Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Internetseiten-Fehler (https://www.trojaner-board.de/127324-internetseiten-fehler.html)

Kevinator941 21.11.2012 11:08
Internetseiten-Fehler
 
Hallo Leute,
mein Problem ist, wenn ich Mozilla Firefox öffne kommt als Startseite Google, was ja noch richtig ist. Wenn man bei Google dann den gewünschten Suchbegriff eingibt zeigt dieser ja mehrere Links zu dem Begriff. Nun das Problem : Klicke ich auf den gewünschten Link dann dauert es einen kurzen moment und dann leitet (Google?) mich auf andere Werbeseiten wie z.B. "Gamezone" oder so. Es ist nicht immer so aber zu 80%. Was ist das und wer kann mir vielleicht helfen?
Danke schonmal im vorraus!:)
Kevin

ryder 21.11.2012 18:16
:hallo:

Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich.
Zitat:
Lesestoff:
Regeln für die Bereinigung
Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
  • Bitte arbeite alle Schritte der Reihe nach ab. Gib mir bitte zu jedem Schritt Rückmeldung (Logfile oder Antwort), aber gesammelt, wenn du alles erledig hast.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread (möglichst in Code-Tags). Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.
  • Mache deinen Namen nur dann unkenntlich, wenn es unbedingt sein muss.
  • Sollte ich nicht nach 3 Tagen geantwortet haben, dann (und nur dann) schicke mir bitte eine PM.
  • Eine Bitte: Mache bitte solange mit, bis ich oder ein anderer Helfer dir mitteilt, dass du "sauber" bist. Das gebietet alleine schon die Höflichkeit und ein Verschwinden der Symptome bedeutet nicht, dass die Schädlinge auch wirklich alle entfernt wurden.
  • Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Wenn du das alles gelesen und verstanden hast, kannst du loslegen! :kloppen:
Schritt 1:
In das inifizierte Benutzerkonto einloggen

Schritt 2:
Customscan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
  • Stelle folgendes ein:
    • Haken bei "Alle Benutzer scannen" und "Inklusive 64bit Scans"
    • Ausgabe: Minimal
    • Benutze SafeList in jedem Feld.
    • Haken bei "Benutze Hersteller-Whitelist"
    • Dateien erstellt und verändert innerhalb Datei-Alter
    • Haken bei LOP Prüfung und Purity Prüfung
  • Kopiere nun den Inhalt aus der Codebox in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.
Code:
activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.exe
%PROGRAMFILES(X86)%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /10
%appdata%\*.
%appdata%\*.*
%appdata%\*.exe /s
%localappdata%\*.
%localappdata%\*.*
%localappdata%\*.exe /s
%allusersprofile%\*.
%allusersprofile%\*.*
%allusersprofile%\*.exe /s
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread (möglichst in CODE-Tags)

Kevinator941 23.11.2012 15:51
OTL logfile created on: 11/23/2012 3:17:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Robi\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

764.56 Mb Total Physical Memory | 416.65 Mb Available Physical Memory | 54.50% Memory free
1.79 Gb Paging File | 0.74 Gb Available in Paging File | 41.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 215.59 Gb Total Space | 80.42 Gb Free Space | 37.30% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 0.00 Gb Free Space | 0.12% Space Free | Partition Type: FAT32

Computer Name: ROBI-HP | User Name: Robi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Robi\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Remote Mouse\server\server.exe ()
PRC - C:\Program Files\Remote Mouse\RemoteMouse.exe ()
PRC - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\System32\atibtmon.exe (Advanced Micro Devices, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()


========== Modules (No Company Name) ==========

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Program Files\Remote Mouse\server\server.exe ()
MOD - C:\Program Files\Remote Mouse\RemoteMouse.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Remote Mouse\server\win32gui.pyd ()
MOD - C:\Program Files\Remote Mouse\server\win32api.pyd ()
MOD - C:\Program Files\Remote Mouse\server\pywintypes26.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_de_b77a5c561934e089\System.Core.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\hpCASLLibrary\3.0.1.1__67b8d1b5179ba5f8\hpCASLLibrary.dll ()
MOD - C:\Program Files\Remote Mouse\server\_ctypes.pyd ()
MOD - C:\Program Files\Remote Mouse\server\_ssl.pyd ()
MOD - C:\Program Files\Remote Mouse\server\_socket.pyd ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Remote Mouse\server\autopy.mouse.pyd ()
MOD - C:\Program Files\Remote Mouse\server\autopy.key.pyd ()
MOD - C:\Program Files\RocketDock\RocketDock.exe ()
MOD - C:\Program Files\RocketDock\RocketDock.dll ()


