bennibaba | 21.12.2011 22:09 | C:\system32\winlogon.exe <-- nicht normal? Hallo,
Ich war letztens am Computer von einem Kumpel und habe den Ordner "C:\system32\winlogon.exe" gefunden. Das ist doch nicht normal oder? Normalerweiße ist der system32 ordner doch im Ordner Windows...
Hier die zwei Scanlogs (er hat ein 64bit system): Code:
OTL logfile created on: 21.12.2011 21:51:37 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bennibaba\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,78 Gb Available Physical Memory | 69,43% Memory free
8,00 Gb Paging File | 6,61 Gb Available in Paging File | 82,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,50 Gb Total Space | 20,09 Gb Free Space | 34,34% Space Free | Partition Type: NTFS
Drive D: | 311,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 239,49 Gb Total Space | 212,73 Gb Free Space | 88,83% Space Free | Partition Type: NTFS
Drive H: | 1863,01 Gb Total Space | 910,00 Gb Free Space | 48,85% Space Free | Partition Type: NTFS
Computer Name: BB-LI-W7 | User Name: Bennibaba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.12.21 21:50:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bennibaba\Desktop\OTL.exe
PRC - [2011.06.28 16:33:19 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.03 15:33:42 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.21 22:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.11.30 18:12:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.11 09:27:40 | 000,193,856 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2010.07.12 17:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2010.05.20 23:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 23:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
========== Modules (No Company Name) ==========
MOD - [2011.03.21 22:10:36 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.03.21 22:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011.08.05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011.08.05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011.08.05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010.09.29 02:51:08 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.06.28 16:33:19 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.03 15:33:42 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011.12.20 12:53:19 | 000,047,208 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2011.10.11 22:08:31 | 000,508,472 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.06.28 16:33:20 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.28 16:33:20 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.19 21:07:19 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.01.19 21:07:18 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.09.29 03:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.09.29 03:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.09.29 02:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.08.16 11:42:00 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 B4 55 70 FB 7F CB 01 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: refspoof@mozdev.org:0.9.5
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.04.04 21:35:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.04.04 21:35:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.21 01:44:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2011.01.13 19:34:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bennibaba\AppData\Roaming\mozilla\Extensions
[2011.12.18 15:11:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bennibaba\AppData\Roaming\mozilla\Firefox\Profiles\g1dldky4.default\extensions
[2011.04.10 15:36:34 | 000,000,000 | ---D | M] (refspoof) -- C:\Users\Bennibaba\AppData\Roaming\mozilla\Firefox\Profiles\g1dldky4.default\extensions\refspoof@mozdev.org
[2011.12.21 01:44:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\BENNIBABA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G1DLDKY4.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011.12.21 01:44:07 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.27 19:02:11 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.27 19:02:11 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.27 19:02:11 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.27 19:02:11 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.27 19:02:11 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.27 19:02:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2011.12.21 19:02:06 | 000,001,166 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: # Copyright (c) 1993-2009 Microsoft Corp.
O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1 orbitservice.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 psdto.com
O1 - Hosts: 127.0.0.1 www.shapecollage.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [winlogon] C:\system32\winlogon.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Bennibaba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Bennibaba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.161 83.169.184.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FE9C31D-8401-4CC4-8303-AAE6FADE0992}: DhcpNameServer = 83.169.184.161 83.169.184.225
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.11.17 01:01:57 | 000,000,131 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{a3b8b5d0-6907-11e0-9549-0019dbf38d50}\Shell - "" = AutoRun
O33 - MountPoints2\{a3b8b5d0-6907-11e0-9549-0019dbf38d50}\Shell\AutoRun\command - "" = G:\unlock.exe autoplay=true
O33 - MountPoints2\{d40ab965-ebeb-11df-9e2c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d40ab965-ebeb-11df-9e2c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2010.11.17 01:01:57 | 000,297,832 | R--- | M] (Hewlett-Packard Co.)
