Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU- Trojaner Windows 7 /64

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.04.2013, 19:23   #16
aharonov
/// TB-Ausbilder
 
GVU- Trojaner Windows 7 /64 - Standard

GVU- Trojaner Windows 7 /64



Danke für die Rückmeldung.
Und im Namen des Teams vielen Dank für die Spende!


Freut mich, dass wir helfen konnten.

Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun.

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________
cheers,
Leo

Alt 16.04.2013, 17:48   #17
aharonov
/// TB-Ausbilder
 
GVU- Trojaner Windows 7 /64 - Standard

GVU- Trojaner Windows 7 /64



Da scheint jetzt noch ein Delta aufgetaucht zu sein..


Schritt 1

Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
  • Schliesse alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



Schritt 2

Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
  • Doppelklick auf die OTL.exe.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Setze den Haken bei Scan all Users.
  • Klicke nun auf Run Scan.
  • Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
  • Poste den Inhalt dieser Logfiles hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von AdwCleaner
  • Logs von OTL
__________________

__________________

Alt 16.04.2013, 18:26   #18
Bberry
 
GVU- Trojaner Windows 7 /64 - Standard

GVU- Trojaner Windows 7 /64



Vielen lieben Dank nochmals für deine Mühe

ADWCleaner:

Code:
ATTFilter
# AdwCleaner v2.200 - Datei am 16/04/2013 um 19:14:20 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Babuu - BABUU-HP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Babuu\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : BrowserProtect

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Babuu\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\Babuu\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\Babuu\AppData\Roaming\Mozilla\Firefox\Profiles\a79pj5qc.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\Babuu\AppData\Roaming\Mozilla\Firefox\Profiles\a79pj5qc.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\Babuu\AppData\Roaming\Mozilla\Firefox\Profiles\a79pj5qc.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Gelöscht mit Neustart : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\Program Files (x86)\Delta
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\Babuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Ordner Gelöscht : C:\Users\Babuu\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Babuu\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Babuu\AppData\Roaming\Delta
Ordner Gelöscht : C:\Users\Babuu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Ordner Gelöscht : C:\Users\Babuu\AppData\Roaming\Mozilla\Firefox\Profiles\a79pj5qc.default\extensions\ffxtlbr@delta.com

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261125~1.80\{c16c1~1\browse~1.dll
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\5b538ddcb73abf47
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5b538ddcb73abf47
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Schlüssel Gelöscht : HKU\S-1-5-21-722544647-917449935-176176110-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{0F827075-B026-42F3-885D-98981EE7B1AE}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www1.delta-search.com/?affID=119518&babsrc=HP_ss&mntrId=0EC5E0469AA57608 --> hxxp://www.google.com

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

Datei : C:\Users\Babuu\AppData\Roaming\Mozilla\Firefox\Profiles\a79pj5qc.default\prefs.js

C:\Users\Babuu\AppData\Roaming\Mozilla\Firefox\Profiles\a79pj5qc.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\Babuu\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [7103 octets] - [16/04/2013 19:14:20]

########## EOF - C:\AdwCleaner[S1].txt - [7163 octets] ##########
         
OTL:

Code:
ATTFilter
OTL logfile created on: 4/16/2013 7:18:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Babuu\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7.98 Gb Total Physical Memory | 5.88 Gb Available Physical Memory | 73.64% Memory free
15.96 Gb Paging File | 13.79 Gb Available in Paging File | 86.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.40 Gb Total Space | 871.61 Gb Free Space | 94.90% Space Free | Partition Type: NTFS
Drive D: | 13.01 Gb Total Space | 1.60 Gb Free Space | 12.30% Space Free | Partition Type: NTFS
Drive E: | 230.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: BABUU-HP | User Name: Babuu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Babuu\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (HP)
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()
PRC - C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe ()
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe (Ulead Systems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Babuu\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Babuu\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Babuu\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Users\Babuu\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()
MOD - C:\Users\Babuu\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll ()
MOD - C:\Users\Babuu\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll ()
MOD - C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()
MOD - C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (HPClientSvc) -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WSWNA1100) -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe ()
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (jswpsapi) -- C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (pmxdrv) -- C:\Windows\SysNative\drivers\pmxdrv.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (athur) -- C:\Windows\SysNative\drivers\athurx.sys (Atheros Communications, Inc.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (fdrawcmd) -- C:\Windows\SysNative\drivers\fdrawcmd.sys (simonowen.com)
DRV:64bit: - (JSWPSLWF) -- C:\Windows\SysNative\drivers\jswpslwfx.sys (Atheros Communications, Inc.)
DRV:64bit: - (SCMNdisP) -- C:\Windows\SysNative\drivers\SCMNdisP.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (busbcrw) -- C:\Windows\SysNative\drivers\bucrw64.sys (Brother Industries, Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6D1C4F59-012F-440C-B947-AA9319265BEB}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6D1C4F59-012F-440C-B947-AA9319265BEB}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-722544647-917449935-176176110-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKU\S-1-5-21-722544647-917449935-176176110-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-722544647-917449935-176176110-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-722544647-917449935-176176110-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-722544647-917449935-176176110-1000\..\SearchScopes\{6D1C4F59-012F-440C-B947-AA9319265BEB}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-722544647-917449935-176176110-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKU\S-1-5-21-722544647-917449935-176176110-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-722544647-917449935-176176110-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-722544647-917449935-176176110-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Babuu\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Babuu\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
 
