Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: C:\system32\winlogon.exe <-- nicht normal?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 21.12.2011, 22:09   #1
bennibaba
 
C:\system32\winlogon.exe <-- nicht normal? - Standard

C:\system32\winlogon.exe <-- nicht normal?



Hallo,
Ich war letztens am Computer von einem Kumpel und habe den Ordner "C:\system32\winlogon.exe" gefunden. Das ist doch nicht normal oder? Normalerweiße ist der system32 ordner doch im Ordner Windows...

Hier die zwei Scanlogs (er hat ein 64bit system):

Code:
ATTFilter
OTL logfile created on: 21.12.2011 21:51:37 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Bennibaba\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,78 Gb Available Physical Memory | 69,43% Memory free
8,00 Gb Paging File | 6,61 Gb Available in Paging File | 82,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,50 Gb Total Space | 20,09 Gb Free Space | 34,34% Space Free | Partition Type: NTFS
Drive D: | 311,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 239,49 Gb Total Space | 212,73 Gb Free Space | 88,83% Space Free | Partition Type: NTFS
Drive H: | 1863,01 Gb Total Space | 910,00 Gb Free Space | 48,85% Space Free | Partition Type: NTFS
 
Computer Name: BB-LI-W7 | User Name: Bennibaba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.21 21:50:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bennibaba\Desktop\OTL.exe
PRC - [2011.06.28 16:33:19 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.03 15:33:42 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.21 22:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.11.30 18:12:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.11 09:27:40 | 000,193,856 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2010.07.12 17:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2010.05.20 23:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 23:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.03.21 22:10:36 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.03.21 22:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.08.05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011.08.05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011.08.05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010.09.29 02:51:08 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.06.28 16:33:19 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.03 15:33:42 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.20 12:53:19 | 000,047,208 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2011.10.11 22:08:31 | 000,508,472 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.06.28 16:33:20 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.28 16:33:20 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.19 21:07:19 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.01.19 21:07:18 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.09.29 03:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.09.29 03:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.09.29 02:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.08.16 11:42:00 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 B4 55 70 FB 7F CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: refspoof@mozdev.org:0.9.5
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.04.04 21:35:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.04.04 21:35:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.21 01:44:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.01.13 19:34:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bennibaba\AppData\Roaming\mozilla\Extensions
[2011.12.18 15:11:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bennibaba\AppData\Roaming\mozilla\Firefox\Profiles\g1dldky4.default\extensions
[2011.04.10 15:36:34 | 000,000,000 | ---D | M] (refspoof) -- C:\Users\Bennibaba\AppData\Roaming\mozilla\Firefox\Profiles\g1dldky4.default\extensions\refspoof@mozdev.org
[2011.12.21 01:44:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\BENNIBABA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G1DLDKY4.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011.12.21 01:44:07 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.27 19:02:11 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.27 19:02:11 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.27 19:02:11 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.27 19:02:11 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.27 19:02:11 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.27 19:02:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.12.21 19:02:06 | 000,001,166 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts:                             # Copyright (c) 1993-2009 Microsoft Corp.
O1 - Hosts: 127.0.0.1       static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1       ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1       onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1       orbitservice.ubi.com
