Home » Viren, Trojaner & Malware Forum » Systemprozess[...] nicht im System32 [...] schädlich einzustufen » Themenansicht

Systemprozess[...] nicht im System32 [...] schädlich einzustufen
#0
10.09.2011, 18:00
Raffl
...neu hier

Beiträge: 3
#1 Hallo,
ich habe mal wider ein HijackThis scan gemacht. Auf den ersten blick scheint eigentlich alles in ordnung zu sein, aber bei genauerem hinsehen ist mir bei einigen einträgen das hier aufgefallen:

Zitat

Der angebliche Systemprozess läuft nicht im System32 Ordner und ist deshalb als schädlich einzustufen. Dieser Eintrag wurde von unseren Besuchern als gut eingestuft.
Ich habe Windows 7 64bit, HijackThis als Administrator ausgeführt, und hatte zu dem Zeitpunkt des scans keine anderen Programme laufen.


Ich habe mir Die HijackThis.exe auf meinen Desktop gezogen, deshalb wahrscheinlich diser Eintrag:

D:\Raphi\Desktop\HiJackThis204.exe | (Das Gelbe Fragezeichen;D) | Dies ist ein unbekannter Prozess.


Schon mal im vorraus ein Danke für die Hilfe.
lg. Raffl

Ich weis nicht wie ich das Logfile Posten soll, deshalb mache ich es einfach mal als Zitat ;) :

Zitat

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:22:29, on 10.09.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\vVX3000.exe
C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
D:\Raphi\Desktop\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: NETGEAR WG111v3 Setup-Assistent.lnk = C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: Free YouTube Download - C:\Users\Raphi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Raphi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9388 bytes
ps. Ich hoffe ich habe alles einigermasen richtig gemacht. Falls nicht bitte ich das zu entschuligen, da dies mein erster beitrag in einem Forum diser art ist. ;)
Danke.
Seitenanfang Seitenende
10.09.2011, 19:09
Raffl
...neu hier

Themenstarter

Beiträge: 3
#2 Hier noch das OT logfile falls wirklich etwas sein sollte

Zitat

OTL logfile created on: 10.09.2011 18:15:58 - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = D:\Raphi\Desktop
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 59,41% Memory free
4,00 Gb Paging File | 2,55 Gb Available in Paging File | 63,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,03 Gb Total Space | 5,44 Gb Free Space | 6,97% Space Free | Partition Type: NTFS
Drive D: | 154,76 Gb Total Space | 105,36 Gb Free Space | 68,08% Space Free | Partition Type: NTFS