[2012/08/05 22:08:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Babuu\AppData\Roaming\mozilla\Extensions
[2013/04/16 19:14:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Babuu\AppData\Roaming\mozilla\Firefox\Profiles\a79pj5qc.default\extensions
[2012/11/20 15:18:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/08/05 22:09:19 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\mozilla firefox\extensions\websitelogon@truesuite.com
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www1.delta-search.com/?affID=119518&babsrc=HP_ss&mntrId=0EC5E0469AA57608
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Babuu\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Babuu\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Babuu\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Simple Pass 2011 (Enabled) = C:\Users\Babuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe\1.0_0\npwebsitelogon.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Babuu\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: WOT = C:\Users\Babuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.11_0\
CHR - Extension: YouTube = C:\Users\Babuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Babuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! WebRep = C:\Users\Babuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
CHR - Extension: Website Logon = C:\Users\Babuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe\1.0_0\
CHR - Extension: Google Mail = C:\Users\Babuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-722544647-917449935-176176110-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [Ulead AutoDetector] C:\Program Files (x86)\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe (Ulead Systems, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Babuu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O7 - HKU\S-1-5-21-722544647-917449935-176176110-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-722544647-917449935-176176110-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDB13B49-2FE3-4A81-A3BD-F8BFA44279A3}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261125~1.80\{c16c1~1\browse~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/16 10:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013/04/16 09:46:45 | 000,000,000 | ---D | C] -- C:\Users\Babuu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
[2013/04/16 09:46:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Convar
[2013/04/15 20:07:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/04/15 18:02:00 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/04/15 17:57:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/04/15 17:41:39 | 000,691,592 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/04/15 17:41:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/04/15 17:40:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/04/15 17:21:13 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013/04/15 17:18:17 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/04/15 17:18:17 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/04/15 17:18:17 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/04/15 17:18:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/04/15 17:18:16 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/04/15 17:18:16 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/04/15 17:18:16 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/04/15 17:18:16 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/04/15 17:18:16 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/04/15 17:18:16 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/04/15 17:18:16 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/04/15 17:18:15 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/04/15 17:18:15 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/04/15 17:18:15 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/04/15 17:18:15 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/04/15 17:18:15 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/04/15 17:18:15 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/04/15 17:18:15 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/04/15 17:18:15 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/04/15 17:18:15 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/04/15 17:18:15 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/04/15 17:18:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/04/15 17:18:15 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/04/15 17:18:15 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/04/15 17:18:15 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/04/15 17:18:15 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/04/15 17:18:14 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/04/15 17:18:14 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/04/15 17:18:14 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/04/15 17:18:14 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/04/15 17:18:14 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/04/15 17:18:14 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/04/15 17:18:14 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/04/15 17:18:14 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/04/15 17:18:14 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/04/15 17:18:14 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/04/15 17:18:14 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/04/15 17:18:14 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/04/15 17:18:14 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/04/15 17:18:14 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/04/15 17:18:14 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/04/15 17:18:14 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/04/15 17:18:14 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/04/15 17:18:14 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/04/15 17:18:14 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/04/15 17:18:14 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/04/15 17:18:13 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/04/15 17:18:13 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/04/15 17:18:13 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/04/15 17:18:13 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/04/15 17:18:13 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/04/15 17:18:13 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/04/15 17:18:13 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/04/15 17:18:13 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/04/15 17:18:13 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/04/15 17:18:13 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/04/15 17:18:13 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/04/15 17:18:13 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/04/15 17:18:13 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/04/15 17:18:13 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/04/15 17:18:13 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/04/15 17:18:13 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/04/15 17:18:13 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/04/15 17:18:13 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/04/15 17:18:13 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/04/15 17:18:13 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/04/15 17:18:13 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/04/15 17:18:12 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/04/14 20:06:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2013/04/14 20:06:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2013/04/14 19:17:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/04/14 19:04:52 | 000,000,000 | ---D | C] -- C:\Users\Babuu\AppData\Roaming\Malwarebytes
[2013/04/14 19:04:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/14 19:04:45 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/14 19:04:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/04/14 19:04:28 | 000,000,000 | ---D | C] -- C:\Users\Babuu\AppData\Local\Programs
[2013/04/14 18:54:25 | 000,000,000 | ---D | C] -- C:\Users\Babuu\AppData\Roaming\AVG2013
[2013/04/14 18:53:47 | 000,000,000 | ---D | C] -- C:\Users\Babuu\AppData\Roaming\TuneUp Software
[2013/04/14 18:53:34 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/04/14 18:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/04/14 18:48:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/04/14 18:48:54 | 000,000,000 | ---D | C] -- C:\Users\Babuu\AppData\Local\MFAData
[2013/04/14 18:48:54 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/04/14 18:48:54 | 000,000,000 | ---D | C] -- C:\Users\Babuu\AppData\Local\Avg2013
[2013/04/14 17:57:59 | 000,000,000 | ---D | C] -- C:\Users\Babuu\AppData\Local\Adobe
[2013/04/14 17:43:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/04/14 17:38:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/04/14 17:38:46 | 000,377,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/04/14 17:38:46 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/04/14 17:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/04/14 17:38:45 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/04/14 17:38:45 | 000,070,992 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/04/14 17:38:45 | 000,068,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/04/14 17:38:44 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/04/14 17:38:44 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/04/14 17:38:32 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/04/14 17:38:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/04/14 17:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/04/10 07:20:42 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/04/10 07:20:42 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/04/10 07:20:42 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/04/10 07:20:42 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/04/10 07:20:42 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/04/10 07:20:42 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/04/10 07:20:36 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/04/10 07:20:36 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/10 07:20:36 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/04/10 07:20:36 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/04/10 07:20:36 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/04/10 07:20:36 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/03/25 12:04:19 | 000,000,000 | ---D | C] -- C:\Users\Babuu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013/03/25 11:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2013/03/25 11:56:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2013/03/18 10:25:48 | 000,000,000 | ---D | C] -- C:\Users\Babuu\ebooks
[2013/03/17 21:27:14 | 000,000,000 | ---D | C] -- C:\Users\Babuu\Kinder - Papierkram
[2013/03/17 21:16:17 | 000,000,000 | ---D | C] -- C:\Users\Babuu\Haus
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/16 19:15:34 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/16 19:15:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/16 19:15:19 | 2132,406,271 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/16 19:14:33 | 000,000,097 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/04/16 19:05:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-722544647-917449935-176176110-1000UA.job
[2013/04/16 18:49:02 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/16 18:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/16 18:29:25 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/16 18:29:25 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/16 14:05:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-722544647-917449935-176176110-1000Core.job
[2013/04/16 10:04:59 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/16 10:04:59 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/04/16 10:04:59 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/16 10:04:59 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/04/16 10:04:59 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/16 10:02:16 | 000,001,320 | ---- | M] () -- C:\Users\Babuu\Desktop\PC Inspector File Recovery.lnk
[2013/04/15 20:07:01 | 000,001,439 | ---- | M] () -- C:\Users\Babuu\Desktop\delfix - Verknüpfung.lnk
[2013/04/15 18:02:00 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/04/15 18:02:00 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/04/15 17:18:17 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/04/15 17:18:17 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/04/15 17:18:17 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/04/15 17:18:17 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/04/15 17:18:16 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/04/15 17:18:16 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/04/15 17:18:16 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/04/15 17:18:16 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/04/15 17:18:16 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/04/15 17:18:16 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/04/15 17:18:16 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/04/15 17:18:15 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/04/15 17:18:15 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/04/15 17:18:15 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/04/15 17:18:15 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/04/15 17:18:15 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/04/15 17:18:15 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/04/15 17:18:15 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/04/15 17:18:15 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/04/15 17:18:15 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/04/15 17:18:15 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/04/15 17:18:15 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/04/15 17:18:15 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/04/15 17:18:15 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/04/15 17:18:15 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/04/15 17:18:15 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/04/15 17:18:14 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/04/15 17:18:14 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/04/15 17:18:14 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/04/15 17:18:14 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/04/15 17:18:14 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/04/15 17:18:14 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/04/15 17:18:14 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/04/15 17:18:14 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/04/15 17:18:14 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/04/15 17:18:14 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/04/15 17:18:14 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/04/15 17:18:14 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/04/15 17:18:14 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/04/15 17:18:14 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/04/15 17:18:14 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/04/15 17:18:14 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/04/15 17:18:14 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/04/15 17:18:14 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/04/15 17:18:14 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/04/15 17:18:14 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/04/15 17:18:14 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/04/15 17:18:14 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/04/15 17:18:13 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/04/15 17:18:13 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/04/15 17:18:13 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/04/15 17:18:13 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/04/15 17:18:13 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/04/15 17:18:13 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/04/15 17:18:13 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/04/15 17:18:13 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/04/15 17:18:13 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/04/15 17:18:13 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/04/15 17:18:13 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/04/15 17:18:13 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/04/15 17:18:13 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/04/15 17:18:13 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/04/15 17:18:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/04/15 17:18:13 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/04/15 17:18:13 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/04/15 17:18:13 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/04/15 17:18:13 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/04/15 17:18:13 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/04/15 17:18:13 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/04/15 17:18:12 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/04/15 06:27:08 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBabuu.job
[2013/04/14 20:06:45 | 000,001,280 | ---- | M] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2013/04/14 19:04:46 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/04/14 17:40:52 | 000,001,408 | ---- | M] () -- C:\Users\Babuu\Desktop\OTL - Verknüpfung.lnk
[2013/04/14 17:38:46 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/04/14 17:38:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/04/14 17:04:56 | 000,001,459 | ---- | M] () -- C:\Users\Babuu\Desktop\epxsbr4s - Verknüpfung.lnk
[2013/04/11 06:46:02 | 000,349,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/28 19:42:36 | 000,005,262 | ---- | M] () -- C:\Users\Babuu\Sabinea.jpg
[2013/03/28 18:07:12 | 000,002,364 | ---- | M] () -- C:\Users\Babuu\Desktop\jetzt im tv.lnk
[2013/03/27 09:52:36 | 000,018,679 | ---- | M] () -- C:\Users\Babuu\Sonne.jpg
[2013/03/25 14:56:14 | 000,003,502 | ---- | M] () -- C:\Users\Babuu\böse.jpg
[2013/03/21 14:38:59 | 000,000,192 | ---- | M] () -- C:\Windows\password.klc
[2013/03/20 18:30:31 | 000,018,221 | ---- | M] () -- C:\Users\Babuu\Maus.jpg
[2013/03/19 08:04:06 | 005,550,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/03/19 07:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/03/19 07:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/03/19 07:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/03/19 06:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/03/19 05:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
 