O1 - Hosts: 127.0.0.1       ubisoft-orbit-savegames.s3.amazonaws.com
O1 - Hosts: 127.0.0.1		psdto.com
O1 - Hosts: 127.0.0.1 www.shapecollage.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [winlogon] C:\system32\winlogon.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Bennibaba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Bennibaba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.161 83.169.184.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FE9C31D-8401-4CC4-8303-AAE6FADE0992}: DhcpNameServer = 83.169.184.161 83.169.184.225
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.11.17 01:01:57 | 000,000,131 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{a3b8b5d0-6907-11e0-9549-0019dbf38d50}\Shell - "" = AutoRun
O33 - MountPoints2\{a3b8b5d0-6907-11e0-9549-0019dbf38d50}\Shell\AutoRun\command - "" = G:\unlock.exe autoplay=true
O33 - MountPoints2\{d40ab965-ebeb-11df-9e2c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d40ab965-ebeb-11df-9e2c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2010.11.17 01:01:57 | 000,297,832 | R--- | M] (Hewlett-Packard Co.)
O33 - MountPoints2\{e121ba44-ecf9-11df-bf0c-0019dbf38d50}\Shell - "" = AutoRun
O33 - MountPoints2\{e121ba44-ecf9-11df-bf0c-0019dbf38d50}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bootdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.21 21:50:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Bennibaba\Desktop\OTL.exe
[2011.12.21 21:38:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.12.21 21:31:04 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011.12.21 21:16:34 | 007,514,432 | ---- | C] (SurfRight B.V.) -- C:\Users\Bennibaba\Desktop\HitmanPro35_x64.exe
[2011.12.21 21:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011.12.21 21:16:06 | 006,480,192 | ---- | C] (SurfRight B.V.) -- C:\Users\Bennibaba\Desktop\HitmanPro3.5.9.130.exe
[2011.12.21 21:14:23 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011.12.21 20:14:51 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\AppData\Roaming\AVG10
[2011.12.21 20:13:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011.12.21 20:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011.12.21 20:12:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2011.12.21 20:11:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011.12.21 20:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011.12.21 19:52:56 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\Desktop\AVG_upped_by_der_kara
[2011.12.21 18:59:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shape Collage
[2011.12.21 18:59:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shape Collage
[2011.12.21 18:59:20 | 001,027,115 | ---- | C] (Shape Collage Inc.) -- C:\Users\Bennibaba\Desktop\ShapeCollage-2.5.3-Setup.exe
[2011.12.21 18:30:09 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\Desktop\Neuer Ordner (2)
[2011.12.21 02:01:05 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\AppData\Local\CrashRpt
[2011.12.21 02:01:01 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2011.12.21 02:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\RapidSolution
[2011.12.21 01:59:11 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\AppData\Local\RapidSolution
[2011.12.21 01:54:39 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\Documents\TubeBox!
[2011.12.21 01:54:39 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\AppData\Roaming\Jens Lorek
[2011.12.21 01:54:29 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TubeBox!
[2011.12.20 19:36:00 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\Desktop\Neuer Ordner
[2011.12.20 18:12:23 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\Documents\Updater
[2011.12.20 18:09:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2011.12.20 18:09:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared
[2011.12.20 12:53:19 | 000,047,208 | ---- | C] (RapidSolution Software AG) -- C:\Windows\SysNative\drivers\tbhsd.sys
[2011.12.20 01:51:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2011.12.20 01:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Postal 3
[2011.12.18 20:39:19 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2011.12.18 20:24:09 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\AppData\Roaming\HpUpdate
[2011.12.18 20:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011.12.18 20:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011.12.18 20:23:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011.12.18 20:22:52 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011.12.18 20:22:04 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\AppData\Local\HP
[2011.12.18 19:08:38 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\AppData\Roaming\PC Remote
[2011.12.01 19:00:45 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\Documents\ANNO 2070