O33 - MountPoints2\{e121ba44-ecf9-11df-bf0c-0019dbf38d50}\Shell - "" = AutoRun
O33 - MountPoints2\{e121ba44-ecf9-11df-bf0c-0019dbf38d50}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bootdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011.12.21 21:50:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Bennibaba\Desktop\OTL.exe
[2011.12.21 21:38:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.12.21 21:31:04 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011.12.21 21:16:34 | 007,514,432 | ---- | C] (SurfRight B.V.) -- C:\Users\Bennibaba\Desktop\HitmanPro35_x64.exe
[2011.12.21 21:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011.12.21 21:16:06 | 006,480,192 | ---- | C] (SurfRight B.V.) -- C:\Users\Bennibaba\Desktop\HitmanPro3.5.9.130.exe
[2011.12.21 21:14:23 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011.12.21 20:14:51 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\AppData\Roaming\AVG10
[2011.12.21 20:13:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011.12.21 20:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011.12.21 20:12:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2011.12.21 20:11:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011.12.21 20:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011.12.21 19:52:56 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\Desktop\AVG_upped_by_der_kara
[2011.12.21 18:59:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shape Collage
[2011.12.21 18:59:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shape Collage
[2011.12.21 18:59:20 | 001,027,115 | ---- | C] (Shape Collage Inc.) -- C:\Users\Bennibaba\Desktop\ShapeCollage-2.5.3-Setup.exe
[2011.12.21 18:30:09 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\Desktop\Neuer Ordner (2)
[2011.12.21 02:01:05 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\AppData\Local\CrashRpt
[2011.12.21 02:01:01 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2011.12.21 02:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\RapidSolution
[2011.12.21 01:59:11 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\AppData\Local\RapidSolution
[2011.12.21 01:54:39 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\Documents\TubeBox!
[2011.12.21 01:54:39 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\AppData\Roaming\Jens Lorek
[2011.12.21 01:54:29 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TubeBox!
[2011.12.20 19:36:00 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\Desktop\Neuer Ordner
[2011.12.20 18:12:23 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\Documents\Updater
[2011.12.20 18:09:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2011.12.20 18:09:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared
[2011.12.20 12:53:19 | 000,047,208 | ---- | C] (RapidSolution Software AG) -- C:\Windows\SysNative\drivers\tbhsd.sys
[2011.12.20 01:51:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2011.12.20 01:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Postal 3
[2011.12.18 20:39:19 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2011.12.18 20:24:09 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\AppData\Roaming\HpUpdate
[2011.12.18 20:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011.12.18 20:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011.12.18 20:23:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011.12.18 20:22:52 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011.12.18 20:22:04 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\AppData\Local\HP
[2011.12.18 19:08:38 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\AppData\Roaming\PC Remote
[2011.12.01 19:00:45 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\Documents\ANNO 2070