========== Files Created - No Company Name ==========
 
[2013/04/16 19:14:27 | 000,000,097 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/04/16 09:46:45 | 000,001,320 | ---- | C] () -- C:\Users\Babuu\Desktop\PC Inspector File Recovery.lnk
[2013/04/15 20:07:01 | 000,001,439 | ---- | C] () -- C:\Users\Babuu\Desktop\delfix - Verknüpfung.lnk
[2013/04/15 18:02:01 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/15 17:18:14 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/04/15 17:18:14 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/04/14 20:06:45 | 000,001,280 | ---- | C] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2013/04/14 19:04:46 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/04/14 17:39:47 | 000,001,408 | ---- | C] () -- C:\Users\Babuu\Desktop\OTL - Verknüpfung.lnk
[2013/04/14 17:38:48 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/14 17:38:47 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/14 17:38:46 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/04/14 17:38:44 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/04/14 17:38:44 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/04/14 17:38:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/04/14 17:04:20 | 000,001,459 | ---- | C] () -- C:\Users\Babuu\Desktop\epxsbr4s - Verknüpfung.lnk
[2013/03/28 19:42:36 | 000,005,262 | ---- | C] () -- C:\Users\Babuu\Sabinea.jpg
[2013/03/27 09:52:36 | 000,018,679 | ---- | C] () -- C:\Users\Babuu\Sonne.jpg
[2013/03/25 14:56:14 | 000,003,502 | ---- | C] () -- C:\Users\Babuu\böse.jpg
[2013/03/20 18:30:31 | 000,018,221 | ---- | C] () -- C:\Users\Babuu\Maus.jpg
[2013/03/02 20:51:53 | 000,032,219 | ---- | C] () -- C:\Users\Babuu\Schrankwand.jpg
[2013/03/02 20:49:17 | 000,044,691 | ---- | C] () -- C:\Users\Babuu\Couch.jpg
[2013/03/01 20:27:06 | 000,044,063 | ---- | C] () -- C:\Users\Babuu\monsta.jpg
[2013/02/28 21:39:05 | 000,013,264 | ---- | C] () -- C:\Users\Babuu\pferd2.jpg
[2013/02/25 21:25:34 | 000,059,229 | ---- | C] () -- C:\Users\Babuu\Knuddies.jpg
[2013/02/23 19:33:28 | 000,035,375 | ---- | C] () -- C:\Users\Babuu\Garderobe.jpg
[2013/02/22 22:10:09 | 000,084,022 | ---- | C] () -- C:\Users\Babuu\Pferdklein.jpg
[2013/02/22 20:40:12 | 000,068,227 | ---- | C] () -- C:\Users\Babuu\Pferd1.1.jpg
[2013/02/22 18:48:45 | 000,085,259 | ---- | C] () -- C:\Users\Babuu\Pferd.jpg
[2013/02/21 19:03:30 | 000,047,299 | ---- | C] () -- C:\Users\Babuu\Wurmtest.jpg
[2013/02/19 20:07:15 | 000,031,123 | ---- | C] () -- C:\Users\Babuu\Tattoofarbe.jpg
[2013/02/19 18:41:01 | 000,032,707 | ---- | C] () -- C:\Users\Babuu\Tattoonew.jpg
[2013/02/17 23:08:50 | 000,003,898 | ---- | C] () -- C:\Users\Babuu\tattooneu.jpg
[2013/02/17 23:01:48 | 000,007,594 | ---- | C] () -- C:\Users\Babuu\tattoo.jpg
[2013/02/17 22:55:11 | 000,005,280 | ---- | C] () -- C:\Users\Babuu\testxy.jpg
[2013/02/17 22:38:16 | 000,006,071 | ---- | C] () -- C:\Users\Babuu\test2.jpg
[2013/02/17 22:37:39 | 000,005,120 | ---- | C] () -- C:\Users\Babuu\test1.jpg
[2013/02/17 22:36:52 | 000,005,200 | ---- | C] () -- C:\Users\Babuu\test5.jpg
[2013/02/17 22:34:58 | 000,004,589 | ---- | C] () -- C:\Users\Babuu\test4.jpg
[2013/02/17 22:34:25 | 000,004,252 | ---- | C] () -- C:\Users\Babuu\test3.jpg
[2013/02/17 22:11:28 | 000,003,459 | ---- | C] () -- C:\Users\Babuu\tattoo2.jpg
[2013/02/17 22:10:27 | 000,005,378 | ---- | C] () -- C:\Users\Babuu\tattooruth.jpg
[2013/02/17 21:54:06 | 000,004,682 | ---- | C] () -- C:\Users\Babuu\Text2.jpg
[2013/02/17 21:53:29 | 000,004,373 | ---- | C] () -- C:\Users\Babuu\Text1.jpg
[2013/02/15 12:06:52 | 000,039,803 | ---- | C] () -- C:\Users\Babuu\Lio1.jpg
[2013/02/15 12:06:37 | 000,044,313 | ---- | C] () -- C:\Users\Babuu\Lio2.jpg
[2013/02/13 14:46:58 | 000,039,728 | ---- | C] () -- C:\Users\Babuu\me.jpg
[2013/02/11 01:07:02 | 000,008,088 | ---- | C] () -- C:\Users\Babuu\ronja3.jpg
[2013/02/11 00:42:05 | 000,034,373 | ---- | C] () -- C:\Users\Babuu\Ronja2.jpg
[2013/02/10 23:07:03 | 000,029,985 | ---- | C] () -- C:\Users\Babuu\Ronja.jpg
[2013/02/07 17:56:58 | 000,043,075 | ---- | C] () -- C:\Users\Babuu\Flur.jpg
[2013/02/07 08:26:44 | 000,037,464 | ---- | C] () -- C:\Users\Babuu\´Draculaura.jpg
[2013/02/05 22:35:34 | 000,042,605 | ---- | C] () -- C:\Users\Babuu\Arbeitsplatz.jpg
[2013/01/30 19:30:22 | 000,011,625 | ---- | C] () -- C:\Users\Babuu\MeNia.jpg
[2013/01/29 23:16:10 | 000,027,999 | ---- | C] () -- C:\Users\Babuu\Pferdekopfskizze.jpg
[2013/01/29 00:27:26 | 000,007,944 | ---- | C] () -- C:\Users\Babuu\etsybanner.jpg
[2013/01/28 01:07:27 | 000,016,776 | ---- | C] () -- C:\Users\Babuu\fliepi.jpg
[2013/01/25 17:15:15 | 000,060,307 | ---- | C] () -- C:\Users\Babuu\paket3.jpg
[2013/01/25 17:15:03 | 000,072,011 | ---- | C] () -- C:\Users\Babuu\paket2.jpg
[2013/01/25 17:14:49 | 000,063,554 | ---- | C] () -- C:\Users\Babuu\Paket1.jpg
[2013/01/23 21:15:40 | 000,059,563 | ---- | C] () -- C:\Users\Babuu\Screen.jpg
[2013/01/23 21:08:05 | 000,089,422 | ---- | C] () -- C:\Users\Babuu\hintergrundtest1002.jpg
[2013/01/23 20:57:38 | 000,089,187 | ---- | C] () -- C:\Users\Babuu\hintergrundtest1001.jpg
[2013/01/23 20:44:58 | 000,112,461 | ---- | C] () -- C:\Users\Babuu\hintergrundtest1000.jpg
[2013/01/23 20:02:16 | 000,178,980 | ---- | C] () -- C:\Users\Babuu\Hintergrundblog.jpg
[2013/01/23 19:58:20 | 000,005,120 | ---- | C] () -- C:\Users\Babuu\~Hintergrund.UAS
[2013/01/23 19:54:36 | 000,174,208 | ---- | C] () -- C:\Users\Babuu\Hintergrund.jpg
[2013/01/23 19:48:20 | 000,173,568 | ---- | C] () -- C:\Users\Babuu\~Blog2.UAS
[2013/01/23 19:38:15 | 000,076,376 | ---- | C] () -- C:\Users\Babuu\Blog2.jpg
[2013/01/23 19:32:10 | 000,077,549 | ---- | C] () -- C:\Users\Babuu\Blog.jpg
[2013/01/23 19:32:02 | 000,172,544 | ---- | C] () -- C:\Users\Babuu\Blog.ufo
[2013/01/23 19:06:26 | 000,042,102 | ---- | C] () -- C:\Users\Babuu\fbbanner2.jpg
[2013/01/23 18:57:59 | 000,054,353 | ---- | C] () -- C:\Users\Babuu\fbbanner.jpg
[2013/01/23 18:49:13 | 000,047,399 | ---- | C] () -- C:\Users\Babuu\Profilbildfb.jpg
[2013/01/23 18:40:34 | 000,033,702 | ---- | C] () -- C:\Users\Babuu\Profilbild.jpg
[2013/01/23 18:28:32 | 000,058,234 | ---- | C] () -- C:\Users\Babuu\Dawandabanner.jpg
[2013/01/23 17:51:32 | 000,058,445 | ---- | C] () -- C:\Users\Babuu\logodawanda2.jpg
[2013/01/23 17:45:29 | 000,043,979 | ---- | C] () -- C:\Users\Babuu\logodawanda.jpg
[2013/01/23 17:30:59 | 000,044,426 | ---- | C] () -- C:\Users\Babuu\Logo.jpg
[2013/01/23 11:51:54 | 000,189,597 | ---- | C] () -- C:\Users\Babuu\Stoffe.jpg
[2013/01/11 14:49:16 | 000,184,395 | ---- | C] () -- C:\Users\Babuu\Tasche.jpg
[2013/01/06 15:43:26 | 000,267,528 | ---- | C] () -- C:\Users\Babuu\Maya.jpg
[2013/01/06 13:58:54 | 000,282,913 | ---- | C] () -- C:\Users\Babuu\StroffeTausch.jpg
[2013/01/05 20:17:09 | 000,225,706 | ---- | C] () -- C:\Users\Babuu\Stoff.jpg
[2013/01/04 17:07:18 | 000,062,603 | ---- | C] () -- C:\Users\Babuu\Tashi.jpg
[2013/01/01 00:28:33 | 000,173,468 | ---- | C] () -- C:\Users\Babuu\silvester10.jpg
[2013/01/01 00:28:14 | 000,145,249 | ---- | C] () -- C:\Users\Babuu\silvester9.jpg
[2013/01/01 00:27:50 | 000,168,779 | ---- | C] () -- C:\Users\Babuu\silvester8.jpg
[2013/01/01 00:27:32 | 000,226,602 | ---- | C] () -- C:\Users\Babuu\silvester7.jpg
[2013/01/01 00:26:36 | 000,194,938 | ---- | C] () -- C:\Users\Babuu\silvester6.jpg
[2013/01/01 00:25:27 | 000,214,917 | ---- | C] () -- C:\Users\Babuu\silvester5.jpg
[2013/01/01 00:24:25 | 000,199,580 | ---- | C] () -- C:\Users\Babuu\silvester4.jpg
[2013/01/01 00:23:29 | 000,191,261 | ---- | C] () -- C:\Users\Babuu\silvester3.jpg
[2013/01/01 00:22:50 | 000,218,576 | ---- | C] () -- C:\Users\Babuu\Silvester2.jpg
[2013/01/01 00:22:00 | 000,208,397 | ---- | C] () -- C:\Users\Babuu\Silvester1.jpg
[2012/12/31 23:52:35 | 000,112,808 | ---- | C] () -- C:\Users\Babuu\Neujahr.jpg
[2012/12/30 20:57:17 | 000,258,110 | ---- | C] () -- C:\Users\Babuu\sesselbezug2.jpg
[2012/12/30 20:11:12 | 000,232,091 | ---- | C] () -- C:\Users\Babuu\Sesselbezug.jpg
[2012/12/30 17:58:23 | 000,214,516 | ---- | C] () -- C:\Users\Babuu\aufräumen3.jpg
[2012/12/30 17:58:10 | 000,154,067 | ---- | C] () -- C:\Users\Babuu\aufräumen2.jpg
[2012/12/30 17:57:53 | 000,199,038 | ---- | C] () -- C:\Users\Babuu\aufräumen1.jpg
[2012/12/30 16:44:11 | 000,190,994 | ---- | C] () -- C:\Users\Babuu\nähchaos3.jpg
[2012/12/30 16:43:22 | 000,179,817 | ---- | C] () -- C:\Users\Babuu\Nähchaos2.jpg
[2012/12/30 16:41:29 | 000,206,625 | ---- | C] () -- C:\Users\Babuu\Nähchaos1.jpg
[2012/12/26 17:30:23 | 000,152,190 | ---- | C] () -- C:\Users\Babuu\Zum Geburtstag.jpg
[2012/12/26 16:59:57 | 001,093,120 | ---- | C] () -- C:\Users\Babuu\Rose.ufo
[2012/12/16 18:00:48 | 000,055,368 | ---- | C] () -- C:\Users\Babuu\LiloNala4.jpg
[2012/12/16 18:00:22 | 000,048,546 | ---- | C] () -- C:\Users\Babuu\LiloNala3.jpg
[2012/12/16 17:59:39 | 000,059,956 | ---- | C] () -- C:\Users\Babuu\LiloNala2.jpg
[2012/12/16 17:58:43 | 000,042,003 | ---- | C] () -- C:\Users\Babuu\LiloNala1.jpg
[2012/12/15 11:14:58 | 000,016,834 | ---- | C] () -- C:\Users\Babuu\SkizzeMaria.jpg
[2012/12/14 15:51:10 | 000,062,069 | ---- | C] () -- C:\Users\Babuu\Pickelchen.jpg
[2012/12/06 21:30:08 | 000,086,355 | ---- | C] () -- C:\Users\Babuu\Michaela.jpg
[2012/11/22 21:08:36 | 000,099,271 | ---- | C] () -- C:\Users\Babuu\Arbeitszimmer.jpg
[2012/11/20 15:10:47 | 000,000,120 | ---- | C] () -- C:\Windows\WINRESAZ.INI
[2012/11/20 14:49:17 | 000,000,165 | ---- | C] () -- C:\Windows\WINÙS…ÏÈ.INI
[2012/11/19 17:09:08 | 000,019,684 | ---- | C] () -- C:\Users\Babuu\AppData\Local\internal.grp
[2012/11/19 17:07:02 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ2414N.DAT
[2012/11/18 15:14:10 | 000,000,030 | ---- | C] () -- C:\Windows\Iedit.INI
[2012/05/22 15:53:46 | 000,007,680 | ---- | C] () -- C:\Users\Babuu\ElsterEinkommenssteuer2011.elfo
[2012/05/22 15:31:12 | 000,007,010 | ---- | C] () -- C:\Users\Babuu\ElsterEÜR2011.elfo
[2012/03/07 15:02:11 | 000,000,071 | ---- | C] () -- C:\Windows\pex.INI
[2012/03/07 09:44:29 | 000,004,918 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2012/02/19 20:55:29 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2012/02/11 04:36:10 | 000,002,792 | ---- | C] () -- C:\Program Files\HP SimplePass 2011
[2012/02/11 04:28:38 | 000,000,196 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/06/21 10:07:00 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/04/14 18:54:25 | 000,000,000 | ---D | M] -- C:\Users\Babuu\AppData\Roaming\AVG2013
[2013/02/13 11:36:07 | 000,000,000 | ---D | M] -- C:\Users\Babuu\AppData\Roaming\Canneverbe Limited
[2013/03/03 17:40:02 | 000,000,000 | ---D | M] -- C:\Users\Babuu\AppData\Roaming\Canon
[2012/05/22 15:03:11 | 000,000,000 | ---D | M] -- C:\Users\Babuu\AppData\Roaming\elsterformular
[2013/01/23 16:23:37 | 000,000,000 | ---D | M] -- C:\Users\Babuu\AppData\Roaming\EMBIRD32
[2013/01/23 16:26:11 | 000,000,000 | ---D | M] -- C:\Users\Babuu\AppData\Roaming\EMBIRD32_STUDIO_N
[2012/05/10 15:45:24 | 000,000,000 | ---D | M] -- C:\Users\Babuu\AppData\Roaming\OpenOffice.org
[2013/04/14 18:53:47 | 000,000,000 | ---D | M] -- C:\Users\Babuu\AppData\Roaming\TuneUp Software
[2012/03/07 09:48:08 | 000,000,000 | ---D | M] -- C:\Users\Babuu\AppData\Roaming\Ulead Systems
[2012/09/06 10:49:28 | 000,000,000 | ---D | M] -- C:\Users\Babuu\AppData\Roaming\_MDLogs
 