========== Services (SafeList) ==========

SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe File not found
SRV - (SystemStoreService) -- C:\Program Files\Freetec\SystemStore\SystemStore.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe (IDT, Inc.)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (hpHotkeyMonitor) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe (Andrea Electronics Corporation)


========== Driver Services (SafeList) ==========

DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (mv2) -- C:\Windows\System32\drivers\mv2.sys (UVNC BVBA)
DRV - (SMARTMouseFilterx86) -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys (SMART Technologies ULC)
DRV - (SMARTVTabletPCx86) -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys (SMART Technologies ULC)
DRV - (SMARTVHidMini2000x86) -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys (SMART Technologies ULC)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (rtsuvc) -- C:\Windows\System32\drivers\rtsuvc.sys (Realtek Semiconductor Corp.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ChatZum Search
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {0f369707-379f-46df-a5c5-d04390f3459b} - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{531795A6-54C6-47E1-8ED6-34F290D57429}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 04 00 5E 03 0F 00 00 00 12 D2 81 26 01 00 00 80 06 00 5E 03 00 00 00 00 [binary data]
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\URLSearchHook: {0f369707-379f-46df-a5c5-d04390f3459b} - No CLSID value found
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - No CLSID value found
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes,DefaultScope = {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110824&tt=4712_6&babsrc=SP_ss&mntrId=ac513dbf000000000000002682cb6ddb
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes\{531795A6-54C6-47E1-8ED6-34F290D57429}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes\{7FA1E07F-182B-4840-8746-1D4F740CCBA3}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=2eddcdec-482e-487e-b9d2-d337c083fa0c&apn_sauid=16503CEE-24EC-4F95-9BC2-30168582F901
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://search.chatzum.com/?q={SearchTerms}
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..CT2481020.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Firefox Add-ons"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.10
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:4.1.1.5
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"

FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/28 18:46:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/28 18:46:47 | 000,000,000 | ---D | M]