[2011.11.29 00:28:19 | 000,000,000 | ---D | C] -- C:\Users\Bennibaba\Documents\Assassin's Creed Revelations
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.12.21 21:51:28 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.21 21:51:28 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.21 21:50:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bennibaba\Desktop\OTL.exe
[2011.12.21 21:48:16 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.21 21:48:16 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.21 21:48:16 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.21 21:48:16 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.21 21:48:16 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.21 21:43:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.21 21:43:50 | 3220,672,512 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.21 21:42:46 | 000,000,198 | ---- | M] () -- C:\Users\Bennibaba\defogger_reenable
[2011.12.21 21:34:07 | 000,050,477 | ---- | M] () -- C:\Users\Bennibaba\Desktop\Defogger.exe
[2011.12.21 21:31:33 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011.12.21 21:31:04 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011.12.21 21:31:04 | 000,005,944 | ---- | M] () -- C:\Windows\SysNative\bootdelete.lst
[2011.12.21 21:16:41 | 007,514,432 | ---- | M] (SurfRight B.V.) -- C:\Users\Bennibaba\Desktop\HitmanPro35_x64.exe
[2011.12.21 21:15:50 | 006,480,192 | ---- | M] (SurfRight B.V.) -- C:\Users\Bennibaba\Desktop\HitmanPro3.5.9.130.exe
[2011.12.21 19:52:33 | 205,228,006 | ---- | M] () -- C:\Users\Bennibaba\Desktop\AVG_upped_by_der_kara.rar
[2011.12.21 18:59:59 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\Shape Collage.lnk
[2011.12.21 18:59:16 | 001,027,115 | ---- | M] (Shape Collage Inc.) -- C:\Users\Bennibaba\Desktop\ShapeCollage-2.5.3-Setup.exe
[2011.12.21 10:01:54 | 004,850,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.21 02:07:55 | 012,167,023 | ---- | M] () -- C:\Users\Bennibaba\Desktop\3284_39.flv
[2011.12.21 01:22:24 | 000,056,468 | ---- | M] () -- C:\Users\Bennibaba\Desktop\beer.jpg
[2011.12.21 01:21:27 | 000,105,035 | ---- | M] () -- C:\Users\Bennibaba\Desktop\fire_penguin_disco_panda.jpg
[2011.12.21 01:07:23 | 000,049,972 | ---- | M] () -- C:\Users\Bennibaba\Desktop\nintendo_bett.jpg
[2011.12.21 00:58:56 | 000,070,593 | ---- | M] () -- C:\Users\Bennibaba\Desktop\Lese-Talent.jpg
[2011.12.21 00:57:27 | 000,173,419 | ---- | M] () -- C:\Users\Bennibaba\Desktop\2_Baby-Igel.jpg
[2011.12.21 00:55:47 | 000,038,127 | ---- | M] () -- C:\Users\Bennibaba\Desktop\3_Homer_Simpson-Zwickmuehle.jpg
[2011.12.21 00:53:56 | 000,020,228 | ---- | M] () -- C:\Users\Bennibaba\Desktop\nicht_rauchen__ausser_wenn.jpg
[2011.12.21 00:53:47 | 000,027,387 | ---- | M] () -- C:\Users\Bennibaba\Desktop\Knotensalat.jpg
[2011.12.21 00:53:32 | 000,024,343 | ---- | M] () -- C:\Users\Bennibaba\Desktop\Kater.jpg
[2011.12.21 00:53:11 | 000,041,906 | ---- | M] () -- C:\Users\Bennibaba\Desktop\Homer_und_die_Frauen.jpg
[2011.12.21 00:46:34 | 000,070,170 | ---- | M] () -- C:\Users\Bennibaba\Desktop\Internet.jpg
[2011.12.21 00:45:47 | 000,070,931 | ---- | M] () -- C:\Users\Bennibaba\Desktop\Nice_Underwear.jpg
[2011.12.21 00:43:40 | 000,222,565 | ---- | M] () -- C:\Users\Bennibaba\Desktop\Facebook-Trolling.jpg
[2011.12.20 20:13:20 | 001,678,095 | ---- | M] () -- C:\Users\Bennibaba\Desktop\karpfen gutschein.png
[2011.12.20 20:13:17 | 000,000,132 | ---- | M] () -- C:\Users\Bennibaba\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.12.20 20:12:54 | 002,569,078 | ---- | M] () -- C:\Users\Bennibaba\Desktop\mum gutschein.png
[2011.12.20 20:12:14 | 014,942,449 | ---- | M] () -- C:\Users\Bennibaba\Desktop\mum gutschein.psd
[2011.12.20 19:17:02 | 009,618,471 | ---- | M] () -- C:\Users\Bennibaba\Desktop\karpfen gutschein.psd