========== Purity Check ==========
 
 

< End of report >
         
EXTRAS:

Code:
ATTFilter
OTL Extras logfile created on: 4/16/2013 7:18:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Babuu\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7.98 Gb Total Physical Memory | 5.88 Gb Available Physical Memory | 73.64% Memory free
15.96 Gb Paging File | 13.79 Gb Available in Paging File | 86.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.40 Gb Total Space | 871.61 Gb Free Space | 94.90% Space Free | Partition Type: NTFS
Drive D: | 13.01 Gb Total Space | 1.60 Gb Free Space | 12.30% Space Free | Partition Type: NTFS
Drive E: | 230.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: BABUU-HP | User Name: Babuu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0305ECD4-3FB9-4DFB-8B63-0203ED8B2EF1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{04095E83-598F-46E3-91EC-6907B98F454B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{06820504-F4E1-4C4B-BB52-C454A4D173B9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1EEB8006-6F93-49EC-A12F-3E79456411AD}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2419A4E9-F1D2-438C-A8E4-4B87C7F919F7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{29C067B2-5760-4608-BADD-AA4F0B6444F6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2C45D3BF-9864-4CB7-A2F3-6EA94FB23108}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2E116AF8-909B-4CBB-9A52-BEE353D60176}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{657A566F-6C1E-40E4-9D27-50EC86A54CB9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{688E4960-6888-4E3E-B7ED-6036662CDEF6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{75517889-FE84-4B4B-9EE3-BEBF48102075}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{77CBB400-443A-4A4C-B88A-504B929F7CC7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{82F43524-DDCB-4601-9C28-D170429322A8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{83CAE090-B894-4C55-BD53-68FECDB604F5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{862035EE-3B69-486B-AC7F-FE1FE3A7AAEC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{895464B9-E984-4523-BA20-46C6AF905CA3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{95218524-BBD1-43DF-AE45-EE7C1FBA8735}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9823F1A4-9E9B-4CA8-9739-C71149CC4B33}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9A20FE99-5F33-4DFA-BC5C-AB3E3EDA5954}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A1D53D43-791A-4761-B03B-BCF6E20A7505}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{A33AB0A6-3655-403F-AE90-78BA41C0FEC8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{A37B91E7-49FD-4247-875B-C9D62E985A37}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B91898E9-72D9-4DC1-A4D5-7759593945EB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CA15DEB9-75E8-417C-BAC0-B3ED94643415}" = rport=137 | protocol=17 | dir=out | app=system | 
"{CB394460-144D-4F60-962B-C17487D69A74}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CF1085B8-C702-42CE-9A2F-2DF46CBB8FFA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D03DE6C8-F503-4036-AECD-E1B898835AF6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{D05AF2F7-7C28-4A42-B7B1-A47C226E5FC1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DA08B39C-1C7C-4108-834A-5ACDB6AE336F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{DE5A1545-A408-4327-A1A5-42C8B396A4EA}" = lport=137 | protocol=17 | dir=in | app=system | 
"{EC9B3F55-8A73-4E6E-804F-8A7DC1FB954A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{F8B2975A-0907-49F5-AF1F-844E455198F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FCE1A036-AB74-4D2B-905D-B4ADA99B2158}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{035318EA-0985-4A41-8FED-1346D36F6E2D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{06EAF4C8-47CD-45B8-8903-16490A349E5C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{08E35DD6-1FC2-4825-8152-5E5826516882}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0DF946B0-EBA5-4681-A480-A1A0A937C567}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{118F7F4C-49B6-4851-A128-1077B1D5971C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{183EFB62-95A1-4A9F-96C3-E5EB832BC5AD}" = protocol=6 | dir=out | app=system | 
"{231EA630-747C-4485-85C3-B35F99F5EA12}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{24A9678A-FA27-4371-B1B3-CEEF5628AAA5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2DEBD358-7CF7-435C-9B15-6E38C5BE6DAB}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{33B9D662-C952-47B0-BBF9-0374F21D06C5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4D46ECEB-5B77-473E-A874-9A22C621B8F8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{50D36FC7-98D1-4D0C-9DE1-446F9DE1DE06}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{54267206-3CAF-4898-B072-BA1FDCD57B12}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe | 
"{5AB08F84-83BD-4C98-8A9B-84D77B992A9B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5C04822B-440B-4767-AD5B-0E5759F0A0A9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{6042B43B-1610-48FD-8C21-CFA4512B64CB}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe | 
"{71C18379-F7C6-408B-A9E8-DCF186513CFC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7866CA87-1327-40B0-8E05-337FA3DCB448}" = protocol=6 | dir=out | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe | 
"{8073321B-CD10-4247-A399-4D842C2CA52A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{894E5A82-0398-4A80-9EBF-EB72C078DA20}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{9179C66B-A146-4949-B64E-F8402CBADC4C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{99749EFB-1B5D-4A18-95AC-11B8040E17FD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A288B48A-AFE3-4239-98EF-70AE842560E0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{A6DE5228-4F61-476C-9030-813F68B528E4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B5344A58-CE55-47E5-AEBF-241B77721B67}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C8EAA934-BF06-400D-A1F5-F2F9F0DDBFFB}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe | 
"{D7FD3CA6-DDE1-4581-BDA5-A7664EC4D74D}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe | 
"{E7261B88-E04D-452E-80A7-03CF965653F8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EEBD81D8-2348-433F-BDA4-0C5BF8033B4B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{F1B43A5E-6647-4AA5-AC01-E3293675FD84}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F59DF94F-3705-44E9-8CB9-01401B7E1457}" = protocol=17 | dir=out | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe | 
"TCP Query User{3A81C874-D86D-45B8-9501-79538D6F5618}C:\program files (x86)\microsoft games\age of empires\empires.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires\empires.exe | 
"UDP Query User{46D580D6-A12A-45A5-9236-A4793B2AF776}C:\program files (x86)\microsoft games\age of empires\empires.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires\empires.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq2414" = CanoScan LiDE 110 Scanner Driver
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 267.95
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 267.95
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.95
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FF4EB6-6AAC-4E9D-A60A-8F388691BB27}" = HP SimplePass PE 2011
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0ABBF310-94E4-4AE8-A6BD-10345A3F6439}" = Google Drive
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DDDE141-9696-4E33-AB82-EF398169D7E5}" = Ulead PhotoImpact XL
"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{50DE8CAF-EF44-40F5-A48E-22BD08492284}" = PE-DESIGN Lite
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1" = Panda Cloud Cleaner
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2AE9709-283B-4B48-AA34-729C070A62FB}" = NETGEAR WNA1100 N150 Wireless USB Adapter
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{D35B72B6-F0E4-462B-BDEB-E08032B3B681}" = HP Setup
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB3147AB-4024-4773-8EC0-A1FE5B44933D}" = HP LinkUp
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires" = Microsoft Age of Empires
"avast" = avast! Free Antivirus
"CanonSolutionMenuEX" = Canon Solution Menu EX
"EasyBits Magic Desktop" = Magic Desktop
"ElsterFormular 13.2.0.8623k" = ElsterFormular
"Embird 2010" = Embird 2010
"ESET Online Scanner" = ESET Online Scanner v3
"fdrawcmd" = Fdrawcmd.sys 1.0.1.10
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PDF Complete" = PDF Complete Special Edition
"VIP Access SDK" = VIP Access SDK (1.0.1.4) 
"Vittalia" = Vittalia Installer
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-047dcbd1-d85d-4e95-a4af-207b7780ecad" = Mah Jong Medley
"WTA-0896344f-517d-4f48-870f-ede04ff58a48" = FATE
"WTA-091af0d4-5116-4bfa-a996-3ae8c1f988dd" = Zuma Deluxe
"WTA-0d9353ae-4d48-4db4-bcfa-4a3b1e8750c4" = Farm Frenzy
"WTA-14685520-365c-4fcf-8a1f-c78fa2925611" = Mystery of Mortlake Mansion
"WTA-1cba82d2-e1aa-4023-b932-88a5398ff84c" = Penguins!
"WTA-24cc89b3-5ebd-4b94-a1fb-5aebd624ec62" = Chronicles of Albian
"WTA-2c8e2bbe-6a57-4e93-bc16-34c730f92168" = Vacation Quest - The Hawaiian Islands
"WTA-35a8be29-cf49-40f7-b9c1-0995ff938732" = Virtual Villagers - The Secret City
"WTA-3f17b283-7ae6-483c-8923-a8665eb1c4fd" = Jewel Quest Solitaire
"WTA-61653620-877d-4f2d-b338-50f94a8e5423" = Slingo Deluxe
"WTA-79303f1d-a987-4047-bb0a-29a4078aa964" = Bejeweled 3
"WTA-7ac1bf3f-e888-47f1-a2d7-5e3d25b7119a" = Agatha Christie - Peril at End House
"WTA-93db79b4-585c-4c4f-b6ac-0c0e96ec3fb8" = Polar Bowler
"WTA-a0874fd5-b427-4ed4-bf74-6cddd51e540f" = Cradle of Rome 2
"WTA-aa6241aa-1e52-4fe6-af51-f55bedc48356" = Bounce Symphony
"WTA-b2ac85e5-bbe8-4051-a47e-9562d1f2fee1" = Governor of Poker 2 Premium Edition
"WTA-e4717af7-c6e7-4323-9359-c3783f9400d3" = Plants vs. Zombies - Game of the Year
"WTA-e8c59721-78e5-4204-8c7f-b05f7d92e05c" = Chuzzle Deluxe
"WTA-eaa60950-b24b-4403-a53b-71013acb732a" = Jewel Quest: The Sleepless Star - Collector's Edition
"WTA-f36803df-0f34-48f5-99af-35801e20a458" = Namco All-Stars: PAC-MAN
"WTA-f507f17e-f1d3-4f12-9965-fdf13d9e23ff" = Cake Mania
"WTA-f7a19f8c-ea64-40b3-b8b7-41a82ebaa0c8" = Blasterball 3
"ZinioReader4" = Zinio Reader 4
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-722544647-917449935-176176110-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/31/2012 6:19:57 PM | Computer Name = Babuu-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Iedit.exe, Version: 8.5.3.0, Zeitstempel:
 0x40b1ac24  Name des fehlerhaften Moduls: Iedit.exe, Version: 8.5.3.0, Zeitstempel:
 0x40b1ac24  Ausnahmecode: 0xc0000005  Fehleroffset: 0x002de8b1  ID des fehlerhaften Prozesses:
 0x20dc  Startzeit der fehlerhaften Anwendung: 0x01cde79ecc74e2fe  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact XL\Iedit.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact
 XL\Iedit.exe  Berichtskennung: 353b9a14-5398-11e2-b2c1-082e5f11ded9
 