Computer Name: RALFS-PC | User Name: Raphi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011.09.10 18:12:28 | 000,581,120 | ---- | M] (OldTimer Tools) -- D:\Raphi\Desktop\OTL.exe
PRC - [2011.06.30 17:14:54 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.19 08:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 16:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.05.20 15:26:30 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe
PRC - [2009.11.06 14:41:06 | 002,080,768 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011.05.26 13:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009.11.06 14:41:06 | 002,080,768 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
MOD - [2009.03.04 09:52:36 | 000,372,736 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WG111v3\WlanDll.dll
MOD - [2008.12.29 17:13:24 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WG111v3\KJLog.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:64bit: - [2011.05.25 05:03:38 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.05.20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.08.14 22:26:37 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011.08.04 14:34:48 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.06.30 17:14:54 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.19 08:44:40 | 000,993,848 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011.04.19 08:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2011.06.30 17:14:55 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.30 17:14:55 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.05.25 06:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.05.25 04:25:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.05.16 22:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.23 18:33:00 | 000,300,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010.05.20 15:26:30 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VX3000.sys -- (VX3000)
DRV:64bit: - [2009.11.18 09:47:46 | 000,446,976 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wg111v3.sys -- (RTL8187B)
DRV:64bit: - [2009.09.23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Raphi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.06 22:05:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011.06.18 13:11:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raphi\AppData\Roaming\mozilla\Extensions
[2011.07.02 10:43:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raphi\AppData\Roaming\mozilla\Firefox\Profiles\66yqeunv.default\extensions
[2011.06.21 21:29:34 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Raphi\AppData\Roaming\mozilla\Firefox\Profiles\66yqeunv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.06.19 15:13:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.06.16 09:05:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\RAPHI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\66YQEUNV.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.09.06 22:05:33 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TaskTray] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Raphi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Raphi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Raphi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Raphi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24D2C200-6AC2-44F8-A7BB-7F5EE037AD9A}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6BED0A8-3F89-4B45-AF75-945845636E79}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011.09.10 18:12:26 | 000,581,120 | ---- | C] (OldTimer Tools) -- D:\Raphi\Desktop\OTL.exe
[2011.09.09 00:25:34 | 000,000,000 | ---D | C] -- D:\Raphi\Desktop\backups
[2011.09.09 00:16:30 | 000,000,000 | ---D | C] -- C:\Users\Raphi\AppData\Local\Diagnostics
[2011.09.06 22:56:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Intenium
[2011.09.06 22:56:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plants vs. Zombies
[2011.09.06 22:55:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plants vs. Zombies
[2011.09.06 22:30:25 | 000,000,000 | ---D | C] -- C:\Users\Raphi\AppData\Local\LogMeIn Hamachi
[2011.09.06 22:29:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011.09.06 22:29:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2011.09.06 05:41:06 | 000,000,000 | ---D | C] -- D:\Raphi\Desktop\Fraps Full
[2011.09.06 05:39:41 | 000,000,000 | ---D | C] -- C:\Users\Raphi\AppData\Roaming\HandBrake
[2011.09.04 15:51:38 | 000,000,000 | ---D | C] -- C:\Users\Raphi\AppData\Local\Facebook
[2011.09.01 11:40:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.08.31 23:02:23 | 000,000,000 | ---D | C] -- C:\Users\Raphi\AppData\Roaming\TS3Client
[2011.08.29 22:33:14 | 000,000,000 | ---D | C] -- D:\Raphi\Desktop\pkmn
[2011.08.29 22:31:58 | 000,000,000 | ---D | C] -- D:\Raphi\Desktop\VisualBoyAdvance-1.8.0-beta3
[2011.08.29 21:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.08.29 21:23:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.08.29 21:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.08.29 21:23:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011.08.29 21:21:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.08.29 21:21:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011.08.27 23:13:34 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011.08.27 23:13:33 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011.08.27 23:13:33 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011.08.27 23:13:33 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011.08.27 23:13:33 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2011.08.27 23:13:33 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2011.08.27 23:13:32 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011.08.27 23:13:32 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011.08.27 23:13:32 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2011.08.27 23:13:32 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011.08.27 23:13:32 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2011.08.27 23:13:32 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2011.08.27 23:13:31 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2011.08.27 23:13:00 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011.08.27 23:13:00 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011.08.27 23:13:00 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011.08.27 23:13:00 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011.08.27 23:12:59 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011.08.27 23:12:59 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011.08.27 23:12:59 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011.08.27 23:11:47 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011.08.27 23:11:46 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2011.08.27 23:11:19 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011.08.22 01:18:49 | 000,000,000 | ---D | C] -- D:\Raphi\Documents\ManiaPlanet