[2011.12.20 19:15:24 | 005,587,116 | ---- | M] () -- C:\Users\Bennibaba\Desktop\Unbenannt-1.psd
[2011.12.20 19:00:09 | 000,641,101 | ---- | M] () -- C:\Users\Bennibaba\Desktop\49-Free-Cartoon-Cow-Clip-Art.jpg
[2011.12.20 18:50:20 | 000,034,977 | ---- | M] () -- C:\Users\Bennibaba\Desktop\12P51.GIF
[2011.12.20 18:46:03 | 003,077,074 | ---- | M] () -- C:\Users\Bennibaba\Desktop\motiv.psd
[2011.12.20 18:18:39 | 000,909,705 | ---- | M] () -- C:\Users\Bennibaba\Desktop\5.bild.jpg
[2011.12.20 18:09:46 | 000,001,385 | ---- | M] () -- C:\Users\Bennibaba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2011.12.20 12:53:19 | 000,047,208 | ---- | M] (RapidSolution Software AG) -- C:\Windows\SysNative\drivers\tbhsd.sys
[2011.12.18 20:39:41 | 000,000,329 | ---- | M] () -- C:\Users\Bennibaba\Desktop\HP Druckerdiagnosetools.url
[2011.12.18 20:23:38 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk
[2011.12.18 20:23:37 | 000,002,224 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk
[2011.12.18 20:23:37 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk
[2011.12.18 20:23:37 | 000,001,224 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk
[2011.12.13 18:19:57 | 000,000,679 | ---- | M] () -- C:\Users\Bennibaba\Desktop\UniZeuch.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.12.21 21:42:46 | 000,000,198 | ---- | C] () -- C:\Users\Bennibaba\defogger_reenable
[2011.12.21 21:34:10 | 000,050,477 | ---- | C] () -- C:\Users\Bennibaba\Desktop\Defogger.exe
[2011.12.21 21:31:04 | 000,005,944 | ---- | C] () -- C:\Windows\SysNative\bootdelete.lst
[2011.12.21 21:18:38 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011.12.21 19:51:44 | 205,228,006 | ---- | C] () -- C:\Users\Bennibaba\Desktop\AVG_upped_by_der_kara.rar
[2011.12.21 18:59:59 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\Shape Collage.lnk
[2011.12.21 02:06:19 | 012,167,023 | ---- | C] () -- C:\Users\Bennibaba\Desktop\3284_39.flv
[2011.12.21 01:22:26 | 000,056,468 | ---- | C] () -- C:\Users\Bennibaba\Desktop\beer.jpg
[2011.12.21 01:21:29 | 000,105,035 | ---- | C] () -- C:\Users\Bennibaba\Desktop\fire_penguin_disco_panda.jpg
[2011.12.21 01:07:24 | 000,049,972 | ---- | C] () -- C:\Users\Bennibaba\Desktop\nintendo_bett.jpg
[2011.12.21 00:58:58 | 000,070,593 | ---- | C] () -- C:\Users\Bennibaba\Desktop\Lese-Talent.jpg
[2011.12.21 00:57:28 | 000,173,419 | ---- | C] () -- C:\Users\Bennibaba\Desktop\2_Baby-Igel.jpg
[2011.12.21 00:55:48 | 000,038,127 | ---- | C] () -- C:\Users\Bennibaba\Desktop\3_Homer_Simpson-Zwickmuehle.jpg
[2011.12.21 00:53:57 | 000,020,228 | ---- | C] () -- C:\Users\Bennibaba\Desktop\nicht_rauchen__ausser_wenn.jpg
[2011.12.21 00:53:48 | 000,027,387 | ---- | C] () -- C:\Users\Bennibaba\Desktop\Knotensalat.jpg
[2011.12.21 00:53:33 | 000,024,343 | ---- | C] () -- C:\Users\Bennibaba\Desktop\Kater.jpg
[2011.12.21 00:53:12 | 000,041,906 | ---- | C] () -- C:\Users\Bennibaba\Desktop\Homer_und_die_Frauen.jpg
[2011.12.21 00:46:36 | 000,070,170 | ---- | C] () -- C:\Users\Bennibaba\Desktop\Internet.jpg
[2011.12.21 00:45:50 | 000,070,931 | ---- | C] () -- C:\Users\Bennibaba\Desktop\Nice_Underwear.jpg
[2011.12.21 00:43:43 | 000,222,565 | ---- | C] () -- C:\Users\Bennibaba\Desktop\Facebook-Trolling.jpg
[2011.12.20 20:13:15 | 001,678,095 | ---- | C] () -- C:\Users\Bennibaba\Desktop\karpfen gutschein.png
[2011.12.20 20:12:35 | 002,569,078 | ---- | C] () -- C:\Users\Bennibaba\Desktop\mum gutschein.png
[2011.12.20 20:12:12 | 014,942,449 | ---- | C] () -- C:\Users\Bennibaba\Desktop\mum gutschein.psd
[2011.12.20 19:17:00 | 009,618,471 | ---- | C] () -- C:\Users\Bennibaba\Desktop\karpfen gutschein.psd
[2011.12.20 19:02:05 | 005,587,116 | ---- | C] () -- C:\Users\Bennibaba\Desktop\Unbenannt-1.psd
[2011.12.20 19:00:11 | 000,641,101 | ---- | C] () -- C:\Users\Bennibaba\Desktop\49-Free-Cartoon-Cow-Clip-Art.jpg