Error - 1/9/2013 3:37:58 PM | Computer Name = Babuu-HP | Source = Application Hang | ID = 1002
Description = Programm pex.exe, Version 8.0.0.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 45e8    Startzeit:
 01cdee9fbd698794    Endzeit: 7    Anwendungspfad: C:\Program Files (x86)\Ulead Systems\Ulead
 Photo Explorer 8.0 SE Basic\pex.exe    Berichts-ID: 06181c2c-5a94-11e2-b20b-082e5f11ded9

 
Error - 1/9/2013 3:40:56 PM | Computer Name = Babuu-HP | Source = Application Hang | ID = 1002
Description = Programm Iedit.exe, Version 8.5.3.0 kann nicht mehr unter Windows 
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 46b8    Startzeit:
 01cdee9ba585678e    Endzeit: 826    Anwendungspfad: C:\Program Files (x86)\Ulead Systems\Ulead
 PhotoImpact XL\Iedit.exe    Berichts-ID:   
 
Error - 1/9/2013 3:56:42 PM | Computer Name = Babuu-HP | Source = Application Hang | ID = 1002
Description = Programm chrome.exe, Version 23.0.1271.97 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e5c    Startzeit: 
01cdeea2f1f8e781    Endzeit: 19    Anwendungspfad: C:\Users\Babuu\AppData\Local\Google\Chrome\Application\chrome.exe

Berichts-ID:
 983013b8-5a96-11e2-9026-082e5f11ded9  
 
Error - 2/5/2013 6:35:32 AM | Computer Name = Babuu-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Iedit.exe, Version: 8.5.3.0, Zeitstempel:
 0x40b1ac24  Name des fehlerhaften Moduls: Iedit.exe, Version: 8.5.3.0, Zeitstempel:
 0x40b1ac24  Ausnahmecode: 0xc0000005  Fehleroffset: 0x002de8c7  ID des fehlerhaften Prozesses:
 0x28a8  Startzeit der fehlerhaften Anwendung: 0x01ce038313945606  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact XL\Iedit.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact
 XL\Iedit.exe  Berichtskennung: c3e59f56-6f7f-11e2-b72d-082e5f11ded9
 
Error - 2/26/2013 7:51:02 AM | Computer Name = Babuu-HP | Source = Avira Antivirus | ID = 4118
Description = 
 
Error - 3/3/2013 2:00:00 PM | Computer Name = Babuu-HP | Source = Windows Backup | ID = 4103
Description = 
 
Error - 3/18/2013 3:49:38 PM | Computer Name = Babuu-HP | Source = Application Hang | ID = 1002
Description = Programm pdfvista.exe, Version 4.0.54.2001 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 96c0    Startzeit:
 01ce2411983b8c5d    Endzeit: 10    Anwendungspfad: C:\Program Files (x86)\PDF Complete\pdfvista.exe

Berichts-ID:
 f55c5ece-9004-11e2-8f84-082e5f11ded9  
 
Error - 3/18/2013 3:53:26 PM | Computer Name = Babuu-HP | Source = Application Hang | ID = 1002
Description = Programm pdfvista.exe, Version 4.0.54.2001 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 9f84    Startzeit:
 01ce2411c2256129    Endzeit: 9    Anwendungspfad: C:\Program Files (x86)\PDF Complete\pdfvista.exe

Berichts-ID:
 76aef841-9005-11e2-8f84-082e5f11ded9  
 
Error - 4/1/2013 7:00:33 AM | Computer Name = Babuu-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Empires.exe, Version: 0.9.12.1215,
 Zeitstempel: 0x3494e6c3  Name des fehlerhaften Moduls: Empires.exe, Version: 0.9.12.1215,
 Zeitstempel: 0x3494e6c3  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00034d0d  ID des fehlerhaften
 Prozesses: 0x375c  Startzeit der fehlerhaften Anwendung: 0x01ce2ebd3c5dbbdb  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Games\Age of Empires\Empires.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft Games\Age of Empires\Empires.exe
Berichtskennung:
 5fa7fbcd-9abb-11e2-a1b9-082e5f11ded9
 
[ Hewlett-Packard Events ]
Error - 4/1/2012 1:56:12 PM | Computer Name = Babuu-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: Failed to perform update.  StackTrace:   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager  InnerException.Message:
 Das Objekt "/f14de69b_b5aa_45f0_b00a_20253c0307a0/5mrkqgfbxwle7jmtqzodprkk_5.rem"
 wurde getrennt oder ist nicht auf dem Server vorhanden.    Name: hpsa_service.exe  Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 8172  Ram Utilization: 10  TargetSite: Void UpdateDetail(System.String)  
 
[ System Events ]
Error - 12/10/2012 5:02:52 PM | Computer Name = Babuu-HP | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
__________________

Alt 16.04.2013, 18:42   #19
aharonov
/// TB-Ausbilder
 
GVU- Trojaner Windows 7 /64 - Standard

GVU- Trojaner Windows 7 /64



Hallo,

du musst in der Zwischenzeit etwas installiert haben, das diese Beigaben mitgebracht hat..
Ist aber nur ein bisschen lästige Werbung, nicht gefährlich.


Schritt 1
  • Starte bitte die OTL.exe.
  • Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
    Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.
Code:
ATTFilter
:OTL
[2013/04/16 10:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261125~1.80\{c16c1~1\browse~1.dll) -  File not found

:commands
[emptytemp]
         
  • Schliesse nun bitte alle anderen Programme.
  • Klicke jetzt auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
  • Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
    (Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
  • Kopiere nun dessen Inhalt hier in deinen Thread.



Schritt 2
  • Öffne Google Chrome.
  • Klicke rechts oben auf Google Chrome anpassen.
  • Wähle Einstellungen.
  • Unter Erscheinungsbild > Haken setzen bei "Schaltfläche Startseite anzeigen".
  • Unter "Neuer Tab"-Seite klicke auf Ändern.
  • Unter Diese Seite ändern gib deine gewünschte Seite ein, z. B. www.google.de.
  • Unter Beim Start > Wähle "Bestimmte Seite oder Seiten öffnen" aus und klicke auf Seiten festlegen.
  • Gib die gewünschte Startseite ein und bestätige mit Ok.
  • Schliesse den Google Chrome wieder.