[2011/02/18 16:52:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\Extensions
[2012/11/23 14:59:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\Firefox\Profiles\e7qdcxpt.default\extensions
[2012/11/20 22:21:57 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\Users\Robi\AppData\Roaming\mozilla\Firefox\Profiles\e7qdcxpt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/11/23 14:59:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\Firefox\Profiles\e7qdcxpt.default\extensions\staged
[2012/11/20 22:21:19 | 000,111,107 | ---- | M] () (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\extensions\extension@preispilot.com.xpi
[2012/10/11 12:06:25 | 000,281,285 | ---- | M] () (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2012/11/20 22:21:56 | 000,035,785 | ---- | M] () (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012/11/23 14:59:58 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/11/23 14:59:45 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\extensions\staged\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012/11/21 18:14:00 | 000,002,497 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\browsemngr.xml
[2012/11/21 11:53:59 | 000,001,632 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\firefox-add-ons.xml
[2012/11/21 18:14:00 | 000,000,828 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\icqplugin-2.xml
[2012/11/21 18:14:00 | 000,000,828 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\icqplugin-3.xml
[2012/11/21 18:14:00 | 000,000,828 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\icqplugin-4.xml
[2012/11/21 18:14:00 | 000,000,828 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\icqplugin-5.xml
[2012/11/21 18:14:00 | 000,000,828 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\icqplugin-6.xml
[2012/11/21 18:14:00 | 000,000,842 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\icqplugin.xml
[2012/10/28 18:46:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/10/28 18:46:51 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/16 18:51:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/15 15:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012/11/21 18:14:00 | 000,001,400 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/11/21 18:14:00 | 000,002,173 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/11/21 18:14:00 | 000,001,679 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/21 18:14:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/11/21 18:14:00 | 000,006,818 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/12/25 19:11:09 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src
[2012/11/20 12:32:01 | 000,001,278 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/11/21 18:14:00 | 000,000,903 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0f369707-379f-46df-a5c5-d04390f3459b} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - No CLSID value found.
O3 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\Toolbar\WebBrowser: (no name) - {0F369707-379F-46DF-A5C5-D04390F3459B} - No CLSID value found.
O3 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [Remote Mouse] C:\Program Files\Remote Mouse\RemoteMouse.exe ()
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [SystemExplorerAutoStart] "C:\Program Files\System Explorer\SystemExplorer.exe" /TRAY File not found
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [Tonido] "C:\Users\Robi\AppData\Roaming\Tonido\launcher.exe" /nobrowser File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\RunOnce: [FlashPlayerUpdate] C:\windows\System32\Macromed\Flash\FlashUtil32_11_4_402_265_Plugin.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Robi\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Robi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4FCF358-0D16-48CE-8144-1A6C7EBEBD6C}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{08e171f4-0894-11e1-ae71-70f395cd17d6}\Shell - "" = AutoRun
O33 - MountPoints2\{08e171f4-0894-11e1-ae71-70f395cd17d6}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{1b084906-b87f-11e0-afee-70f395cd17d6}\Shell - "" = AutoRun
O33 - MountPoints2\{1b084906-b87f-11e0-afee-70f395cd17d6}\Shell\AutoRun\command - "" = I:\SETUP.EXE
O33 - MountPoints2\{1b084906-b87f-11e0-afee-70f395cd17d6}\Shell\configure\command - "" = I:\SETUP.EXE
O33 - MountPoints2\{1b084906-b87f-11e0-afee-70f395cd17d6}\Shell\install\command - "" = I:\SETUP.EXE
O33 - MountPoints2\{1b08492c-b87f-11e0-afee-70f395cd17d6}\Shell - "" = AutoRun
O33 - MountPoints2\{1b08492c-b87f-11e0-afee-70f395cd17d6}\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\{31e487ea-845d-11e0-a0d1-70f395cd17d6}\Shell - "" = AutoRun
O33 - MountPoints2\{31e487ea-845d-11e0-a0d1-70f395cd17d6}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{31e48800-845d-11e0-a0d1-70f395cd17d6}\Shell - "" = AutoRun
O33 - MountPoints2\{31e48800-845d-11e0-a0d1-70f395cd17d6}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{702b32a5-f1d6-11e1-9117-70f395cd17d6}\Shell - "" = AutoRun
O33 - MountPoints2\{702b32a5-f1d6-11e1-9117-70f395cd17d6}\Shell\AutoRun\command - "" = D:\Startme.exe
O33 - MountPoints2\{a5983634-a092-11e0-a5dc-70f395cd17d6}\Shell - "" = AutoRun
O33 - MountPoints2\{a5983634-a092-11e0-a5dc-70f395cd17d6}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{a598363f-a092-11e0-a5dc-70f395cd17d6}\Shell - "" = AutoRun
O33 - MountPoints2\{a598363f-a092-11e0-a5dc-70f395cd17d6}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{afb8bd0e-b0af-11e0-b94b-70f395cd17d6}\Shell - "" = AutoRun
O33 - MountPoints2\{afb8bd0e-b0af-11e0-b94b-70f395cd17d6}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{afb8bd19-b0af-11e0-b94b-70f395cd17d6}\Shell - "" = AutoRun
O33 - MountPoints2\{afb8bd19-b0af-11e0-b94b-70f395cd17d6}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{c757b64d-2b10-11e0-bb70-70f395cd17d6}\Shell - "" = AutoRun
O33 - MountPoints2\{c757b64d-2b10-11e0-bb70-70f395cd17d6}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{c757b65a-2b10-11e0-bb70-70f395cd17d6}\Shell - "" = AutoRun
O33 - MountPoints2\{c757b65a-2b10-11e0-bb70-70f395cd17d6}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{c757b6d4-2b10-11e0-bb70-70f395cd17d6}\Shell - "" = AutoRun
O33 - MountPoints2\{c757b6d4-2b10-11e0-bb70-70f395cd17d6}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{d8911338-8222-11e0-a14d-002682cb6ddb}\Shell - "" = AutoRun
O33 - MountPoints2\{d8911338-8222-11e0-a14d-002682cb6ddb}\Shell\AutoRun\command - "" = D:\laucher.exe
O33 - MountPoints2\{e7f8fdef-1b6f-11e1-a6de-70f395cd17d6}\Shell - "" = AutoRun
O33 - MountPoints2\{e7f8fdef-1b6f-11e1-a6de-70f395cd17d6}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{e7f8fdf3-1b6f-11e1-a6de-70f395cd17d6}\Shell - "" = AutoRun
O33 - MountPoints2\{e7f8fdf3-1b6f-11e1-a6de-70f395cd17d6}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2B9268EE-8B1B-DB49-CE17-85553FB2DE6D} - Internet Explorer
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9C8AC2D4-98F3-46ED-7D1E-5256B13F43C7} - Microsoft Windows Media Player 12.0
ActiveX: {B158681E-71E9-7278-2A49-DF3D4F8C73FD} - Internet Explorer
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^Users^Robi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - - File not found
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: Google Update - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - File not found
MsConfig - StartUpReg: PDF Complete - hkey= - key= - C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
MsConfig - StartUpReg: RocketDock - hkey= - key= - C:\Program Files\RocketDock\RocketDock.exe ()
MsConfig - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
MsConfig - State: "bootini" - 2
MsConfig - State: "startup" - 2

