12.21 21:48:16 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.21 21:48:16 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.21 21:48:16 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.21 21:48:16 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.21 21:48:16 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.21 21:43:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.21 21:43:50 | 3220,672,512 | -HS- | M] () -- C:\hiberfil.sys [2011.12.21 21:42:46 | 000,000,198 | ---- | M] () -- C:\Users\Bennibaba\defogger_reenable [2011.12.21 21:34:07 | 000,050,477 | ---- | M] () -- C:\Users\Bennibaba\Desktop\Defogger.exe [2011.12.21 21:31:33 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys [2011.12.21 21:31:04 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe [2011.12.21 21:31:04 | 000,005,944 | ---- | M] () -- C:\Windows\SysNative\bootdelete.lst [2011.12.21 21:16:41 | 007,514,432 | ---- | M] (SurfRight B.V.) -- C:\Users\Bennibaba\Desktop\HitmanPro35_x64.exe [2011.12.21 21:15:50 | 006,480,192 | ---- | M] (SurfRight B.V.) -- C:\Users\Bennibaba\Desktop\HitmanPro3.5.9.130.exe [2011.12.21 19:52:33 | 205,228,006 | ---- | M] () -- C:\Users\Bennibaba\Desktop\AVG_upped_by_der_kara.rar [2011.12.21 18:59:59 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\Shape Collage.lnk [2011.12.21 18:59:16 | 001,027,115 | ---- | M] (Shape Collage Inc.) -- C:\Users\Bennibaba\Desktop\ShapeCollage-2.5.3-Setup.exe [2011.12.21 10:01:54 | 004,850,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.12.21 02:07:55 | 012,167,023 | ---- | M] () -- C:\Users\Bennibaba\Desktop\3284_39.flv [2011.12.21 01:22:24 | 000,056,468 | ---- | M] () -- C:\Users\Bennibaba\Desktop\beer.jpg [2011.12.21 01:21:27 | 000,105,035 | ---- | M] () -- C:\Users\Bennibaba\Desktop\fire_penguin_disco_panda.jpg [2011.12.21 01:07:23 | 000,049,972 | ---- | M] () -- C:\Users\Bennibaba\Desktop\nintendo_bett.jpg [2011.12.21 00:58:56 | 000,070,593 | ---- | M] () -- C:\Users\Bennibaba\Desktop\Lese-Talent.jpg [2011.12.21 00:57:27 | 000,173,419 | ---- | M] () -- C:\Users\Bennibaba\Desktop\2_Baby-Igel.jpg [2011.12.21 00:55:47 | 000,038,127 | ---- | M] () -- C:\Users\Bennibaba\Desktop\3_Homer_Simpson-Zwickmuehle.jpg [2011.12.21 00:53:56 | 000,020,228 | ---- | M] () -- C:\Users\Bennibaba\Desktop\nicht_rauchen__ausser_wenn.jpg [2011.12.21 00:53:47 | 000,027,387 | ---- | M] () -- C:\Users\Bennibaba\Desktop\Knotensalat.jpg [2011.12.21 00:53:32 | 000,024,343 | ---- | M] () -- C:\Users\Bennibaba\Desktop\Kater.jpg [2011.12.21 00:53:11 | 000,041,906 | ---- | M] () -- C:\Users\Bennibaba\Desktop\Homer_und_die_Frauen.jpg [2011.12.21 00:46:34 | 000,070,170 | ---- | M] () -- C:\Users\Bennibaba\Desktop\Internet.jpg [2011.12.21 00:45:47 | 000,070,931 | ---- | M] () -- C:\Users\Bennibaba\Desktop\Nice_Underwear.jpg [2011.12.21 00:43:40 | 000,222,565 | ---- | M] () -- C:\Users\Bennibaba\Desktop\Facebook-Trolling.jpg [2011.12.20 20:13:20 | 001,678,095 | ---- | M] () -- C:\Users\Bennibaba\Desktop\karpfen gutschein.png [2011.12.20 20:13:17 | 000,000,132 | ---- | M] () -- C:\Users\Bennibaba\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.12.20 20:12:54 | 002,569,078 | ---- | M] () -- C:\Users\Bennibaba\Desktop\mum gutschein.png [2011.12.20 20:12:14 | 014,942,449 | ---- | M] () -- C:\Users\Bennibaba\Desktop\mum gutschein.psd [2011.12.20 19:17:02 | 009,618,471 | ---- | M] () -- C:\Users\Bennibaba\Desktop\karpfen gutschein.psd [2011.12.20 19:15:24 | 005,587,116 | ---- | M] () -- C:\Users\Bennibaba\Desktop\Unbenannt-1.psd [2011.12.20 19:00:09 | 000,641,101 | ---- | M] () -- C:\Users\Bennibaba\Desktop\49-Free-Cartoon-Cow-Clip-Art.jpg [2011.12.20 18:50:20 | 000,034,977 | ---- | M] () -- C:\Users\Bennibaba\Desktop\12P51.GIF [2011.12.20 18:46:03 | 003,077,074 | ---- | M] () -- C:\Users\Bennibaba\Desktop\motiv.psd [2011.12.20 18:18:39 | 000,909,705 | ---- | M] () -- C:\Users\Bennibaba\Desktop\5.bild.jpg [2011.12.20 18:09:46 | 000,001,385 | ---- | M] () -- C:\Users\Bennibaba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2011.12.20 