Schritt 3

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von OTL
__________________
cheers,
Leo

Alt 16.04.2013, 19:00   #20
Bberry
 
GVU- Trojaner Windows 7 /64 - Standard

GVU- Trojaner Windows 7 /64



Fixlog:

Code:
ATTFilter
All processes killed
========== OTL ==========
C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings folder moved successfully.
C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content folder moved successfully.
C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components folder moved successfully.
C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension folder moved successfully.
C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8} folder moved successfully.
C:\ProgramData\BrowserProtect\2.6.1125.80 folder moved successfully.
C:\ProgramData\BrowserProtect folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\browse~1\261125~1.80\{c16c1~1\browse~1.dll deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Babuu
->Temp folder emptied: 13921561 bytes
->Temporary Internet Files folder emptied: 52094466 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 334982435 bytes
->Flash cache emptied: 456 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37384433 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
RecycleBin emptied: 2568 bytes
 
Total Files Cleaned = 418.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04162013_194501

Files\Folders moved on Reboot...
C:\Users\Babuu\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Babuu\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Log:

Code:
ATTFilter
OTL logfile created on: 4/16/2013 7:52:52 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Babuu\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7.98 Gb Total Physical Memory | 6.51 Gb Available Physical Memory | 81.54% Memory free
15.96 Gb Paging File | 14.49 Gb Available in Paging File | 90.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.40 Gb Total Space | 872.01 Gb Free Space | 94.95% Space Free | Partition Type: NTFS
Drive D: | 13.01 Gb Total Space | 1.60 Gb Free Space | 12.30% Space Free | Partition Type: NTFS
Drive E: | 230.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: BABUU-HP | User Name: Babuu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Babuu\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (HP)
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()
PRC - C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe ()
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe (Ulead Systems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()
MOD - C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (HPClientSvc) -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WSWNA1100) -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe ()
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (jswpsapi) -- C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (pmxdrv) -- C:\Windows\SysNative\drivers\pmxdrv.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (athur) -- C:\Windows\SysNative\drivers\athurx.sys (Atheros Communications, Inc.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (fdrawcmd) -- C:\Windows\SysNative\drivers\fdrawcmd.sys (simonowen.com)
DRV:64bit: - (JSWPSLWF) -- C:\Windows\SysNative\drivers\jswpslwfx.sys (Atheros Communications, Inc.)
DRV:64bit: - (SCMNdisP) -- C:\Windows\SysNative\drivers\SCMNdisP.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (busbcrw) -- C:\Windows\SysNative\drivers\bucrw64.sys (Brother Industries, Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6D1C4F59-012F-440C-B947-AA9319265BEB}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6D1C4F59-012F-440C-B947-AA9319265BEB}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-722544647-917449935-176176110-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKU\S-1-5-21-722544647-917449935-176176110-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-722544647-917449935-176176110-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-722544647-917449935-176176110-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-722544647-917449935-176176110-1000\..\SearchScopes\{6D1C4F59-012F-440C-B947-AA9319265BEB}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-722544647-917449935-176176110-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKU\S-1-5-21-722544647-917449935-176176110-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-722544647-917449935-176176110-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-722544647-917449935-176176110-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Babuu\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Babuu\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
 
[2012/08/05 22:08:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Babuu\AppData\Roaming\mozilla\Extensions
[2013/04/16 19:14:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Babuu\AppData\Roaming\mozilla\Firefox\Profiles\a79pj5qc.default\extensions
[2012/11/20 15:18:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/08/05 22:09:19 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\mozilla firefox\extensions\websitelogon@truesuite.com
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Babuu\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Babuu\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Babuu\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Simple Pass 2011 (Enabled) = C:\Users\Babuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe\1.0_0\npwebsitelogon.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Babuu\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: WOT = C:\Users\Babuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.11_0\
CHR - Extension: YouTube = C:\Users\Babuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Babuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! WebRep = C:\Users\Babuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
CHR - Extension: Website Logon = C:\Users\Babuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe\1.0_0\
CHR - Extension: Google Mail = C:\Users\Babuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-722544647-917449935-176176110-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [Ulead AutoDetector] C:\Program Files (x86)\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe (Ulead Systems, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Babuu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O7 - HKU\S-1-5-21-722544647-917449935-176176110-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-722544647-917449935-176176110-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDB13B49-2FE3-4A81-A3BD-F8BFA44279A3}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/16 19:45:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/16 09:46:45 | 000,000,000 | ---D | C] -- C:\Users\Babuu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
[2013/04/16 09:46:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Convar
[2013/04/15 20:07:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/04/15 17:57:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/04/15 17:41:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/04/15 17:40:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/04/14 20:06:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2013/04/14 20:06:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2013/04/14 19:17:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/04/14 19:04:52 | 000,000,000 | ---D | C] -- C:\Users\Babuu\AppData\Roaming\Malwarebytes
[2013/04/14 19:04:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/14 19:04:45 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/14 19:04:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/04/14 19:04:28 | 000,000,000 | ---D | C] -- C:\Users\Babuu\AppData\Local\Programs
[2013/04/14 18:54:25 | 000,000,000 | ---D | C] -- C:\Users\Babuu\AppData\Roaming\AVG2013
[2013/04/14 18:53:47 | 000,000,000 | ---D | C] -- C:\Users\Babuu\AppData\Roaming\TuneUp Software
[2013/04/14 18:53:34 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/04/14 18:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/04/14 18:48:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/04/14 18:48:54 | 000,000,000 | ---D | C] -- C:\Users\Babuu\AppData\Local\MFAData
[2013/04/14 18:48:54 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/04/14 18:48:54 | 000,000,000 | ---D | C] -- C:\Users\Babuu\AppData\Local\Avg2013
[2013/04/14 17:57:59 | 000,000,000 | ---D | C] -- C:\Users\Babuu\AppData\Local\Adobe
[2013/04/14 17:43:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/04/14 17:38:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/04/14 17:38:46 | 000,377,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/04/14 17:38:46 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/04/14 17:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/04/14 17:38:45 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/04/14 17:38:45 | 000,070,992 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/04/14 17:38:45 | 000,068,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/04/14 17:38:44 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/04/14 17:38:44 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/04/14 17:38:32 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/04/14 17:38:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/04/14 17:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/03/25 12:04:19 | 000,000,000 | ---D | C] -- C:\Users\Babuu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013/03/25 11:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2013/03/25 11:56:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2013/03/18 10:25:48 | 000,000,000 | ---D | C] -- C:\Users\Babuu\ebooks
[2013/03/17 21:27:14 | 000,000,000 | ---D | C] -- C:\Users\Babuu\Kinder - Papierkram
[2013/03/17 21:16:17 | 000,000,000 | ---D | C] -- C:\Users\Babuu\Haus
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/16 19:54:29 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/16 19:54:28 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/16 19:49:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/16 19:47:25 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/16 19:46:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/16 19:46:51 | 2132,406,271 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/16 19:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/16 19:14:33 | 000,000,097 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/04/16 19:05:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-722544647-917449935-176176110-1000UA.job
[2013/04/16 14:05:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-722544647-917449935-176176110-1000Core.job
[2013/04/16 10:04:59 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/16 10:04:59 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/04/16 10:04:59 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/16 10:04:59 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/04/16 10:04:59 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/16 10:02:16 | 000,001,320 | ---- | M] () -- C:\Users\Babuu\Desktop\PC Inspector File Recovery.lnk
[2013/04/15 20:07:01 | 000,001,439 | ---- | M] () -- C:\Users\Babuu\Desktop\delfix - Verknüpfung.lnk
[2013/04/15 17:18:14 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/04/15 17:18:14 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/04/15 06:27:08 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBabuu.job
[2013/04/14 20:06:45 | 000,001,280 | ---- | M] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2013/04/14 19:04:46 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/04/14 17:40:52 | 000,001,408 | ---- | M] () -- C:\Users\Babuu\Desktop\OTL - Verknüpfung.lnk
[2013/04/14 17:38:46 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/04/14 17:38:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/04/14 17:04:56 | 000,001,459 | ---- | M] () -- C:\Users\Babuu\Desktop\epxsbr4s - Verknüpfung.lnk
[2013/04/11 06:46:02 | 000,349,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/28 19:42:36 | 000,005,262 | ---- | M] () -- C:\Users\Babuu\Sabinea.jpg
[2013/03/28 18:07:12 | 000,002,364 | ---- | M] () -- C:\Users\Babuu\Desktop\jetzt im tv.lnk
[2013/03/27 09:52:36 | 000,018,679 | ---- | M] () -- C:\Users\Babuu\Sonne.jpg
[2013/03/25 14:56:14 | 000,003,502 | ---- | M] () -- C:\Users\Babuu\böse.jpg
[2013/03/21 14:38:59 | 000,000,192 | ---- | M] () -- C:\Windows\password.klc
[2013/03/20 18:30:31 | 000,018,221 | ---- | M] () -- C:\Users\Babuu\Maus.jpg
 