[2011.08.22 01:18:25 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2011.08.22 01:18:24 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2011.08.22 01:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManiaPlanet
[2011.08.22 01:16:56 | 000,000,000 | ---D | C] -- C:\ProgramData\ManiaPlanet
[2011.08.22 01:16:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ManiaPlanet
[2011.08.16 13:42:19 | 000,000,000 | ---D | C] -- C:\Users\Raphi\AppData\Local\{729D24A6-E747-4CE6-B464-6BCD0FC6B11C}
[2011.08.16 13:41:57 | 000,000,000 | ---D | C] -- C:\Users\Raphi\AppData\Local\{4D0B88FA-CF34-4592-95C6-435DA6F30775}
[2011.08.16 12:29:13 | 000,000,000 | ---D | C] -- C:\Users\Raphi\AppData\Local\{ADD37008-6D99-48E2-A206-F738DAEF48A8}
[2011.08.16 12:29:01 | 000,000,000 | ---D | C] -- C:\Users\Raphi\AppData\Local\{92C17A94-B50F-481B-B129-2465749052CC}
[2011.08.16 12:10:36 | 000,000,000 | ---D | C] -- D:\Raphi\Desktop\hp und ein stein
[2011.08.16 11:24:16 | 000,000,000 | ---D | C] -- C:\Users\Raphi\AppData\Local\{BA203FF5-B688-480D-AE08-7A1772A58FE5}
[2011.08.16 11:24:04 | 000,000,000 | ---D | C] -- C:\Users\Raphi\AppData\Local\{20B38052-5DA1-4550-AEDB-5617017468CB}
[2011.08.16 10:09:01 | 000,000,000 | ---D | C] -- C:\Users\Raphi\AppData\Local\{D21B87FD-0878-414B-B98E-CA95D7FAA77F}
[2011.08.16 10:08:38 | 000,000,000 | ---D | C] -- C:\Users\Raphi\AppData\Local\{731F2C85-C02D-4AE1-AE5F-28B13296B2AA}
[2011.08.15 13:47:18 | 000,000,000 | ---D | C] -- C:\Users\Raphi\AppData\Local\{62FDBE7F-34D6-4A1F-8BA8-D6851C43A191}
[2011.08.15 13:46:55 | 000,000,000 | ---D | C] -- C:\Users\Raphi\AppData\Local\{448B5C2D-0DB8-4234-A510-E95BE6A171C8}
[2011.08.15 13:45:40 | 000,000,000 | ---D | C] -- C:\Users\Raphi\AppData\Local\{AD37B710-2C92-4D47-A29C-45004F115342}
[2011.08.15 13:45:17 | 000,000,000 | ---D | C] -- C:\Users\Raphi\AppData\Local\{DA0446E0-A705-48A3-AE90-97D0BA6F564F}
[2011.08.15 13:15:47 | 000,000,000 | ---D | C] -- C:\Users\Raphi\AppData\Local\{77AFCF60-0BEC-42A4-8E8D-B315EF8443CF}
[2011.08.15 13:15:20 | 000,000,000 | ---D | C] -- C:\Users\Raphi\AppData\Local\{0E1DD93A-66F6-4C86-8674-27D2FB41FD82}
[2011.08.15 13:14:38 | 000,000,000 | ---D | C] -- C:\Users\Raphi\AppData\Local\{F596F6AB-DCDC-44F5-B4DF-3DD5E8A6837D}
[2011.08.15 13:14:12 | 000,000,000 | ---D | C] -- C:\Users\Raphi\AppData\Local\{397E359E-A47F-4D15-9BF9-910599CD2837}
[2011.08.15 12:40:55 | 000,000,000 | ---D | C] -- C:\Users\Raphi\AppData\Local\{1224B062-424A-4FDC-853F-2D588418BD3A}
[2011.08.15 11:33:39 | 000,000,000 | ---D | C] -- C:\Users\Raphi\AppData\Local\{B635A7C1-13E7-491F-98F5-7BEB674E313F}
[2011.08.15 11:33:25 | 000,000,000 | ---D | C] -- C:\Users\Raphi\AppData\Local\{80D47AFB-FE46-42C6-B5AB-6AC58AF4DA41}
[2011.08.15 11:15:59 | 000,000,000 | ---D | C] -- C:\Users\Raphi\AppData\Local\{4226BE79-E75C-4F87-872E-61759A72D5EA}
[2011.08.15 11:15:47 | 000,000,000 | ---D | C] -- C:\Users\Raphi\AppData\Local\{86F99254-54B9-4589-B497-06F219BB19D2}
[2011.08.14 23:10:41 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.08.14 23:10:41 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.08.14 23:10:40 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.08.14 23:10:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.08.14 23:10:39 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011.08.14 23:10:39 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.08.14 23:10:39 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.08.14 23:10:39 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.08.14 23:10:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.08.14 22:19:57 | 000,000,000 | ---D | C] -- C:\Users\Raphi\AppData\Local\Windows Live
[2011.08.14 22:19:24 | 000,000,000 | ---D | C] -- C:\Users\Raphi\AppData\Local\{743C9686-CD85-440F-B378-49168968DB8A}
[2011.08.14 22:19:24 | 000,000,000 | ---D | C] -- C:\Users\Raphi\AppData\Local\{4AC98F4A-67D3-45EB-9339-7ED538271BB8}
[2011.08.14 21:51:51 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011.08.14 21:51:51 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011.08.14 21:51:51 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011.08.14 21:51:51 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011.08.14 21:51:51 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011.08.14 21:51:51 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011.08.14 21:51:51 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011.08.14 21:51:50 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011.08.14 21:51:50 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011.08.14 21:51:36 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011.08.14 21:51:36 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011.08.14 21:51:36 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011.08.14 21:51:36 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011.08.14 21:51:36 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011.08.14 21:51:35 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011.08.14 21:51:35 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011.08.14 21:51:35 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011.08.14 21:51:35 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011.08.14 21:51:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011.08.14 21:51:35 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011.08.14 21:51:35 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011.08.14 21:51:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011.08.14 21:51:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.08.14 21:51:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011.08.14 21:51:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011.08.14 21:51:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.08.14 21:51:34 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011.08.14 21:51:34 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011.08.14 21:51:34 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011.08.14 21:51:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011.08.14 21:51:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011.08.14 