[2011.12.20 18:50:23 | 000,034,977 | ---- | C] () -- C:\Users\Bennibaba\Desktop\12P51.GIF
[2011.12.20 18:46:01 | 003,077,074 | ---- | C] () -- C:\Users\Bennibaba\Desktop\motiv.psd
[2011.12.20 18:18:46 | 000,909,705 | ---- | C] () -- C:\Users\Bennibaba\Desktop\5.bild.jpg
[2011.12.20 18:10:30 | 000,002,089 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
[2011.12.20 18:09:46 | 000,001,385 | ---- | C] () -- C:\Users\Bennibaba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2011.12.20 18:09:22 | 000,002,081 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
[2011.12.20 18:08:40 | 000,002,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
[2011.12.20 18:08:40 | 000,002,042 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
[2011.12.18 20:39:40 | 000,000,329 | ---- | C] () -- C:\Users\Bennibaba\Desktop\HP Druckerdiagnosetools.url
[2011.12.18 20:24:20 | 000,000,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
[2011.12.18 20:23:38 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8500 A910.lnk
[2011.12.18 20:23:37 | 000,002,224 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk
[2011.12.18 20:23:37 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk
[2011.12.18 20:23:37 | 000,001,224 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk
[2011.12.13 18:19:57 | 000,000,679 | ---- | C] () -- C:\Users\Bennibaba\Desktop\UniZeuch.lnk
[2011.12.12 22:06:40 | 000,432,674 | ---- | C] () -- C:\Users\Bennibaba\Desktop\1.jpg
[2011.12.12 22:06:40 | 000,155,700 | ---- | C] () -- C:\Users\Bennibaba\Desktop\2.jpg
[2011.10.08 20:47:20 | 000,017,434 | ---- | C] () -- C:\Windows\W2BNEUnin.dat
[2011.04.28 15:47:45 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.25 18:11:52 | 000,000,132 | ---- | C] () -- C:\Users\Bennibaba\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.03.14 16:03:03 | 000,001,456 | ---- | C] () -- C:\Users\Bennibaba\AppData\Local\Adobe Für Web speichern 11.0 Prefs
[2010.12.28 19:12:42 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.12.28 19:12:42 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.11.09 11:28:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.06.15 23:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[1998.06.10 00:00:00 | 000,015,120 | ---- | C] () -- C:\Windows\SysWow64\REPUTIL.DLL
========== LOP Check ==========
[2011.09.20 17:49:45 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\.minecraft
[2011.12.21 20:14:51 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\AVG10
[2011.11.04 19:15:58 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\benibela
[2011.10.03 20:40:53 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\casualArts
[2011.12.18 15:08:04 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\ChromePlus
[2011.10.04 10:28:16 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Command and Conquer 4
[2011.01.19 21:01:50 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\DAEMON Tools Lite
[2011.11.29 00:27:10 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\DAEMON Tools Pro
[2011.09.17 14:31:11 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Hoyle Blackjack
[2011.09.17 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Hoyle Card Games
[2011.09.17 14:24:15 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Hoyle FaceCreator
[2011.05.01 12:07:59 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\ICQ
[2011.12.21 01:54:39 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Jens Lorek
[2011.02.22 23:55:10 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Kalypso Media
[2010.11.12 17:57:52 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Miranda
[2011.10.12 19:45:42 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Nokia
[2010.11.09 14:30:45 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Notepad++