12:53:19 | 000,047,208 | ---- | M] (RapidSolution Software AG) -- C:\Windows\SysNative\drivers\tbhsd.sys [2011.12.18 20:39:41 | 000,000,329 | ---- | M] () -- C:\Users\Bennibaba\Desktop\HP Druckerdiagnosetools.url [2011.12.18 20:23:38 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk [2011.12.18 20:23:37 | 000,002,224 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk [2011.12.18 20:23:37 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk [2011.12.18 20:23:37 | 000,001,224 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk [2011.12.13 18:19:57 | 000,000,679 | ---- | M] () -- C:\Users\Bennibaba\Desktop\UniZeuch.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.21 21:42:46 | 000,000,198 | ---- | C] () -- C:\Users\Bennibaba\defogger_reenable [2011.12.21 21:34:10 | 000,050,477 | ---- | C] () -- C:\Users\Bennibaba\Desktop\Defogger.exe [2011.12.21 21:31:04 | 000,005,944 | ---- | C] () -- C:\Windows\SysNative\bootdelete.lst [2011.12.21 21:18:38 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys [2011.12.21 19:51:44 | 205,228,006 | ---- | C] () -- C:\Users\Bennibaba\Desktop\AVG_upped_by_der_kara.rar [2011.12.21 18:59:59 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\Shape Collage.lnk [2011.12.21 02:06:19 | 012,167,023 | ---- | C] () -- C:\Users\Bennibaba\Desktop\3284_39.flv [2011.12.21 01:22:26 | 000,056,468 | ---- | C] () -- C:\Users\Bennibaba\Desktop\beer.jpg [2011.12.21 01:21:29 | 000,105,035 | ---- | C] () -- C:\Users\Bennibaba\Desktop\fire_penguin_disco_panda.jpg [2011.12.21 01:07:24 | 000,049,972 | ---- | C] () -- C:\Users\Bennibaba\Desktop\nintendo_bett.jpg [2011.12.21 00:58:58 | 000,070,593 | ---- | C] () -- C:\Users\Bennibaba\Desktop\Lese-Talent.jpg [2011.12.21 00:57:28 | 000,173,419 | ---- | C] () -- C:\Users\Bennibaba\Desktop\2_Baby-Igel.jpg [2011.12.21 00:55:48 | 000,038,127 | ---- | C] () -- C:\Users\Bennibaba\Desktop\3_Homer_Simpson-Zwickmuehle.jpg [2011.12.21 00:53:57 | 000,020,228 | ---- | C] () -- C:\Users\Bennibaba\Desktop\nicht_rauchen__ausser_wenn.jpg [2011.12.21 00:53:48 | 000,027,387 | ---- | C] () -- C:\Users\Bennibaba\Desktop\Knotensalat.jpg [2011.12.21 00:53:33 | 000,024,343 | ---- | C] () -- C:\Users\Bennibaba\Desktop\Kater.jpg [2011.12.21 00:53:12 | 000,041,906 | ---- | C] () -- C:\Users\Bennibaba\Desktop\Homer_und_die_Frauen.jpg [2011.12.21 00:46:36 | 000,070,170 | ---- | C] () -- C:\Users\Bennibaba\Desktop\Internet.jpg [2011.12.21 00:45:50 | 000,070,931 | ---- | C] () -- C:\Users\Bennibaba\Desktop\Nice_Underwear.jpg [2011.12.21 00:43:43 | 000,222,565 | ---- | C] () -- C:\Users\Bennibaba\Desktop\Facebook-Trolling.jpg [2011.12.20 20:13:15 | 001,678,095 | ---- | C] () -- C:\Users\Bennibaba\Desktop\karpfen gutschein.png [2011.12.20 20:12:35 | 002,569,078 | ---- | C] () -- C:\Users\Bennibaba\Desktop\mum gutschein.png [2011.12.20 20:12:12 | 014,942,449 | ---- | C] () -- C:\Users\Bennibaba\Desktop\mum gutschein.psd [2011.12.20 19:17:00 | 009,618,471 | ---- | C] () -- C:\Users\Bennibaba\Desktop\karpfen gutschein.psd [2011.12.20 19:02:05 | 005,587,116 | ---- | C] () -- C:\Users\Bennibaba\Desktop\Unbenannt-1.psd [2011.12.20 19:00:11 | 000,641,101 | ---- | C] () -- C:\Users\Bennibaba\Desktop\49-Free-Cartoon-Cow-Clip-Art.jpg [2011.12.20 18:50:23 | 000,034,977 | ---- | C] () -- C:\Users\Bennibaba\Desktop\12P51.GIF [2011.12.20 18:46:01 | 003,077,074 | ---- | C] () -- C:\Users\Bennibaba\Desktop\motiv.psd [2011.12.20 18:18:46 | 000,909,705 | ---- | C] () -- C:\Users\Bennibaba\Desktop\5.bild.jpg [2011.12.20 18:10:30 | 000,002,089 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk [2011.12.20 18:09:46 | 000,001,385 | ---- | C] () -- C:\Users\Bennibaba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2011.12.20 18:09:22 | 000,002,081 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk [2011.12.20 18:08:40 | 000,002,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk [2011.12.20 18:08:40 | 000,002,042 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk [2011.12.18 20:39:40 | 000,000,329 | ---- | C] () -- C:\Users\Bennibaba\Desktop\HP Druckerdiagnosetools.url [2011.12.18 20:24:20 | 000,000,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk [2011.12.18 20:23:38 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk [2011.12.18 20:23:37 | 000,002,224 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk [2011.12.18 20:23:37 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk [2011.12.18 20:23:37 | 000,001,224 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk [2011.12.13 18:19:57 | 000,000,679 | ---- | C] () -- C:\Users\Bennibaba\Desktop\UniZeuch.lnk [2011.12.12 22:06:40 | 000,432,674 | ---- | C] () -- C:\Users\Bennibaba\Desktop\1.jpg [2011.12.12 22:06:40 | 000,155,700 | ---- | C] () -- C:\Users\Bennibaba\Desktop\2.jpg [2011.10.08 20:47:20 | 000,017,434 | ---- | C] () -- C:\Windows\W2BNEUnin.dat [2011.04.28 15:47:45 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.25 18:11:52 | 000,000,132 | ---- | C] () -- C:\Users\Bennibaba\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.03.14 16:03:03 | 000,001,456 | ---- | C] () -- C:\Users\Bennibaba\AppData\Local\Adobe Für Web speichern 11.0 Prefs [2010.12.28 19:12:42 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010.12.28 19:12:42 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI [2010.11.09 11:28:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.06.15 23:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [1998.06.10 00:00:00 | 000,015,120 | ---- | C] () -- C:\Windows\SysWow64\REPUTIL.DLL ========== LOP Check ========== [2011.09.20 17:49:45 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\.minecraft [2011.12.21 20:14:51 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\AVG10 [2011.11.04 19:15:58 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\benibela [2011.10.03 20:40:53 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\casualArts [2011.12.18 15:08:04 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\ChromePlus [2011.10.04 10:28:16 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Command and Conquer 4 [2011.01.19 21:01:50 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\DAEMON Tools Lite [2011.11.29 00:27:10 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\DAEMON Tools Pro [2011.09.17 14:31:11 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Hoyle Blackjack [2011.09.17 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Hoyle Card Games [2011.09.17 14:24:15 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Hoyle FaceCreator [2011.05.01 12:07:59 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\ICQ [2011.12.21 01:54:39 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Jens Lorek [2011.02.22 23:55:10 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Kalypso Media [2010.11.12 17:57:52 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Miranda [2011.10.12 19:45:42 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Nokia [2010.11.09 14:30:45 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Notepad++ [2011.01.02 19:32:29 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\OpenOffice.org [2010.12.02 09:19:35 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Opera [2011.12.18 19:08:38 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\PC Remote [2011.10.12 19:44:27 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\PC Suite [2011.08.30 02:09:36 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\PunkBuster [2011.09.16 11:37:30 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Rovio [2011.02.23 19:06:03 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\TuneUp Software [2011.12.01 18:40:56 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Ubisoft [2011.10.27 18:33:44 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\xm1 [2011.02.02 18:21:24 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\{4916c8ce-b9e7-4e25-9a23-25493e41e04c} [2011.10.01 18:25:07 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.12.21 