21:51:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011.08.14 21:51:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011.08.14 21:51:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.08.14 21:51:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.08.14 21:51:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011.08.14 21:51:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011.08.14 21:51:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011.08.14 21:51:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011.08.14 21:51:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.08.14 21:51:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011.08.14 21:51:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011.08.14 21:51:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011.08.14 21:51:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.08.14 21:51:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011.08.14 21:51:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011.08.14 21:51:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011.08.14 21:51:33 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011.08.14 21:51:33 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011.08.14 21:51:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011.08.14 21:51:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011.08.14 21:51:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.08.14 21:51:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011.08.14 21:51:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011.08.14 21:51:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.08.14 21:51:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.08.14 21:51:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.08.14 21:51:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011.08.14 21:51:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011.08.14 21:51:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.08.14 21:51:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011.08.14 21:51:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011.08.14 21:51:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011.08.14 21:51:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011.08.14 21:51:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011.08.14 21:51:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011.08.14 21:51:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011.08.14 21:51:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011.08.14 21:51:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011.08.14 21:51:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011.08.14 21:51:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.08.14 21:51:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011.08.14 21:51:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011.08.14 21:51:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011.08.14 21:51:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011.08.14 21:51:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011.08.14 21:51:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011.08.14 21:51:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011.08.14 21:49:46 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011.08.14 21:49:44 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.08.14 21:49:42 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011.09.10 18:12:28 | 000,581,120 | ---- | M] (OldTimer Tools) -- D:\Raphi\Desktop\OTL.exe
[2011.09.10 15:56:03 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3695596722-3825382438-2556450956-1003UA.job
[2011.09.10 15:56:02 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3695596722-3825382438-2556450956-1003Core.job
[2011.09.10 14:59:10 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.10 14:59:10 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.10 14:56:56 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.09.10 14:56:56 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.09.10 14:56:56 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.09.10 14:56:56 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.09.10 14:56:56 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.09.10 14:51:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.10 14:51:25 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.06 22:56:02 | 000,001,218 | ---- | M] () -- C:\Users\Public\Desktop\Plants vs. Zombies.lnk
[2011.09.06 22:29:34 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2011.09.01 11:40:00 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.09.01 11:37:27 | 000,000,470 | ---- | M] () -- D:\Raphi\Desktop\Technobase.asx
[2011.08.29 21:23:59 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.08.29 21:21:58 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.08.28 13:13:41 | 000,413,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.08.22 11:11:34 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.08.22 01:17:40 | 000,001,145 | ---- | M] () -- C:\Users\Public\Desktop\ManiaPlanet.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011.09.06 22:56:02 | 000,001,218 | ---- | C] () -- C:\Users\Public\Desktop\Plants vs. Zombies.lnk
[2011.09.06 22:29:34 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2011.09.04 15:51:44 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3695596722-3825382438-2556450956-1003UA.job
[2011.09.04 15:51:43 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3695596722-3825382438-2556450956-1003Core.job
[2011.09.01 11:40:00 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.09.01 11:37:26 | 000,000,470 | ---- | C] () -- D:\Raphi\Desktop\Technobase.asx
[2011.08.29 21:23:59 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.08.29 21:21:58 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.08.22 01:17:40 | 000,001,145 | ---- | C] () -- C:\Users\Public\Desktop\ManiaPlanet.lnk
[2011.07.10 02:42:56 | 000,654,194 | ---- | C] () -- C:\Users\Raphi\AppData\Local\Tempepic8.png
[2011.06.28 20:50:58 | 000,017,408 | ---- | C] () -- C:\Users\Raphi\AppData\Local\WebpageIcons.db
[2011.06.24 17:07:37 | 000,007,605 | ---- | C] () -- C:\Users\Raphi\AppData\Local\Resmon.ResmonCfg
[2011.06.20 21:29:46 | 000,025,603 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.06.18 21:43:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.06.18 15:45:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.26 17:24:18 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >
Der extras.txt:

Zitat

OTL Extras logfile created on: 10.09.2011 18:15:58 - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = D:\Raphi\Desktop
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 59,41% Memory free
4,00 Gb Paging File | 2,55 Gb Available in Paging File | 63,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,03 Gb Total Space | 5,44 Gb Free Space | 6,97% Space Free | Partition Type: NTFS
Drive D: | 154,76 Gb Total Space | 105,36 Gb Free Space | 68,08% Space Free | Partition Type: NTFS

Computer Name: RALFS-PC | User Name: Raphi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{495ADF2E-6DDD-7C45-E02A-F9B4AF6F2175}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{54E192A6-AA33-1963-C96A-26AA7A3B41B4}" = ccc-utility64
"{5857E7BE-2F6F-D41A-42B2-B668B19A5F30}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{CFF9D801-1EC4-B8F5-2CAB-4A1790C95A18}" = ATI Catalyst Install Manager
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.2.0.1304
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0DE8527A-FE3E-4FCA-A023-D57EF0B796C9}_is1" = Plants vs. Zombies 1.0.4.7924 (by Scar)
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{27107EAA-34E0-43BF-B537-7F8EF6880F5A}" = Facebook Video Calling 1.0.0.8177
"{30D659E4-4405-6925-CDCF-EB8CD0C80DAC}" = Catalyst Control Center Graphics Previews Common
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{60DE7978-4F13-5584-5E53-DCEE1CB115A5}" = Catalyst Control Center
"{65163326-FA1A-4385-8668-83AFEEAE96AF}" = FreeUndelete 2.0.35248.1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{693380EA-55DE-4592-980B-54D41E479A21}" = S4 League_EU
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85268C72-C609-E50A-7AB3-9B3582DFEE66}" = CCC Help English
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AFF8C8F4-E4BB-891F-8636-5E71F946C5B6}" = Catalyst Control Center InstallProxy
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC274982-5AAD-4C20-848D-4424A5043A06}_is1" = WinUtilities Undelete 3.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Counter-Strike: Source" = Counter-Strike: Source
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"ElsterFormular für Privatanwender 12.2.1.6570p" = ElsterFormular für Privatanwender
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FL Studio 10" = FL Studio 10
"Free Studio_is1" = Free Studio version 5.1.3
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"IL Download Manager" = IL Download Manager
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"IrfanView" = IrfanView (remove only)
"LogMeIn Hamachi" = LogMeIn Hamachi
"ManiaPlanet_is1" = ManiaPlanet
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"Virtual DJ Home Edition - Atomix Productions" = Virtual DJ Home Edition - Atomix Productions
"VLC media player" = VLC media player 1.1.10
"Warcraft III" = Warcraft III
"WinLiveSuite" = Windows Live Essentials
"xp-AntiSpy" = xp-AntiSpy 3.97-11
"Zattoo4" = Zattoo4 4.0.5

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 16.07.2011 19:25:39 | Computer Name = Ralfs-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iw3mp.exe, Version: 0.0.0.0, Zeitstempel:
0x4859a219 Name des fehlerhaften Moduls: iw3mp.exe, Version: 0.0.0.0, Zeitstempel:
0x4859a219 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0027782e ID des fehlerhaften Prozesses:
0x638 Startzeit der fehlerhaften Anwendung: 0x01cc440fa9896794 Pfad der fehlerhaften
Anwendung: D:\Raphi\Desktop\cod4 on Slayz-9c5f82f21\iw3mp.exe Pfad des fehlerhaften
Moduls: D:\Raphi\Desktop\cod4 on Slayz-9c5f82f21\iw3mp.exe Berichtskennung: ea0b27e4-b002-11e0-9dac-001e90102b60