[2011.01.02 19:32:29 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\OpenOffice.org
[2010.12.02 09:19:35 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Opera
[2011.12.18 19:08:38 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\PC Remote
[2011.10.12 19:44:27 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\PC Suite
[2011.08.30 02:09:36 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\PunkBuster
[2011.09.16 11:37:30 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Rovio
[2011.02.23 19:06:03 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\TuneUp Software
[2011.12.01 18:40:56 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\Ubisoft
[2011.10.27 18:33:44 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\xm1
[2011.02.02 18:21:24 | 000,000,000 | ---D | M] -- C:\Users\Bennibaba\AppData\Roaming\{4916c8ce-b9e7-4e25-9a23-25493e41e04c}
[2011.10.01 18:25:07 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2011.12.21 21:14:23 | 000,000,000 | -H-D | M] -- C:\$AVG
[2010.11.09 11:33:30 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.11.09 13:07:44 | 000,000,000 | ---D | M] -- C:\ATI
[2011.12.21 21:43:49 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.11.09 11:32:57 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.11.29 18:27:20 | 000,000,000 | ---D | M] -- C:\Downloads
[2011.09.28 01:09:10 | 000,000,000 | ---D | M] -- C:\OutputFolder
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2010.12.23 18:26:21 | 000,000,000 | ---D | M] -- C:\Photoshop
[2011.12.18 20:22:52 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.12.21 20:11:11 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.12.21 21:16:22 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.11.09 11:32:57 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.11.09 11:32:58 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.12.21 21:53:17 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.01.02 19:17:41 | 000,000,000 | -H-D | M] -- C:\system32
[2010.11.09 11:33:07 | 000,000,000 | R--D | M] -- C:\Users
[2011.12.20 01:51:05 | 000,000,000 | ---D | M] -- C:\Windows
< %PROGRAMFILES%\*.exe >
< %LOCALAPPDATA%\*.exe >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.manifest /3 >
< MD5 for: AFD.SYS >
[2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2010.11.20 10:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\SysNative\drivers\afd.sys
[2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011.04.25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011.04.25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys
< MD5 for: EXPLORER.EXE >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: REGEDIT.EXE >
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WININIT.EXE >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
< MD5 for: WINLOGON.EXE >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.06.10 22:23:22 | 001,169,224 | -H-- | M] (Microsoft Corporation) MD5=AEEC0405A1C587562275AB20CC6E3521 -- C:\system32\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report > Code:
OTL Extras logfile created on: 21.12.2011 21:51:37 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bennibaba\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,78 Gb Available Physical Memory | 69,43% Memory free
8,00 Gb Paging File | 6,61 Gb Available in Paging File | 82,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,50 Gb Total Space | 20,09 Gb Free Space | 34,34% Space Free | Partition Type: NTFS
Drive D: | 311,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 239,49 Gb Total Space | 212,73 Gb Free Space | 88,83% Space Free | Partition Type: NTFS
Drive H: | 1863,01 Gb Total Space | 910,00 Gb Free Space | 48,85% Space Free | Partition Type: NTFS