[2011.11.29 00:28:19 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\Documents\Assassin's Creed Revelations
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.21 21:51:28 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.21 21:51:28 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.21 21:50:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bennibaba\Desktop\OTL.exe
[2011.12.21 21:48:16 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.21 21:48:16 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.21 21:48:16 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.21 21:48:16 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.21 21:48:16 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.21 21:43:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.21 21:43:50 | 3220,672,512 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.21 21:42:46 | 000,000,198 | ---- | M] () -- C:\Users\Bennibaba\defogger_reenable
[2011.12.21 21:34:07 | 000,050,477 | ---- | M] () -- C:\Users\Bennibaba\Desktop\Defogger.exe
[2011.12.21 21:31:33 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011.12.21 21:31:04 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011.12.21 21:31:04 | 000,005,944 | ---- | M] () -- C:\Windows\SysNative\bootdelete.lst
[2011.12.21 21:16:41 | 007,514,432 | ---- | M] (SurfRight B.V.) -- C:\Users\Bennibaba\Desktop\HitmanPro35_x64.exe
[2011.12.21 21:15:50 | 006,480,192 | ---- | M] (SurfRight B.V.) -- C:\Users\Bennibaba\Desktop\HitmanPro3.5.9.130.exe
[2011.12.21 19:52:33 | 205,228,006 | ---- | M] () -- C:\Users\Bennibaba\Desktop\AVG_upped_by_der_kara.rar
[2011.12.21 18:59:59 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\Shape Collage.lnk
[2011.12.21 18:59:16 | 001,027,115 | ---- | M] (Shape Collage Inc.) -- C:\Users\Bennibaba\Desktop\ShapeCollage-2.5.3-Setup.exe
[2011.12.21 10:01:54 | 004,850,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.21 02:07:55 | 012,167,023 | ---- | M] () -- C:\Users\Bennibaba\Desktop\3284_39.flv
[2011.12.21 01:22:24 | 000,056,468 | ---- | M] () -- C:\Users\Bennibaba\Desktop\beer.jpg
[2011.12.21 01:21:27 | 000,105,035 | ---- | M] () -- C:\Users\Bennibaba\Desktop\fire_penguin_disco_panda.jpg
[2011.12.21 01:07:23 | 000,049,972 | ---- | M] () -- C:\Users\Bennibaba\Desktop\nintendo_bett.jpg
[2011.12.21 00:58:56 | 000,070,593 | ---- | M] () -- C:\Users\Bennibaba\Desktop\Lese-Talent.jpg
[2011.12.21 00:57:27 | 000,173,419 | ---- | M] () -- C:\Users\Bennibaba\Desktop\2_Baby-Igel.jpg
[2011.12.21 00:55:47 | 000,038,127 | ---- | M] () -- C:\Users\Bennibaba\Desktop\3_Homer_Simpson-Zwickmuehle.jpg
[2011.12.21 00:53:56 | 000,020,228 | ---- | M] () -- C:\Users\Bennibaba\Desktop\nicht_rauchen__ausser_wenn.jpg
[2011.12.21 00:53:47 | 000,027,387 | ---- | M] () -- C:\Users\Bennibaba\Desktop\Knotensalat.jpg
[2011.12.21 00:53:32 | 000,024,343 | ---- | M] () -- C:\Users\Bennibaba\Desktop\Kater.jpg
[2011.12.21 00:53:11 | 000,041,906 | ---- | M] () -- C:\Users\Bennibaba\Desktop\Homer_und_die_Frauen.jpg
[2011.12.21 00:46:34 | 000,070,170 | ---- | M] () -- C:\Users\Bennibaba\Desktop\Internet.jpg
[2011.12.21 00:45:47 | 000,070,931 | ---- | M] () -- C:\Users\Bennibaba\Desktop\Nice_Underwear.jpg
[2011.12.21 00:43:40 | 000,222,565 | ---- | M] () -- C:\Users\Bennibaba\Desktop\Facebook-Trolling.jpg
[2011.12.20 20:13:20 | 001,678,095 | ---- | M] () -- C:\Users\Bennibaba\Desktop\karpfen gutschein.png
[2011.12.20 20:13:17 | 000,000,132 | ---- | M] () -- C:\Users\Bennibaba\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.12.20 20:12:54 | 002,569,078 | ---- | M] () -- C:\Users\Bennibaba\Desktop\mum gutschein.png
[2011.12.20 20:12:14 | 014,942,449 | ---- | M] () -- C:\Users\Bennibaba\Desktop\mum gutschein.psd
[2011.12.20 19:17:02 | 009,618,471 | ---- | M] () -- C:\Users\Bennibaba\Desktop\karpfen gutschein.psd
[2011.12.20 19:15:24 | 005,587,116 | ---- | M] () -- C:\Users\Bennibaba\Desktop\Unbenannt-1.psd
[2011.12.20 19:00:09 | 000,641,101 | ---- | M] () -- C:\Users\Bennibaba\Desktop\49-Free-Cartoon-Cow-Clip-Art.jpg
[2011.12.20 18:50:20 | 000,034,977 | ---- | M] () -- C:\Users\Bennibaba\Desktop\12P51.GIF
[2011.12.20 18:46:03 | 003,077,074 | ---- | M] () -- C:\Users\Bennibaba\Desktop\motiv.psd
[2011.12.20 18:18:39 | 000,909,705 | ---- | M] () -- C:\Users\Bennibaba\Desktop\5.bild.jpg
[2011.12.20 18:09:46 | 000,001,385 | ---- | M] () -- C:\Users\Bennibaba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2011.12.20 12:53:19 | 000,047,208 | ---- | M] (RapidSolution Software AG) -- C:\Windows\SysNative\drivers\tbhsd.sys
[2011.12.18 20:39:41 | 000,000,329 | ---- | M] () -- C:\Users\Bennibaba\Desktop\HP Druckerdiagnosetools.url
[2011.12.18 20:23:38 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk
[2011.12.18 20:23:37 | 000,002,224 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk
[2011.12.18 20:23:37 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk
[2011.12.18 20:23:37 | 000,001,224 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk
[2011.12.13 18:19:57 | 000,000,679 | ---- | M] () -- C:\Users\Bennibaba\Desktop\UniZeuch.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.21 21:42:46 | 000,000,198 | ---- | C] () -- C:\Users\Bennibaba\defogger_reenable
[2011.12.21 21:34:10 | 000,050,477 | ---- | C] () -- C:\Users\Bennibaba\Desktop\Defogger.exe
[2011.12.21 21:31:04 | 000,005,944 | ---- | C] () -- C:\Windows\SysNative\bootdelete.lst
[2011.12.21 21:18:38 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011.12.21 19:51:44 | 205,228,006 | ---- | C] () -- C:\Users\Bennibaba\Desktop\AVG_upped_by_der_kara.rar
[2011.12.21 18:59:59 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\Shape Collage.lnk
[2011.12.21 02:06:19 | 012,167,023 | ---- | C] () -- C:\Users\Bennibaba\Desktop\3284_39.flv
[2011.12.21 01:22:26 | 000,056,468 | ---- | C] () -- C:\Users\Bennibaba\Desktop\beer.jpg
[2011.12.21 01:21:29 | 000,105,035 | ---- | C] () -- C:\Users\Bennibaba\Desktop\fire_penguin_disco_panda.jpg
[2011.12.21 01:07:24 | 000,049,972 | ---- | C] () -- C:\Users\Bennibaba\Desktop\nintendo_bett.jpg
[2011.12.21 00:58:58 | 000,070,593 | ---- | C] () -- C:\Users\Bennibaba\Desktop\Lese-Talent.jpg
[2011.12.21 00:57:28 | 000,173,419 | ---- | C] () -- C:\Users\Bennibaba\Desktop\2_Baby-Igel.jpg
[2011.12.21 00:55:48 | 000,038,127 | ---- | C] () -- C:\Users\Bennibaba\Desktop\3_Homer_Simpson-Zwickmuehle.jpg
[2011.12.21 00:53:57 | 000,020,228 | ---- | C] () -- C:\Users\Bennibaba\Desktop\nicht_rauchen__ausser_wenn.jpg
[2011.12.21 00:53:48 | 000,027,387 | ---- | C] () -- C:\Users\Bennibaba\Desktop\Knotensalat.jpg
[2011.12.21 00:53:33 | 000,024,343 | ---- | C] () -- C:\Users\Bennibaba\Desktop\Kater.jpg
[2011.12.21 00:53:12 | 000,041,906 | ---- | C] () -- C:\Users\Bennibaba\Desktop\Homer_und_die_Frauen.jpg
[2011.12.21 00:46:36 | 000,070,170 | ---- | C] () -- C:\Users\Bennibaba\Desktop\Internet.jpg
[2011.12.21 00:45:50 | 000,070,931 | ---- | C] () -- C:\Users\Bennibaba\Desktop\Nice_Underwear.jpg
[2011.12.21 00:43:43 | 000,222,565 | ---- | C] () -- C:\Users\Bennibaba\Desktop\Facebook-Trolling.jpg
[2011.12.20 20:13:15 | 001,678,095 | ---- | C] () -- C:\Users\Bennibaba\Desktop\karpfen gutschein.png
[2011.12.20 20:12:35 | 002,569,078 | ---- | C] () -- C:\Users\Bennibaba\Desktop\mum gutschein.png
[2011.12.20 20:12:12 | 014,942,449 | ---- | C] () -- C:\Users\Bennibaba\Desktop\mum gutschein.psd
[2011.12.20 19:17:00 | 009,618,471 | ---- | C] () -- C:\Users\Bennibaba\Desktop\karpfen gutschein.psd
[2011.12.20 19:02:05 | 005,587,116 | ---- | C] () -- C:\Users\Bennibaba\Desktop\Unbenannt-1.psd
[2011.12.20 19:00:11 | 000,641,101 | ---- | C] () -- C:\Users\Bennibaba\Desktop\49-Free-Cartoon-Cow-Clip-Art.jpg
[2011.12.20 18:50:23 | 000,034,977 | ---- | C] () -- C:\Users\Bennibaba\Desktop\12P51.GIF
[2011.12.20 18:46:01 | 003,077,074 | ---- | C] () -- C:\Users\Bennibaba\Desktop\motiv.psd
[2011.12.20 18:18:46 | 000,909,705 | ---- | C] () -- C:\Users\Bennibaba\Desktop\5.bild.jpg
[2011.12.20 18:10:30 | 000,002,089 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
[2011.12.20 18:09:46 | 000,001,385 | ---- | C] () -- C:\Users\Bennibaba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2011.12.20 18:09:22 | 000,002,081 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
[2011.12.20 18:08:40 | 000,002,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
[2011.12.20 18:08:40 | 000,002,042 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
[2011.12.18 20:39:40 | 000,000,329 | ---- | C] () -- C:\Users\Bennibaba\Desktop\HP Druckerdiagnosetools.url
[2011.12.18 20:24:20 | 000,000,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
[2011.12.18 20:23:38 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk
[2011.12.18 20:23:37 | 000,002,224 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk
[2011.12.18 20:23:37 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk
[2011.12.18 20:23:37 | 000,001,224 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk
[2011.12.13 18:19:57 | 000,000,679 | ---- | C] () -- C:\Users\Bennibaba\Desktop\UniZeuch.lnk
[2011.12.12 22:06:40 | 000,432,674 | ---- | C] () -- C:\Users\Bennibaba\Desktop\1.jpg
[2011.12.12 22:06:40 | 000,155,700 | ---- | C] () -- C:\Users\Bennibaba\Desktop\2.jpg
[2011.10.08 20:47:20 | 000,017,434 | ---- | C] () -- C:\Windows\W2BNEUnin.dat
[2011.04.28 15:47:45 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.25 18:11:52 | 000,000,132 | ---- | C] () -- C:\Users\Bennibaba\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.03.14 16:03:03 | 000,001,456 | ---- | C] () -- C:\Users\Bennibaba\AppData\Local\Adobe Für Web speichern 11.0 Prefs
[2010.12.28 19:12:42 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.12.28 19:12:42 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.11.09 11:28:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.06.15 23:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[1998.06.10 00:00:00 | 000,015,120 | ---- | C] () -- C:\Windows\SysWow64\REPUTIL.DLL
 