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.IV41 - C:\windows\System32\ir41_32.ax (Intel Corporation)

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/22 12:16:43 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\{56F4D31D-2F68-4B81-8FE6-4F6101085ECD}
[2012/11/22 11:55:12 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\{66E052C8-5437-413C-8AC1-0CB48B0DB0BA}
[2012/11/21 18:14:00 | 000,000,000 | ---D | C] -- C:\windows\System32\IO
[2012/11/21 16:06:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/11/21 11:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/11/21 11:43:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/11/20 12:32:34 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\windows\System32\dhRichClient3.dll
[2012/11/20 12:32:11 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Roaming\DesktopIconForAmazon
[2012/11/20 12:32:01 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Roaming\Opera
[2012/11/20 12:31:51 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Roaming\OCS
[2012/11/20 12:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\SelfUpdater
[2012/11/20 11:58:43 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Roaming\Bloson
[2012/11/20 11:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/11/20 11:57:53 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\Wajam
[2012/11/19 17:21:17 | 000,000,000 | ---D | C] -- C:\Users\Robi\Desktop\päda filmr fotos
[2012/11/17 22:23:11 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\WdfLdr.sys
[2012/11/17 22:23:11 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Wdfres.dll
[2012/11/17 22:22:39 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFPlatform.dll
[2012/11/17 22:22:38 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFx.dll
[2012/11/17 22:22:38 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFCoinstaller.dll
[2012/11/17 22:20:23 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/11/17 22:20:22 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2012/11/17 22:20:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/11/17 22:20:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012/11/17 22:20:22 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/11/17 22:20:20 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012/11/17 22:20:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/11/17 22:20:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012/11/17 20:48:26 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netcorehc.dll
[2012/11/17 20:48:26 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncsi.dll
[2012/11/17 20:48:26 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netevent.dll
[2012/11/17 20:48:17 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\synceng.dll
[2012/11/17 20:48:12 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/11/17 20:48:10 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dhcpcore6.dll
[2012/11/17 20:48:10 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dhcpcsvc6.dll
[2012/11/09 06:36:20 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\{23ABBB6E-6153-4E10-9C0F-8A4C7CFA2B33}
[2012/11/08 12:36:46 | 000,000,000 | ---D | C] -- C:\Users\Robi\Documents\GTA San Andreas User Files
[2012/11/08 08:04:59 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\{449D7202-ACCA-46FD-A049-6FA5561DDDE6}
[2012/11/07 16:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2012/10/28 18:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/03/15 16:12:29 | 000,885,024 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Robi\JavaSetup6u24.exe
[2011/02/17 19:45:10 | 008,417,616 | ---- | C] (Mozilla) -- C:\Users\Robi\Firefox_Setup_3.6.13.exe
[2011/02/07 17:25:15 | 060,458,664 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Program Files\FreeStudio.exe
[2011/01/30 18:36:11 | 008,417,616 | ---- | C] (Mozilla) -- C:\Program Files\Firefox.exe
[10 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/23 15:25:11 | 004,718,592 | ---- | M] () -- C:\Users\Robi\ntuser.dat
[2012/11/23 15:01:47 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 15:01:46 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 15:01:39 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012/11/23 15:01:38 | 000,000,088 | RHS- | M] () -- C:\ProgramData\32C99DC932.sys
[2012/11/23 14:50:23 | 000,000,314 | ---- | M] () -- C:\windows\tasks\asilfsat.job
[2012/11/23 14:50:12 | 000,016,384 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2012/11/23 14:50:10 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2012/11/23 14:50:06 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/11/23 14:49:58 | 801,697,792 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/22 13:46:00 | 002,544,613 | -H-- | M] () -- C:\Users\Robi\AppData\Local\IconCache.db