21:14:23 | 000,000,000 | -H-D | M] -- C:\$AVG [2010.11.09 11:33:30 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.11.09 13:07:44 | 000,000,000 | ---D | M] -- C:\ATI [2011.12.21 21:43:49 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.11.09 11:32:57 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.11.29 18:27:20 | 000,000,000 | ---D | M] -- C:\Downloads [2011.09.28 01:09:10 | 000,000,000 | ---D | M] -- C:\OutputFolder [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2010.12.23 18:26:21 | 000,000,000 | ---D | M] -- C:\Photoshop [2011.12.18 20:22:52 | 000,000,000 | R--D | M] -- C:\Program Files [2011.12.21 20:11:11 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.12.21 21:16:22 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.11.09 11:32:57 | 000,000,000 | -HSD | M] -- C:\Programme [2010.11.09 11:32:58 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.12.21 21:53:17 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.01.02 19:17:41 | 000,000,000 | -H-D | M] -- C:\system32 [2010.11.09 11:33:07 | 000,000,000 | R--D | M] -- C:\Users [2011.12.20 01:51:05 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: AFD.SYS > [2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys [2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys [2010.11.20 10:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys [2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\SysNative\drivers\afd.sys [2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys [2011.04.25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys [2011.04.25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.06.10 22:23:22 | 001,169,224 | -H-- | M] (Microsoft Corporation) MD5=AEEC0405A1C587562275AB20CC6E3521 -- C:\system32\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.12.2011 21:51:37 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bennibaba\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,78 Gb Available Physical Memory | 69,43% Memory free
8,00 Gb Paging File | 6,61 Gb Available in Paging File | 82,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,50 Gb Total Space | 20,09 Gb Free Space | 34,34% Space Free | Partition Type: NTFS
Drive D: | 311,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 239,49 Gb Total Space | 212,73 Gb Free Space | 88,83% Space Free | Partition Type: NTFS
Drive H: | 1863,01 Gb Total Space | 910,00 Gb Free Space | 48,85% Space Free | Partition Type: NTFS
Computer Name: BB-LI-W7 | User Name: Bennibaba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromePlusHTML] -- C:\Users\Bennibaba\AppData\Roaming\ChromePlus\chrome.exe (Maple Studio)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- E:\Neuer Ordner\Adobe Bridge CS5\Bridge.exe "%L"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- E:\Neuer Ordner\Adobe Bridge CS5\Bridge.exe "%L"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.4.2499.0 x64
"{34BD24DF-3B6F-8661-D4F0-0EBCACA2C834}" = ccc-utility64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B0748C5-2E63-B954-8C3F-71918C599800}" = WMV9/VC-1 Video Playback
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23 (64-bit)
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable - x64 8.0.59192
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8FCBB6DA-069C-8D08-DD99-F0881B9EECC3}" = AMD Drag and Drop Transcoding
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CACBDC26-D504-49ED-3FEC-0CDDB3700240}" = ATI Catalyst Install Manager
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{E0FE1E14-3A7A-4DB0-9FFA-0DD945AE84DB}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}" = Paint.NET v3.5.5
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR
"Zune" = Zune
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1DE1B0F3-5897-4C66-BA18-F8A9E95FAE5C}" = ccc-core-static
"{1EE88B84-7BE5-4FB5-8DEA-B81D5409D62E}" = Opera 11.00
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 29
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D481F91-44BA-F0FE-CD07-8B3429A2A821}" = Catalyst Control Center Graphics Previews Common