========== LOP Check ==========
 
[2011.09.20 17:49:45 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\.minecraft
[2011.12.21 20:14:51 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\AVG10
[2011.11.04 19:15:58 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\benibela
[2011.10.03 20:40:53 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\casualArts
[2011.12.18 15:08:04 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\ChromePlus
[2011.10.04 10:28:16 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Command and Conquer 4
[2011.01.19 21:01:50 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\DAEMON Tools Lite
[2011.11.29 00:27:10 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\DAEMON Tools Pro
[2011.09.17 14:31:11 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Hoyle Blackjack
[2011.09.17 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Hoyle Card Games
[2011.09.17 14:24:15 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Hoyle FaceCreator
[2011.05.01 12:07:59 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\ICQ
[2011.12.21 01:54:39 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Jens Lorek
[2011.02.22 23:55:10 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Kalypso Media
[2010.11.12 17:57:52 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Miranda
[2011.10.12 19:45:42 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Nokia
[2010.11.09 14:30:45 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Notepad++
[2011.01.02 19:32:29 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\OpenOffice.org
[2010.12.02 09:19:35 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Opera
[2011.12.18 19:08:38 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\PC Remote
[2011.10.12 19:44:27 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\PC Suite
[2011.08.30 02:09:36 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\PunkBuster
[2011.09.16 11:37:30 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Rovio
[2011.02.23 19:06:03 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\TuneUp Software
[2011.12.01 18:40:56 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Ubisoft
[2011.10.27 18:33:44 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\xm1
[2011.02.02 18:21:24 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\{4916c8ce-b9e7-4e25-9a23-25493e41e04c}
[2011.10.01 18:25:07 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.12.21 21:14:23 | 000,000,000 | -H-D | M] -- C:\$AVG
[2010.11.09 11:33:30 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.11.09 13:07:44 | 000,000,000 | ---D | M] -- C:\ATI
[2011.12.21 21:43:49 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.11.09 11:32:57 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.11.29 18:27:20 | 000,000,000 | ---D | M] -- C:\Downloads
[2011.09.28 01:09:10 | 000,000,000 | ---D | M] -- C:\OutputFolder
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2010.12.23 18:26:21 | 000,000,000 | ---D | M] -- C:\Photoshop
[2011.12.18 20:22:52 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.12.21 20:11:11 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.12.21 21:16:22 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.11.09 11:32:57 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.11.09 11:32:58 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.12.21 21:53:17 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.01.02 19:17:41 | 000,000,000 | -H-D | M] -- C:\system32
[2010.11.09 11:33:07 | 000,000,000 | R--D | M] -- C:\Users
[2011.12.20 01:51:05 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2010.11.20 10:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\SysNative\drivers\afd.sys
[2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011.04.25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011.04.25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.06.10 22:23:22 | 001,169,224 | -H-- | M] (Microsoft Corporation) MD5=AEEC0405A1C587562275AB20CC6E3521 -- C:\system32\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 21.12.2011 21:51:37 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Bennibaba\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,78 Gb Available Physical Memory | 69,43% Memory free
8,00 Gb Paging File | 6,61 Gb Available in Paging File | 82,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,50 Gb Total Space | 20,09 Gb Free Space | 34,34% Space Free | Partition Type: NTFS
Drive D: | 311,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 239,49 Gb Total Space | 212,73 Gb Free Space | 88,83% Space Free | Partition Type: NTFS
Drive H: | 1863,01 Gb Total Space | 910,00 Gb Free Space | 48,85% Space Free | Partition Type: NTFS
 