Error - 16.07.2011 19:26:17 | Computer Name = Ralfs-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iw3mp.exe, Version: 0.0.0.0, Zeitstempel:
0x4859a219 Name des fehlerhaften Moduls: iw3mp.exe, Version: 0.0.0.0, Zeitstempel:
0x4859a219 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0027782e ID des fehlerhaften Prozesses:
0x12c4 Startzeit der fehlerhaften Anwendung: 0x01cc440fb7388bcd Pfad der fehlerhaften
Anwendung: D:\Raphi\Desktop\cod4 on Slayz-9c5f82f21\iw3mp.exe Pfad des fehlerhaften
Moduls: D:\Raphi\Desktop\cod4 on Slayz-9c5f82f21\iw3mp.exe Berichtskennung: 0109fda4-b003-11e0-9dac-001e90102b60

Error - 16.07.2011 19:27:42 | Computer Name = Ralfs-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iw3mp.exe, Version: 0.0.0.0, Zeitstempel:
0x4859a219 Name des fehlerhaften Moduls: iw3mp.exe, Version: 0.0.0.0, Zeitstempel:
0x4859a219 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0027782e ID des fehlerhaften Prozesses:
0x10e0 Startzeit der fehlerhaften Anwendung: 0x01cc440ff35791c9 Pfad der fehlerhaften
Anwendung: D:\Raphi\Desktop\cod4 on Slayz-9c5f82f21\iw3mp.exe Pfad des fehlerhaften
Moduls: D:\Raphi\Desktop\cod4 on Slayz-9c5f82f21\iw3mp.exe Berichtskennung: 335ec85a-b003-11e0-9dac-001e90102b60

Error - 16.07.2011 19:27:58 | Computer Name = Ralfs-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iw3mp.exe, Version: 0.0.0.0, Zeitstempel:
0x4859a219 Name des fehlerhaften Moduls: iw3mp.exe, Version: 0.0.0.0, Zeitstempel:
0x4859a219 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0027782e ID des fehlerhaften Prozesses:
0x1314 Startzeit der fehlerhaften Anwendung: 0x01cc440ffa6e13f0 Pfad der fehlerhaften
Anwendung: D:\Raphi\Desktop\cod4 on Slayz-9c5f82f21\iw3mp.exe Pfad des fehlerhaften
Moduls: D:\Raphi\Desktop\cod4 on Slayz-9c5f82f21\iw3mp.exe Berichtskennung: 3d1e8152-b003-11e0-9dac-001e90102b60

Error - 16.07.2011 19:28:19 | Computer Name = Ralfs-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iw3mp.exe, Version: 0.0.0.0, Zeitstempel:
0x4859a219 Name des fehlerhaften Moduls: iw3mp.exe, Version: 0.0.0.0, Zeitstempel:
0x4859a219 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0027782e ID des fehlerhaften Prozesses:
0x554 Startzeit der fehlerhaften Anwendung: 0x01cc441008499c8a Pfad der fehlerhaften
Anwendung: D:\Raphi\Desktop\cod4 on Slayz-9c5f82f21\iw3mp.exe Pfad des fehlerhaften
Moduls: D:\Raphi\Desktop\cod4 on Slayz-9c5f82f21\iw3mp.exe Berichtskennung: 49a5f32c-b003-11e0-9dac-001e90102b60

Error - 16.07.2011 21:59:30 | Computer Name = Ralfs-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iw3mp.exe, Version: 0.0.0.0, Zeitstempel:
0x4859a219 Name des fehlerhaften Moduls: iw3mp.exe, Version: 0.0.0.0, Zeitstempel:
0x4859a219 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0027782e ID des fehlerhaften Prozesses:
0xcf0 Startzeit der fehlerhaften Anwendung: 0x01cc4425259b3e14 Pfad der fehlerhaften
Anwendung: D:\Raphi\Desktop\cod4 on Slayz-9c5f82f21\iw3mp.exe Pfad des fehlerhaften
Moduls: D:\Raphi\Desktop\cod4 on Slayz-9c5f82f21\iw3mp.exe Berichtskennung: 68622a06-b018-11e0-9dac-001e90102b60