"{543A0462-62A8-59CA-8EA7-B2173DA96DAC}" = CCC Help English
"{54A2CFDE-DC70-46E0-92AC-DC88F6303D39}" = Guitar Pro 4
"{5809A31C-32FB-35CA-E1D2-0B898119E15F}" = Catalyst Control Center InstallProxy
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F868980-FF49-011B-2C95-409F199B9C19}" = Catalyst Control Center Graphics Previews Vista
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Hilfe
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX-Setup
"foobar2000" = foobar2000 v1.1.1
"Guitar Pro 5_is1" = Guitar Pro 5.2
"InstallShield_{E03B44A3-9237-4B55-B7A5-DB1DD46920D3}" = Wolfenstein(TM) 1.1 Patch
"Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 9.0 (x86 de)" = Mozilla Firefox 9.0 (x86 de)
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"ShapeCollage" = Shape Collage
"Texmaker" = Texmaker
"TexMakerX_is1" = TexMakerX 2.1
"VideoGet_is1" = Nuclear Coffee - VideoGet
"Visual Basic 6.0 Professional Edition (deu)" = Microsoft Visual Basic 6.0 Professional Edition (Deutsch)
"VLC media player" = VLC media player 1.1.4
"Warcraft II BNE" = Warcraft II BNE
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Winamp" = Winamp
"World of Warcraft" = World of Warcraft
"xp-AntiSpy" = xp-AntiSpy 3.97-9
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 18.12.2011 15:07:00 | Computer Name = BB-LI-W7 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 1.1.4.0, Zeitstempel:
0x4c76f9fe Name des fehlerhaften Moduls: vlc.exe, Version: 1.1.4.0, Zeitstempel:
0x4c76f9fe Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001749 ID des fehlerhaften Prozesses:
0x1050 Startzeit der fehlerhaften Anwendung: 0x01ccbdb8118a669d Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Pfad des fehlerhaften Moduls:
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Berichtskennung: 75fe3fee-29ab-11e1-b622-0019dbf38d50
Error - 18.12.2011 16:58:14 | Computer Name = BB-LI-W7 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 19.12.2011 21:23:16 | Computer Name = BB-LI-W7 | Source = Application Hang | ID = 1002
Description = Programm p3.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 12ec Startzeit:
01ccbeb490b3d8de Endzeit: 18 Anwendungspfad: H:\Games\Postal 3\game\p3.exe Berichts-ID:
Error - 20.12.2011 13:16:20 | Computer Name = BB-LI-W7 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Photoshop.exe, Version: 12.0.0.0,
Zeitstempel: 0x4bbc5b10 Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7c92c Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000105acb
ID
des fehlerhaften Prozesses: 0x1168 Startzeit der fehlerhaften Anwendung: 0x01ccbf3a9ef32ad4
Pfad
der fehlerhaften Anwendung: C:\Program Files\Adobe\PS CS5\Adobe Photoshop CS5 (64
Bit)\Photoshop.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\ole32.dll Berichtskennung:
5538fb81-2b2e-11e1-9720-0019dbf38d50
Error - 20.12.2011 13:16:23 | Computer Name = BB-LI-W7 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Photoshop.exe, Version: 12.0.0.0,
Zeitstempel: 0x4bbc5b10 Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7c92c Ausnahmecode: 0xc000041d Fehleroffset: 0x0000000000105acb
ID
des fehlerhaften Prozesses: 0x1168 Startzeit der fehlerhaften Anwendung: 0x01ccbf3a9ef32ad4
Pfad
der fehlerhaften Anwendung: C:\Program Files\Adobe\PS CS5\Adobe Photoshop CS5 (64
Bit)\Photoshop.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\ole32.dll Berichtskennung:
5730f091-2b2e-11e1-9720-0019dbf38d50
Error - 20.12.2011 13:45:48 | Computer Name = BB-LI-W7 | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 604 Startzeit: 01ccbf333e30e6b2 Endzeit: 45 Anwendungspfad:
C:\Windows\Explorer.EXE Berichts-ID: 717ce571-2b32-11e1-9720-0019dbf38d50
Error - 20.12.2011 14:36:44 | Computer Name = BB-LI-W7 | Source = Application Hang | ID = 1002
Description = Programm chrome.exe, Version 1.6.4.30 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 9bc Startzeit:
01ccbf33741da289 Endzeit: 113 Anwendungspfad: C:\Users\Bennibaba\AppData\Roaming\ChromePlus\chrome.exe