Computer Name: BB-LI-W7 | User Name: Bennibaba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromePlusHTML] -- C:\Users\Bennibaba\AppData\Roaming\ChromePlus\chrome.exe (Maple Studio)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- E:\Neuer Ordner\Adobe Bridge CS5\Bridge.exe "%L"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- E:\Neuer Ordner\Adobe Bridge CS5\Bridge.exe "%L"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.4.2499.0 x64
"{34BD24DF-3B6F-8661-D4F0-0EBCACA2C834}" = ccc-utility64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B0748C5-2E63-B954-8C3F-71918C599800}" = WMV9/VC-1 Video Playback
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23 (64-bit)
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable - x64 8.0.59192
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8FCBB6DA-069C-8D08-DD99-F0881B9EECC3}" = AMD Drag and Drop Transcoding
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CACBDC26-D504-49ED-3FEC-0CDDB3700240}" = ATI Catalyst Install Manager
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{E0FE1E14-3A7A-4DB0-9FFA-0DD945AE84DB}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}" = Paint.NET v3.5.5
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR
"Zune" = Zune
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1DE1B0F3-5897-4C66-BA18-F8A9E95FAE5C}" = ccc-core-static
"{1EE88B84-7BE5-4FB5-8DEA-B81D5409D62E}" = Opera 11.00
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 29
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D481F91-44BA-F0FE-CD07-8B3429A2A821}" = Catalyst Control Center Graphics Previews Common
"{543A0462-62A8-59CA-8EA7-B2173DA96DAC}" = CCC Help English
"{54A2CFDE-DC70-46E0-92AC-DC88F6303D39}" = Guitar Pro 4
"{5809A31C-32FB-35CA-E1D2-0B898119E15F}" = Catalyst Control Center InstallProxy
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F868980-FF49-011B-2C95-409F199B9C19}" = Catalyst Control Center Graphics Previews Vista
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Hilfe
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX-Setup
"foobar2000" = foobar2000 v1.1.1
"Guitar Pro 5_is1" = Guitar Pro 5.2
"InstallShield_{E03B44A3-9237-4B55-B7A5-DB1DD46920D3}" = Wolfenstein(TM) 1.1 Patch
"Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 9.0 (x86 de)" = Mozilla Firefox 9.0 (x86 de)
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"ShapeCollage" = Shape Collage
"Texmaker" = Texmaker
"TexMakerX_is1" = TexMakerX 2.1
"VideoGet_is1" = Nuclear Coffee - VideoGet
"Visual Basic 6.0 Professional Edition (deu)" = Microsoft Visual Basic 6.0 Professional Edition (Deutsch)
"VLC media player" = VLC media player 1.1.4
"Warcraft II BNE" = Warcraft II BNE
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Winamp" = Winamp
"World of Warcraft" = World of Warcraft
"xp-AntiSpy" = xp-AntiSpy 3.97-9
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 18.12.2011 15:07:00 | Computer Name = BB-LI-W7 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 1.1.4.0, Zeitstempel:
 0x4c76f9fe  Name des fehlerhaften Moduls: vlc.exe, Version: 1.1.4.0, Zeitstempel:
 0x4c76f9fe  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00001749  ID des fehlerhaften Prozesses:
 0x1050  Startzeit der fehlerhaften Anwendung: 0x01ccbdb8118a669d  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Pfad des fehlerhaften Moduls:
 C:\Program Files (x86)\VideoLAN\VLC\vlc.exe  Berichtskennung: 75fe3fee-29ab-11e1-b622-0019dbf38d50
 
Error - 18.12.2011 16:58:14 | Computer Name = BB-LI-W7 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 19.12.2011 21:23:16 | Computer Name = BB-LI-W7 | Source = Application Hang | ID = 1002
Description = Programm p3.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 12ec    Startzeit:
 01ccbeb490b3d8de    Endzeit: 18    Anwendungspfad: H:\Games\Postal 3\game\p3.exe    Berichts-ID:
   