Error - 16.07.2011 21:59:41 | Computer Name = Ralfs-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iw3mp.exe, Version: 0.0.0.0, Zeitstempel:
0x4859a219 Name des fehlerhaften Moduls: iw3mp.exe, Version: 0.0.0.0, Zeitstempel:
0x4859a219 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0027782e ID des fehlerhaften Prozesses:
0x1278 Startzeit der fehlerhaften Anwendung: 0x01cc44252e568b9f Pfad der fehlerhaften
Anwendung: D:\Raphi\Desktop\cod4 on Slayz-9c5f82f21\iw3mp.exe Pfad des fehlerhaften
Moduls: D:\Raphi\Desktop\cod4 on Slayz-9c5f82f21\iw3mp.exe Berichtskennung: 6e980470-b018-11e0-9dac-001e90102b60

Error - 01.09.2011 19:32:54 | Computer Name = Ralfs-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_FontCache, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7c8f9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000263ea
ID
des fehlerhaften Prozesses: 0xb30 Startzeit der fehlerhaften Anwendung: 0x01cc68f19ef94acc
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: b6a773a1-d4f2-11e0-98f9-001e90102b60

Error - 06.09.2011 07:16:34 | Computer Name = Ralfs-PC | Source = Google Update | ID = 20
Description =

Error - 10.09.2011 10:51:18 | Computer Name = Ralfs-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e21213c Ausnahmecode: 0xc0000002 Fehleroffset: 0x000000000000cacd
ID
des fehlerhaften Prozesses: 0x5f0 Startzeit der fehlerhaften Anwendung: 0x01cc6fb861a38f2b
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Windows\system32\KERNELBASE.dll Berichtskennung: 56d0b716-dbbc-11e0-9ca8-001e90102b60

[ System Events ]
Error - 23.07.2011 07:59:20 | Computer Name = Ralfs-PC | Source = DCOM | ID = 10010
Description =

Error - 23.07.2011 08:27:09 | Computer Name = Ralfs-PC | Source = NetBT | ID = 4321
Description = Der Name "HOME :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.106 registriert werden. Der Computer mit IP-Adresse 192.168.2.105
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.

Error - 23.07.2011 11:05:39 | Computer Name = Ralfs-PC | Source = DCOM | ID = 10010
Description =

Error - 24.07.2011 09:48:43 | Computer Name = Ralfs-PC | Source = DCOM | ID = 10010
Description =

Error - 24.07.2011 14:45:51 | Computer Name = Ralfs-PC | Source = DCOM | ID = 10010
Description =

Error - 24.07.2011 17:32:10 | Computer Name = Ralfs-PC | Source = DCOM | ID = 10010
Description =

Error - 25.07.2011 05:18:31 | Computer Name = Ralfs-PC | Source = DCOM | ID = 10010
Description =

Error - 25.07.2011 13:11:00 | Computer Name = Ralfs-PC | Source = DCOM | ID = 10010
Description =

Error - 26.07.2011 08:45:24 | Computer Name = Ralfs-PC | Source = DCOM | ID = 10010
Description =

Error - 27.07.2011 05:18:52 | Computer Name = Ralfs-PC | Source = DCOM | ID = 10010
Description =


< End of report >
Seitenanfang Seitenende
14.09.2011, 23:34
Swisstreasure
Moderator

Beiträge: 5694
#3 Sorry habe dich womöglich übersehen. Bestehen die Probleme noch?
Seitenanfang Seitenende
15.09.2011, 17:30
Raffl
...neu hier

Themenstarter

Beiträge: 3
#4 Ja, wäre nett wenn du dir das mal ansehen könntest ;)
Seitenanfang Seitenende
15.09.2011, 18:47
Swisstreasure
Moderator

Beiträge: 5694
#5 Downloade Dir bitte Malwarebytes
• Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
• Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
• Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
• Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
• Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
• Nachträglich kannst du den Bericht unter "Log Dateien" finden.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1