Computer Name: BB-LI-W7 | User Name: Bennibaba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromePlusHTML] -- C:\Users\Bennibaba\AppData\Roaming\ChromePlus\chrome.exe (Maple Studio)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- E:\Neuer Ordner\Adobe Bridge CS5\Bridge.exe "%L"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- E:\Neuer Ordner\Adobe Bridge CS5\Bridge.exe "%L"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.4.2499.0 x64
"{34BD24DF-3B6F-8661-D4F0-0EBCACA2C834}" = ccc-utility64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B0748C5-2E63-B954-8C3F-71918C599800}" = WMV9/VC-1 Video Playback
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23 (64-bit)
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable - x64 8.0.59192
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8FCBB6DA-069C-8D08-DD99-F0881B9EECC3}" = AMD Drag and Drop Transcoding
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CACBDC26-D504-49ED-3FEC-0CDDB3700240}" = ATI Catalyst Install Manager
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{E0FE1E14-3A7A-4DB0-9FFA-0DD945AE84DB}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}" = Paint.NET v3.5.5
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR
"Zune" = Zune
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1DE1B0F3-5897-4C66-BA18-F8A9E95FAE5C}" = ccc-core-static
"{1EE88B84-7BE5-4FB5-8DEA-B81D5409D62E}" = Opera 11.00
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 29
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D481F91-44BA-F0FE-CD07-8B3429A2A821}" = Catalyst Control Center Graphics Previews Common
"{543A0462-62A8-59CA-8EA7-B2173DA96DAC}" = CCC Help English
"{54A2CFDE-DC70-46E0-92AC-DC88F6303D39}" = Guitar Pro 4
"{5809A31C-32FB-35CA-E1D2-0B898119E15F}" = Catalyst Control Center InstallProxy
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F868980-FF49-011B-2C95-409F199B9C19}" = Catalyst Control Center Graphics Previews Vista
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Hilfe
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX-Setup
"foobar2000" = foobar2000 v1.1.1
"Guitar Pro 5_is1" = Guitar Pro 5.2
"InstallShield_{E03B44A3-9237-4B55-B7A5-DB1DD46920D3}" = Wolfenstein(TM) 1.1 Patch
"Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 9.0 (x86 de)" = Mozilla Firefox 9.0 (x86 de)
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"ShapeCollage" = Shape Collage
"Texmaker" = Texmaker
"TexMakerX_is1" = TexMakerX 2.1
"VideoGet_is1" = Nuclear Coffee - VideoGet
"Visual Basic 6.0 Professional Edition (deu)" = Microsoft Visual Basic 6.0 Professional Edition (Deutsch)
"VLC media player" = VLC media player 1.1.4
"Warcraft II BNE" = Warcraft II BNE
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Winamp" = Winamp
"World of Warcraft" = World of Warcraft
"xp-AntiSpy" = xp-AntiSpy 3.97-9
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 18.12.2011 15:07:00 | Computer Name = BB-LI-W7 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 1.1.4.0, Zeitstempel:
0x4c76f9fe Name des fehlerhaften Moduls: vlc.exe, Version: 1.1.4.0, Zeitstempel:
0x4c76f9fe Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001749 ID des fehlerhaften Prozesses:
0x1050 Startzeit der fehlerhaften Anwendung: 0x01ccbdb8118a669d Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Pfad des fehlerhaften Moduls:
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Berichtskennung: 75fe3fee-29ab-11e1-b622-0019dbf38d50
Error - 18.12.2011 16:58:14 | Computer Name = BB-LI-W7 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 19.12.2011 21:23:16 | Computer Name = BB-LI-W7 | Source = Application Hang | ID = 1002
Description = Programm p3.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 12ec Startzeit:
01ccbeb490b3d8de Endzeit: 18 Anwendungspfad: H:\Games\Postal 3\game\p3.exe Berichts-ID:
Error - 20.12.2011 13:16:20 | Computer Name = BB-LI-W7 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Photoshop.exe, Version: 12.0.0.0,
Zeitstempel: 0x4bbc5b10 Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7c92c Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000105acb
ID
des fehlerhaften Prozesses: 0x1168 Startzeit der fehlerhaften Anwendung: 0x01ccbf3a9ef32ad4
Pfad
der fehlerhaften Anwendung: C:\Program Files\Adobe\PS CS5\Adobe Photoshop CS5 (64
Bit)\Photoshop.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\ole32.dll Berichtskennung:
5538fb81-2b2e-11e1-9720-0019dbf38d50
Error - 20.12.2011 13:16:23 | Computer Name = BB-LI-W7 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Photoshop.exe, Version: 12.0.0.0,
Zeitstempel: 0x4bbc5b10 Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7c92c Ausnahmecode: 0xc000041d Fehleroffset: 0x0000000000105acb
ID
des fehlerhaften Prozesses: 0x1168 Startzeit der fehlerhaften Anwendung: 0x01ccbf3a9ef32ad4
Pfad
der fehlerhaften Anwendung: C:\Program Files\Adobe\PS CS5\Adobe Photoshop CS5 (64
Bit)\Photoshop.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\ole32.dll Berichtskennung:
5730f091-2b2e-11e1-9720-0019dbf38d50
Error - 20.12.2011 13:45:48 | Computer Name = BB-LI-W7 | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 604 Startzeit: 01ccbf333e30e6b2 Endzeit: 45 Anwendungspfad:
C:\Windows\Explorer.EXE Berichts-ID: 717ce571-2b32-11e1-9720-0019dbf38d50
Error - 20.12.2011 14:36:44 | Computer Name = BB-LI-W7 | Source = Application Hang | ID = 1002
Description = Programm chrome.exe, Version 1.6.4.30 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 9bc Startzeit:
01ccbf33741da289 Endzeit: 113 Anwendungspfad: C:\Users\Bennibaba\AppData\Roaming\ChromePlus\chrome.exe
Berichts-ID:
8e81a357-2b39-11e1-9720-0019dbf38d50
Error - 20.12.2011 15:03:51 | Computer Name = BB-LI-W7 | Source = Application Hang | ID = 1002
Description = Programm explorer.exe, Version 6.1.7601.17567 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 132c Startzeit: 01ccbf3f35537b6c Endzeit: 73 Anwendungspfad:
C:\Windows\explorer.exe Berichts-ID: 58948426-2b3d-11e1-9720-0019dbf38d50
Error - 20.12.2011 21:05:13 | Computer Name = BB-LI-W7 | Source = Application Hang | ID = 1002
Description = Programm Audials.exe, Version 9.0.57909.900 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1960 Startzeit: 01ccbf7c434cd890 Endzeit: 42 Anwendungspfad:
C:\Program Files (x86)\Audials 9\Audials.exe Berichts-ID: d43017a1-2b6f-11e1-9720-0019dbf38d50
Error - 21.12.2011 13:59:03 | Computer Name = BB-LI-W7 | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 608 Startzeit: 01ccbffae5930ad0 Endzeit: 76 Anwendungspfad:
C:\Windows\Explorer.EXE Berichts-ID: 74be4ac5-2bfd-11e1-a325-0019dbf38d50
[ System Events ]
Error - 01.12.2011 20:49:22 | Computer Name = BB-LI-W7 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 01.12.2011 20:49:23 | Computer Name = BB-LI-W7 | Source = DCOM | ID = 10005
Description =
Error - 01.12.2011 20:49:23 | Computer Name = BB-LI-W7 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 02.12.2011 11:36:01 | Computer Name = BB-LI-W7 | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 04.12.2011 06:38:35 | Computer Name = BB-LI-W7 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 04.12.2011 06:38:36 | Computer Name = BB-LI-W7 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 04.12.2011 06:38:37 | Computer Name = BB-LI-W7 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 08.12.2011 16:26:05 | Computer Name = BB-LI-W7 | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 13.12.2011 16:39:03 | Computer Name = BB-LI-W7 | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 14.12.2011 12:55:02 | Computer Name = BB-LI-W7 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
< End of report > Dankeschön für die Hilfe!
Frohe Weihnachten schonmal |