 
Error - 20.12.2011 13:16:20 | Computer Name = BB-LI-W7 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Photoshop.exe, Version: 12.0.0.0,
 Zeitstempel: 0x4bbc5b10  Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7c92c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000105acb
ID
 des fehlerhaften Prozesses: 0x1168  Startzeit der fehlerhaften Anwendung: 0x01ccbf3a9ef32ad4
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Adobe\PS CS5\Adobe Photoshop CS5 (64
 Bit)\Photoshop.exe  Pfad des fehlerhaften Moduls: C:\Windows\system32\ole32.dll  Berichtskennung:
 5538fb81-2b2e-11e1-9720-0019dbf38d50
 
Error - 20.12.2011 13:16:23 | Computer Name = BB-LI-W7 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Photoshop.exe, Version: 12.0.0.0,
 Zeitstempel: 0x4bbc5b10  Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7c92c  Ausnahmecode: 0xc000041d  Fehleroffset: 0x0000000000105acb
ID
 des fehlerhaften Prozesses: 0x1168  Startzeit der fehlerhaften Anwendung: 0x01ccbf3a9ef32ad4
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Adobe\PS CS5\Adobe Photoshop CS5 (64
 Bit)\Photoshop.exe  Pfad des fehlerhaften Moduls: C:\Windows\system32\ole32.dll  Berichtskennung:
 5730f091-2b2e-11e1-9720-0019dbf38d50
 
Error - 20.12.2011 13:45:48 | Computer Name = BB-LI-W7 | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 604    Startzeit: 01ccbf333e30e6b2    Endzeit: 45    Anwendungspfad: 
C:\Windows\Explorer.EXE    Berichts-ID: 717ce571-2b32-11e1-9720-0019dbf38d50  
 
Error - 20.12.2011 14:36:44 | Computer Name = BB-LI-W7 | Source = Application Hang | ID = 1002
Description = Programm chrome.exe, Version 1.6.4.30 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 9bc    Startzeit: 
01ccbf33741da289    Endzeit: 113    Anwendungspfad: C:\Users\Bennibaba\AppData\Roaming\ChromePlus\chrome.exe

Berichts-ID:
 8e81a357-2b39-11e1-9720-0019dbf38d50  
 
Error - 20.12.2011 15:03:51 | Computer Name = BB-LI-W7 | Source = Application Hang | ID = 1002
Description = Programm explorer.exe, Version 6.1.7601.17567 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 132c    Startzeit: 01ccbf3f35537b6c    Endzeit: 73    Anwendungspfad:
 C:\Windows\explorer.exe    Berichts-ID: 58948426-2b3d-11e1-9720-0019dbf38d50  
 
Error - 20.12.2011 21:05:13 | Computer Name = BB-LI-W7 | Source = Application Hang | ID = 1002
Description = Programm Audials.exe, Version 9.0.57909.900 kann nicht mehr unter 
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
 der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem 
zu suchen.    Prozess-ID: 1960    Startzeit: 01ccbf7c434cd890    Endzeit: 42    Anwendungspfad: 
C:\Program Files (x86)\Audials 9\Audials.exe    Berichts-ID: d43017a1-2b6f-11e1-9720-0019dbf38d50

 
Error - 21.12.2011 13:59:03 | Computer Name = BB-LI-W7 | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 608    Startzeit: 01ccbffae5930ad0    Endzeit: 76    Anwendungspfad: 
C:\Windows\Explorer.EXE    Berichts-ID: 74be4ac5-2bfd-11e1-a325-0019dbf38d50  
 
[ System Events ]
Error - 01.12.2011 20:49:22 | Computer Name = BB-LI-W7 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 01.12.2011 20:49:23 | Computer Name = BB-LI-W7 | Source = DCOM | ID = 10005
Description = 
 
Error - 01.12.2011 20:49:23 | Computer Name = BB-LI-W7 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 02.12.2011 11:36:01 | Computer Name = BB-LI-W7 | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 04.12.2011 06:38:35 | Computer Name = BB-LI-W7 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 04.12.2011 06:38:36 | Computer Name = BB-LI-W7 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 04.12.2011 06:38:37 | Computer Name = BB-LI-W7 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 08.12.2011 16:26:05 | Computer Name = BB-LI-W7 | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 13.12.2011 16:39:03 | Computer Name = BB-LI-W7 | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 14.12.2011 12:55:02 | Computer Name = BB-LI-W7 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
 
< End of report >
         
Dankeschön für die Hilfe!
Frohe Weihnachten schonmal

Alt 21.12.2011, 22:24   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
C:\system32\winlogon.exe <-- nicht normal? - Standard

C:\system32\winlogon.exe <-- nicht normal?