========== Files Created - No Company Name ==========
 
[2013/04/16 19:14:27 | 000,000,097 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/04/16 09:46:45 | 000,001,320 | ---- | C] () -- C:\Users\Babuu\Desktop\PC Inspector File Recovery.lnk
[2013/04/15 20:07:01 | 000,001,439 | ---- | C] () -- C:\Users\Babuu\Desktop\delfix - Verknüpfung.lnk
[2013/04/15 18:02:01 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/15 17:18:14 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/04/15 17:18:14 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/04/14 20:06:45 | 000,001,280 | ---- | C] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2013/04/14 19:04:46 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/04/14 17:39:47 | 000,001,408 | ---- | C] () -- C:\Users\Babuu\Desktop\OTL - Verknüpfung.lnk
[2013/04/14 17:38:48 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/14 17:38:47 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/14 17:38:46 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/04/14 17:38:44 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/04/14 17:38:44 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/04/14 17:38:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/04/14 17:04:20 | 000,001,459 | ---- | C] () -- C:\Users\Babuu\Desktop\epxsbr4s - Verknüpfung.lnk
[2013/03/28 19:42:36 | 000,005,262 | ---- | C] () -- C:\Users\Babuu\Sabinea.jpg
[2013/03/27 09:52:36 | 000,018,679 | ---- | C] () -- C:\Users\Babuu\Sonne.jpg
[2013/03/25 14:56:14 | 000,003,502 | ---- | C] () -- C:\Users\Babuu\böse.jpg
[2013/03/20 18:30:31 | 000,018,221 | ---- | C] () -- C:\Users\Babuu\Maus.jpg
[2013/03/02 20:51:53 | 000,032,219 | ---- | C] () -- C:\Users\Babuu\Schrankwand.jpg
[2013/03/02 20:49:17 | 000,044,691 | ---- | C] () -- C:\Users\Babuu\Couch.jpg
[2013/03/01 20:27:06 | 000,044,063 | ---- | C] () -- C:\Users\Babuu\monsta.jpg
[2013/02/28 21:39:05 | 000,013,264 | ---- | C] () -- C:\Users\Babuu\pferd2.jpg
[2013/02/25 21:25:34 | 000,059,229 | ---- | C] () -- C:\Users\Babuu\Knuddies.jpg
[2013/02/23 19:33:28 | 000,035,375 | ---- | C] () -- C:\Users\Babuu\Garderobe.jpg
[2013/02/22 22:10:09 | 000,084,022 | ---- | C] () -- C:\Users\Babuu\Pferdklein.jpg
[2013/02/22 20:40:12 | 000,068,227 | ---- | C] () -- C:\Users\Babuu\Pferd1.1.jpg
[2013/02/22 18:48:45 | 000,085,259 | ---- | C] () -- C:\Users\Babuu\Pferd.jpg
[2013/02/21 19:03:30 | 000,047,299 | ---- | C] () -- C:\Users\Babuu\Wurmtest.jpg
[2013/02/19 20:07:15 | 000,031,123 | ---- | C] () -- C:\Users\Babuu\Tattoofarbe.jpg
[2013/02/19 18:41:01 | 000,032,707 | ---- | C] () -- C:\Users\Babuu\Tattoonew.jpg
[2013/02/17 23:08:50 | 000,003,898 | ---- | C] () -- C:\Users\Babuu\tattooneu.jpg
[2013/02/17 23:01:48 | 000,007,594 | ---- | C] () -- C:\Users\Babuu\tattoo.jpg
[2013/02/17 22:55:11 | 000,005,280 | ---- | C] () -- C:\Users\Babuu\testxy.jpg
[2013/02/17 22:38:16 | 000,006,071 | ---- | C] () -- C:\Users\Babuu\test2.jpg
[2013/02/17 22:37:39 | 000,005,120 | ---- | C] () -- C:\Users\Babuu\test1.jpg
[2013/02/17 22:36:52 | 000,005,200 | ---- | C] () -- C:\Users\Babuu\test5.jpg
[2013/02/17 22:34:58 | 000,004,589 | ---- | C] () -- C:\Users\Babuu\test4.jpg
[2013/02/17 22:34:25 | 000,004,252 | ---- | C] () -- C:\Users\Babuu\test3.jpg
[2013/02/17 22:11:28 | 000,003,459 | ---- | C] () -- C:\Users\Babuu\tattoo2.jpg
[2013/02/17 22:10:27 | 000,005,378 | ---- | C] () -- C:\Users\Babuu\tattooruth.jpg
[2013/02/17 21:54:06 | 000,004,682 | ---- | C] () -- C:\Users\Babuu\Text2.jpg
[2013/02/17 21:53:29 | 000,004,373 | ---- | C] () -- C:\Users\Babuu\Text1.jpg
[2013/02/15 12:06:52 | 000,039,803 | ---- | C] () -- C:\Users\Babuu\Lio1.jpg
[2013/02/15 12:06:37 | 000,044,313 | ---- | C] () -- C:\Users\Babuu\Lio2.jpg
[2013/02/13 14:46:58 | 000,039,728 | ---- | C] () -- C:\Users\Babuu\me.jpg
[2013/02/11 01:07:02 | 000,008,088 | ---- | C] () -- C:\Users\Babuu\ronja3.jpg
[2013/02/11 00:42:05 | 000,034,373 | ---- | C] () -- C:\Users\Babuu\Ronja2.jpg
[2013/02/10 23:07:03 | 000,029,985 | ---- | C] () -- C:\Users\Babuu\Ronja.jpg
[2013/02/07 17:56:58 | 000,043,075 | ---- | C] () -- C:\Users\Babuu\Flur.jpg
[2013/02/07 08:26:44 | 000,037,464 | ---- | C] () -- C:\Users\Babuu\´Draculaura.jpg
[2013/02/05 22:35:34 | 000,042,605 | ---- | C] () -- C:\Users\Babuu\Arbeitsplatz.jpg
[2013/01/30 19:30:22 | 000,011,625 | ---- | C] () -- C:\Users\Babuu\MeNia.jpg
[2013/01/29 23:16:10 | 000,027,999 | ---- | C] () -- C:\Users\Babuu\Pferdekopfskizze.jpg
[2013/01/29 00:27:26 | 000,007,944 | ---- | C] () -- C:\Users\Babuu\etsybanner.jpg
[2013/01/28 01:07:27 | 000,016,776 | ---- | C] () -- C:\Users\Babuu\fliepi.jpg
[2013/01/25 17:15:15 | 000,060,307 | ---- | C] () -- C:\Users\Babuu\paket3.jpg
[2013/01/25 17:15:03 | 000,072,011 | ---- | C] () -- C:\Users\Babuu\paket2.jpg
[2013/01/25 17:14:49 | 000,063,554 | ---- | C] () -- C:\Users\Babuu\Paket1.jpg
[2013/01/23 21:15:40 | 000,059,563 | ---- | C] () -- C:\Users\Babuu\Screen.jpg
[2013/01/23 21:08:05 | 000,089,422 | ---- | C] () -- C:\Users\Babuu\hintergrundtest1002.jpg
[2013/01/23 20:57:38 | 000,089,187 | ---- | C] () -- C:\Users\Babuu\hintergrundtest1001.jpg
[2013/01/23 20:44:58 | 000,112,461 | ---- | C] () -- C:\Users\Babuu\hintergrundtest1000.jpg
[2013/01/23 20:02:16 | 000,178,980 | ---- | C] () -- C:\Users\Babuu\Hintergrundblog.jpg
[2013/01/23 19:58:20 | 000,005,120 | ---- | C] () -- C:\Users\Babuu\~Hintergrund.UAS
[2013/01/23 19:54:36 | 000,174,208 | ---- | C] () -- C:\Users\Babuu\Hintergrund.jpg
[2013/01/23 19:48:20 | 000,173,568 | ---- | C] () -- C:\Users\Babuu\~Blog2.UAS
[2013/01/23 19:38:15 | 000,076,376 | ---- | C] () -- C:\Users\Babuu\Blog2.jpg
[2013/01/23 19:32:10 | 000,077,549 | ---- | C] () -- C:\Users\Babuu\Blog.jpg
[2013/01/23 19:32:02 | 000,172,544 | ---- | C] () -- C:\Users\Babuu\Blog.ufo
[2013/01/23 19:06:26 | 000,042,102 | ---- | C] () -- C:\Users\Babuu\fbbanner2.jpg
[2013/01/23 18:57:59 | 000,054,353 | ---- | C] () -- C:\Users\Babuu\fbbanner.jpg
[2013/01/23 18:49:13 | 000,047,399 | ---- | C] () -- C:\Users\Babuu\Profilbildfb.jpg
[2013/01/23 18:40:34 | 000,033,702 | ---- | C] () -- C:\Users\Babuu\Profilbild.jpg
[2013/01/23 18:28:32 | 000,058,234 | ---- | C] () -- C:\Users\Babuu\Dawandabanner.jpg
[2013/01/23 17:51:32 | 000,058,445 | ---- | C] () -- C:\Users\Babuu\logodawanda2.jpg
[2013/01/23 17:45:29 | 000,043,979 | ---- | C] () -- C:\Users\Babuu\logodawanda.jpg
[2013/01/23 17:30:59 | 000,044,426 | ---- | C] () -- C:\Users\Babuu\Logo.jpg
[2013/01/23 11:51:54 | 000,189,597 | ---- | C] () -- C:\Users\Babuu\Stoffe.jpg
[2013/01/11 14:49:16 | 000,184,395 | ---- | C] () -- C:\Users\Babuu\Tasche.jpg
[2013/01/06 15:43:26 | 000,267,528 | ---- | C] () -- C:\Users\Babuu\Maya.jpg
[2013/01/06 13:58:54 | 000,282,913 | ---- | C] () -- C:\Users\Babuu\StroffeTausch.jpg
[2013/01/05 20:17:09 | 000,225,706 | ---- | C] () -- C:\Users\Babuu\Stoff.jpg
[2013/01/04 17:07:18 | 000,062,603 | ---- | C] () -- C:\Users\Babuu\Tashi.jpg
[2013/01/01 00:28:33 | 000,173,468 | ---- | C] () -- C:\Users\Babuu\silvester10.jpg
[2013/01/01 00:28:14 | 000,145,249 | ---- | C] () -- C:\Users\Babuu\silvester9.jpg
[2013/01/01 00:27:50 | 000,168,779 | ---- | C] () -- C:\Users\Babuu\silvester8.jpg
[2013/01/01 00:27:32 | 000,226,602 | ---- | C] () -- C:\Users\Babuu\silvester7.jpg
[2013/01/01 00:26:36 | 000,194,938 | ---- | C] () -- C:\Users\Babuu\silvester6.jpg
[2013/01/01 00:25:27 | 000,214,917 | ---- | C] () -- C:\Users\Babuu\silvester5.jpg
[2013/01/01 00:24:25 | 000,199,580 | ---- | C] () -- C:\Users\Babuu\silvester4.jpg
[2013/01/01 00:23:29 | 000,191,261 | ---- | C] () -- C:\Users\Babuu\silvester3.jpg
[2013/01/01 00:22:50 | 000,218,576 | ---- | C] () -- C:\Users\Babuu\Silvester2.jpg
[2013/01/01 00:22:00 | 000,208,397 | ---- | C] () -- C:\Users\Babuu\Silvester1.jpg
[2012/12/31 23:52:35 | 000,112,808 | ---- | C] () -- C:\Users\Babuu\Neujahr.jpg
[2012/12/30 20:57:17 | 000,258,110 | ---- | C] () -- C:\Users\Babuu\sesselbezug2.jpg
[2012/12/30 20:11:12 | 000,232,091 | ---- | C] () -- C:\Users\Babuu\Sesselbezug.jpg
[2012/12/30 17:58:23 | 000,214,516 | ---- | C] () -- C:\Users\Babuu\aufräumen3.jpg
[2012/12/30 17:58:10 | 000,154,067 | ---- | C] () -- C:\Users\Babuu\aufräumen2.jpg
[2012/12/30 17:57:53 | 000,199,038 | ---- | C] () -- C:\Users\Babuu\aufräumen1.jpg
[2012/12/30 16:44:11 | 000,190,994 | ---- | C] () -- C:\Users\Babuu\nähchaos3.jpg
[2012/12/30 16:43:22 | 000,179,817 | ---- | C] () -- C:\Users\Babuu\Nähchaos2.jpg
[2012/12/30 16:41:29 | 000,206,625 | ---- | C] () -- C:\Users\Babuu\Nähchaos1.jpg
[2012/12/26 17:30:23 | 000,152,190 | ---- | C] () -- C:\Users\Babuu\Zum Geburtstag.jpg
[2012/12/26 16:59:57 | 001,093,120 | ---- | C] () -- C:\Users\Babuu\Rose.ufo
[2012/12/16 18:00:48 | 000,055,368 | ---- | C] () -- C:\Users\Babuu\LiloNala4.jpg
[2012/12/16 18:00:22 | 000,048,546 | ---- | C] () -- C:\Users\Babuu\LiloNala3.jpg
[2012/12/16 17:59:39 | 000,059,956 | ---- | C] () -- C:\Users\Babuu\LiloNala2.jpg
[2012/12/16 17:58:43 | 000,042,003 | ---- | C] () -- C:\Users\Babuu\LiloNala1.jpg
[2012/12/15 11:14:58 | 000,016,834 | ---- | C] () -- C:\Users\Babuu\SkizzeMaria.jpg
[2012/12/14 15:51:10 | 000,062,069 | ---- | C] () -- C:\Users\Babuu\Pickelchen.jpg
[2012/12/06 21:30:08 | 000,086,355 | ---- | C] () -- C:\Users\Babuu\Michaela.jpg
[2012/11/22 21:08:36 | 000,099,271 | ---- | C] () -- C:\Users\Babuu\Arbeitszimmer.jpg
[2012/11/20 15:10:47 | 000,000,120 | ---- | C] () -- C:\Windows\WINRESAZ.INI
[2012/11/20 14:49:17 | 000,000,165 | ---- | C] () -- C:\Windows\WINÙS…ÏÈ.INI
[2012/11/19 17:09:08 | 000,019,684 | ---- | C] () -- C:\Users\Babuu\AppData\Local\internal.grp
[2012/11/19 17:07:02 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ2414N.DAT
[2012/11/18 15:14:10 | 000,000,030 | ---- | C] () -- C:\Windows\Iedit.INI
[2012/05/22 15:53:46 | 000,007,680 | ---- | C] () -- C:\Users\Babuu\ElsterEinkommenssteuer2011.elfo
[2012/05/22 15:31:12 | 000,007,010 | ---- | C] () -- C:\Users\Babuu\ElsterEÜR2011.elfo
[2012/03/07 15:02:11 | 000,000,071 | ---- | C] () -- C:\Windows\pex.INI
[2012/03/07 09:44:29 | 000,004,918 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2012/02/19 20:55:29 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2012/02/11 04:36:10 | 000,002,792 | ---- | C] () -- C:\Program Files\HP SimplePass 2011
[2012/02/11 04:28:38 | 000,000,196 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/06/21 10:07:00 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/04/14 18:54:25 | 000,000,000 | ---D | M] -- C:\Users\Babuu\AppData\Roaming\AVG2013
[2013/02/13 11:36:07 | 000,000,000 | ---D | M] -- C:\Users\Babuu\AppData\Roaming\Canneverbe Limited
[2013/03/03 17:40:02 | 000,000,000 | ---D | M] -- C:\Users\Babuu\AppData\Roaming\Canon
[2012/05/22 15:03:11 | 000,000,000 | ---D | M] -- C:\Users\Babuu\AppData\Roaming\elsterformular
[2013/01/23 16:23:37 | 000,000,000 | ---D | M] -- C:\Users\Babuu\AppData\Roaming\EMBIRD32
[2013/01/23 16:26:11 | 000,000,000 | ---D | M] -- C:\Users\Babuu\AppData\Roaming\EMBIRD32_STUDIO_N
[2012/05/10 15:45:24 | 000,000,000 | ---D | M] -- C:\Users\Babuu\AppData\Roaming\OpenOffice.org
[2013/04/14 18:53:47 | 000,000,000 | ---D | M] -- C:\Users\Babuu\AppData\Roaming\TuneUp Software
[2012/03/07 09:48:08 | 000,000,000 | ---D | M] -- C:\Users\Babuu\AppData\Roaming\Ulead Systems
[2012/09/06 10:49:28 | 000,000,000 | ---D | M] -- C:\Users\Babuu\AppData\Roaming\_MDLogs
 