Berichts-ID:
8e81a357-2b39-11e1-9720-0019dbf38d50
Error - 20.12.2011 15:03:51 | Computer Name = BB-LI-W7 | Source = Application Hang | ID = 1002
Description = Programm explorer.exe, Version 6.1.7601.17567 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 132c Startzeit: 01ccbf3f35537b6c Endzeit: 73 Anwendungspfad:
C:\Windows\explorer.exe Berichts-ID: 58948426-2b3d-11e1-9720-0019dbf38d50
Error - 20.12.2011 21:05:13 | Computer Name = BB-LI-W7 | Source = Application Hang | ID = 1002
Description = Programm Audials.exe, Version 9.0.57909.900 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1960 Startzeit: 01ccbf7c434cd890 Endzeit: 42 Anwendungspfad:
C:\Program Files (x86)\Audials 9\Audials.exe Berichts-ID: d43017a1-2b6f-11e1-9720-0019dbf38d50
Error - 21.12.2011 13:59:03 | Computer Name = BB-LI-W7 | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 608 Startzeit: 01ccbffae5930ad0 Endzeit: 76 Anwendungspfad:
C:\Windows\Explorer.EXE Berichts-ID: 74be4ac5-2bfd-11e1-a325-0019dbf38d50
[ System Events ]
Error - 01.12.2011 20:49:22 | Computer Name = BB-LI-W7 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 01.12.2011 20:49:23 | Computer Name = BB-LI-W7 | Source = DCOM | ID = 10005
Description =
Error - 01.12.2011 20:49:23 | Computer Name = BB-LI-W7 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 02.12.2011 11:36:01 | Computer Name = BB-LI-W7 | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 04.12.2011 06:38:35 | Computer Name = BB-LI-W7 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 04.12.2011 06:38:36 | Computer Name = BB-LI-W7 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 04.12.2011 06:38:37 | Computer Name = BB-LI-W7 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 08.12.2011 16:26:05 | Computer Name = BB-LI-W7 | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 13.12.2011 16:39:03 | Computer Name = BB-LI-W7 | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 14.12.2011 12:55:02 | Computer Name = BB-LI-W7 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
< End of report >
Frohe Weihnachten schonmal |
|
21.12.2011, 22:24
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | C:\system32\winlogon.exe <-- nicht normal? Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
22.12.2011, 10:22
| #3 |
| | C:\system32\winlogon.exe <-- nicht normal?Code:
ATTFilter C:\Users\Bennibaba\AppData\Local\Temp\ICReinstall\cnet_powertab_zip.exe a variant of Win32/InstallCore.D application
Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 911122106
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
21.12.2011 23:46:16
mbam-log-2011-12-21 (23-46-16).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 331340
Laufzeit: 38 Minute(n), 23 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Trojan.Agent) -> Value: winlogon -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\program files (x86)\nuclear coffee\VideoGet\vg-patch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\bennibaba\downloads\windows loader\windows loader.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
c:\system32\winlogon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
|
|
22.12.2011, 14:00
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | C:\system32\winlogon.exe <-- nicht normal?Zitat:
 Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein! Und zur Neuinstallation nimmst du ein legales Windows und installierst von Original-DVD!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu C:\system32\winlogon.exe <-- nicht normal? |
| 64-bit, adobe, adobe flash player, antivir, autorun, avira, bho, browser, c:\windows\system32\rundll32.exe, computer, error, explorer, firefox, flash player, format, helper, install.exe, jdownloader, langs, logfile, nvidia, officejet, photoshop, plug-in, realtek, registry, required, richtlinie, rundll, schattenkopien, security, software, static, studio, suche, system, tubebox, visual studio, webcheck, winlogon.exe |
Linear-Darstellung