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 22.12.2011, 10:22   #3
bennibaba
 
C:\system32\winlogon.exe <-- nicht normal? - Standard

C:\system32\winlogon.exe <-- nicht normal?



Code:
ATTFilter
C:\Users\Bennibaba\AppData\Local\Temp\ICReinstall\cnet_powertab_zip.exe	a variant of Win32/InstallCore.D application
         
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122106

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

21.12.2011 23:46:16
mbam-log-2011-12-21 (23-46-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 331340
Laufzeit: 38 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Trojan.Agent) -> Value: winlogon -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files (x86)\nuclear coffee\VideoGet\vg-patch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\bennibaba\downloads\windows loader\windows loader.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
c:\system32\winlogon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
         
__________________

Alt 22.12.2011, 14:00   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
C:\system32\winlogon.exe <-- nicht normal? - Standard

C:\system32\winlogon.exe <-- nicht normal?



Zitat:
c:\program files (x86)\nuclear coffee\VideoGet\vg-patch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\bennibaba\downloads\windows loader\windows loader.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.


Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!

Und zur Neuinstallation nimmst du ein legales Windows und installierst von Original-DVD!
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu C:\system32\winlogon.exe <-- nicht normal?
64-bit, adobe, adobe flash player, antivir, autorun, avira, bho, browser, c:\windows\system32\rundll32.exe, computer, error, explorer, firefox, flash player, format, helper, install.exe, jdownloader, langs, logfile, nvidia, officejet, photoshop, plug-in, realtek, registry, required, richtlinie, rundll, schattenkopien, security, software, static, studio, suche, system, tubebox, visual studio, webcheck, winlogon.exe



Ähnliche Themen: C:\system32\winlogon.exe <-- nicht normal?


  1. Ist der Normal denke da stimmt was nicht
    Lob, Kritik und Wünsche - 15.12.2014 (3)
  2. Explorer öffnet sich nicht normal
    Alles rund um Windows - 15.07.2012 (5)
  3. Rechner fährt nicht normal hoch
    Alles rund um Windows - 21.02.2012 (35)
  4. Mein CPU Auslastung ist nicht Normal
    Log-Analyse und Auswertung - 14.07.2011 (2)
  5. C:\WINDOWS\System32\winlogon.exe Trojaner ?
    Plagegeister aller Art und deren Bekämpfung - 22.01.2011 (3)
  6. C:\windows\system32/winlogon.exe (auswertung logfile)
    Log-Analyse und Auswertung - 12.09.2010 (29)
  7. Win32.Loader.O (DB) in C:\WINDOWS\SYSTEM32\WINLOGON.EXE und C:\WINDOWS\Explorer.EXE
    Plagegeister aller Art und deren Bekämpfung - 26.08.2010 (3)
  8. Ist doch nicht normal: 1TB = 931GB?
    Netzwerk und Hardware - 23.07.2010 (2)
  9. Pc bootet nicht normal, total lahm, programme gehen nicht - Logfile
    Log-Analyse und Auswertung - 07.01.2010 (1)
  10. CPU Auslastung nicht normal!
    Log-Analyse und Auswertung - 18.10.2009 (5)
  11. Versteckte Datei "kdzqj.exe" in System32 und Reg-Eintrag "System" unter Winlogon
    Plagegeister aller Art und deren Bekämpfung - 25.03.2008 (22)
  12. Pc fährt sich nicht normal runter!
    Alles rund um Windows - 18.11.2007 (0)
  13. Trojaner der in system32/winlogon.exe sein unwesen treibt
    Plagegeister aller Art und deren Bekämpfung - 30.03.2007 (1)
  14. Wie lösche ich C:\windows\system32\winlogon.exe
    Plagegeister aller Art und deren Bekämpfung - 30.03.2007 (2)
  15. Spy Sheriff, Folgeprobleme: kein System32-Ordner, winlogon-prob?
    Plagegeister aller Art und deren Bekämpfung - 29.04.2006 (11)
  16. Windows startet nicht normal
    Alles rund um Windows - 14.04.2005 (2)

Zum Thema C:\system32\winlogon.exe <-- nicht normal? - Hallo, Ich war letztens am Computer von einem Kumpel und habe den Ordner "C:\system32\winlogon.exe" gefunden. Das ist doch nicht normal oder? Normalerweiße ist der system32 ordner doch im Ordner Windows... - C:\system32\winlogon.exe <-- nicht normal?...
Archiv
Du betrachtest: C:\system32\winlogon.exe <-- nicht normal? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.