========== Purity Check ==========
 
 

< End of report >
         


Alt 16.04.2013, 19:04   #21
aharonov
/// TB-Ausbilder
 
GVU- Trojaner Windows 7 /64 - Standard

GVU- Trojaner Windows 7 /64



Wieder alles in Ordnung jetzt?
__________________
--> GVU- Trojaner Windows 7 /64

Alt 16.04.2013, 19:10   #22
Bberry
 
GVU- Trojaner Windows 7 /64 - Standard

GVU- Trojaner Windows 7 /64



....baaaah du bist ein Engel Ja dankeschön!!!

Alt 16.04.2013, 19:12   #23
aharonov
/// TB-Ausbilder
 
GVU- Trojaner Windows 7 /64 - Standard

GVU- Trojaner Windows 7 /64



Prima, dann lass nochmals delfix laufen und dann wär's das.


Downloade dir bitte delfix auf deinen Desktop.
  • Schliesse alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.
  • DelFix entfernt u.a. alle von uns verwendeten Programme und löscht sich anschliessend selbst.
    Sollte denoch etwas übrig bleiben, kannst du es manuell löschen.



Freut mich, dass wir helfen konnten.

Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun.

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________
cheers,
Leo

Antwort

Themen zu GVU- Trojaner Windows 7 /64
.com, association, cdrom, desktop, explorer, explorer.exe, farbar, farbar recovery scan tool, google, home, logfile, microsoft, monitor.exe, netgear, pdf, registry, scan, services.exe, software, starten, suche, svchost.exe, symantec, system32, systemwiederherstellung, trojaner, warum, windows, winlogon, winlogon.exe



Ähnliche Themen: GVU- Trojaner Windows 7 /64


  1. Windows 7 SP 1 mit Trojaner infiziert - Windows Update Fehlercode 8007002
    Log-Analyse und Auswertung - 11.09.2015 (60)
  2. Windows 7: Trojaner - Windows Updates, Firewall defekt
    Log-Analyse und Auswertung - 20.03.2015 (24)
  3. Windows 7: Nach BKA Trojaner Fehlermeldung beim Starten, Windows Sicherheitscenter kann nicht gestartet werden
    Log-Analyse und Auswertung - 18.11.2014 (9)
  4. Windows-Verschlüsselungs-Trojaner unter Windows 7 auf einem MAC
    Log-Analyse und Auswertung - 14.06.2012 (3)
  5. windows verschlüsselungs Flirtfever-Trojaner, Windows XP
    Log-Analyse und Auswertung - 13.06.2012 (1)
  6. Nach BKA Trojaner, Windows Firewall deaktiviert sich (Windows XP)
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
  7. Willkomen bei Windows Update, Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 06.06.2012 (1)
  8. UKash Windows Secure Trojaner mit Windows XP eingefangen
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (1)
  9. Windows Notfall Sicherheits Update Center - Windows XP Trojaner
    Log-Analyse und Auswertung - 21.05.2012 (2)
  10. Windows-Verschlüsselungs-Trojaner unter Windows XP
    Log-Analyse und Auswertung - 16.05.2012 (9)
  11. Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)
    Plagegeister aller Art und deren Bekämpfung - 07.05.2012 (19)
  12. Windows-Verschlüsselungs Trojaner Windows 7 Starter
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (10)
  13. Infiziert mit Windows-Verschlüsselungs Trojaner -Mail mit Telefonrechnung - windows vista
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (12)
  14. "Willkommen bei Windows Update Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 27.04.2012 (3)
  15. 'Windows Security Center' Trojaner - Windows-Benutzer gesperrt !
    Log-Analyse und Auswertung - 16.03.2012 (5)
  16. Windows Vista Home Premium 32-Bit Trojaner Windows gesperrt 50€ zahlen.
    Log-Analyse und Auswertung - 23.01.2012 (1)
  17. Trojaner Fake.AV c:\Users\Sexgott\AppData\Roaming\microsoft\Windows\start menu\Programs\windows reco
    Mülltonne - 28.04.2011 (1)

Zum Thema GVU- Trojaner Windows 7 /64 - Danke für die Rückmeldung. Und im Namen des Teams vielen Dank für die Spende! Freut mich, dass wir helfen konnten. Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob - GVU- Trojaner Windows 7 /64...
Archiv
Du betrachtest: GVU- Trojaner Windows 7 /64 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.