[2012/11/22 13:21:13 | 000,007,250 | ---- | M] () -- C:\Users\Robi\Documents\Pädagogik Projekt.wlmp
[2012/11/22 12:21:02 | 001,500,254 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2012/11/22 12:21:02 | 000,654,844 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/11/22 12:21:02 | 000,616,686 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/11/22 12:21:02 | 000,130,426 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/11/22 12:21:02 | 000,106,808 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/11/21 23:05:20 | 000,211,168 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim 09.07.2012 - 03.08.2012.jpg
[2012/11/21 23:03:25 | 000,203,440 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim 02.04.2012 - 13.04.2012.jpg
[2012/11/21 23:01:38 | 000,370,461 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Diakonie 02.01.2012 - 06.01.2012.jpg
[2012/11/21 22:59:28 | 000,361,755 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim schulisch 21.03.2011 - 08.04.2011.jpg
[2012/11/21 22:57:34 | 000,327,275 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Kindergarten 15.11.2010 - 03.12.2010.jpg
[2012/11/21 22:52:42 | 000,289,663 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim 11.10.2010 - 22.10.2010.jpg
[2012/11/21 22:50:54 | 000,276,004 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim 26.07.2010 - 13.08.2010.jpg
[2012/11/21 22:47:21 | 000,343,463 | ---- | M] () -- C:\Users\Robi\Desktop\Halbjahreszeugnis der Fachhochschulreife 2.jpg
[2012/11/21 22:45:59 | 000,306,644 | ---- | M] () -- C:\Users\Robi\Desktop\Halbjahreszeugnis der Fachhochschulreife 1.jpg
[2012/11/21 22:43:07 | 000,180,681 | ---- | M] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 4.jpg
[2012/11/21 22:41:51 | 000,292,828 | ---- | M] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 3.jpg
[2012/11/21 22:40:39 | 000,234,454 | ---- | M] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 2.jpg
[2012/11/21 22:39:14 | 000,240,593 | ---- | M] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 1.jpg
[2012/11/21 22:37:58 | 000,337,336 | ---- | M] () -- C:\Users\Robi\Desktop\Arbeits und Sozialverhalten.jpg
[2012/11/21 16:27:40 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2012/11/18 19:25:53 | 000,076,784 | ---- | M] () -- C:\Users\Robi\AppData\Local\GDIPFONTCACHEV1.DAT
[2012/11/18 19:23:40 | 000,339,296 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/11/17 22:19:49 | 000,000,867 | ---- | M] () -- C:\windows\win.ini
[2012/11/09 08:38:08 | 000,000,316 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForRobi.job
[2012/11/07 16:19:00 | 000,119,300 | -H-- | M] () -- C:\windows\System32\mlfcache.dat
[2012/11/03 11:35:40 | 000,000,017 | ---- | M] () -- C:\windows\System32\shortcut_ex.dat
[10 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/22 13:21:13 | 000,007,250 | ---- | C] () -- C:\Users\Robi\Documents\Pädagogik Projekt.wlmp
[2012/11/21 23:05:20 | 000,211,168 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim 09.07.2012 - 03.08.2012.jpg
[2012/11/21 23:03:25 | 000,203,440 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim 02.04.2012 - 13.04.2012.jpg
[2012/11/21 23:01:37 | 000,370,461 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Diakonie 02.01.2012 - 06.01.2012.jpg
[2012/11/21 22:59:28 | 000,361,755 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim schulisch 21.03.2011 - 08.04.2011.jpg
[2012/11/21 22:57:34 | 000,327,275 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Kindergarten 15.11.2010 - 03.12.2010.jpg
[2012/11/21 22:52:41 | 000,289,663 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim 11.10.2010 - 22.10.2010.jpg
[2012/11/21 22:50:54 | 000,276,004 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim 26.07.2010 - 13.08.2010.jpg
[2012/11/21 22:47:21 | 000,343,463 | ---- | C] () -- C:\Users\Robi\Desktop\Halbjahreszeugnis der Fachhochschulreife 2.jpg
[2012/11/21 22:45:59 | 000,306,644 | ---- | C] () -- C:\Users\Robi\Desktop\Halbjahreszeugnis der Fachhochschulreife 1.jpg
[2012/11/21 22:43:07 | 000,180,681 | ---- | C] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 4.jpg
[2012/11/21 22:41:50 | 000,292,828 | ---- | C] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 3.jpg
[2012/11/21 22:40:39 | 000,234,454 | ---- | C] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 2.jpg
[2012/11/21 22:39:13 | 000,240,593 | ---- | C] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 1.jpg
[2012/11/21 22:37:57 | 000,337,336 | ---- | C] () -- C:\Users\Robi\Desktop\Arbeits und Sozialverhalten.jpg
[2012/11/20 12:32:34 | 000,338,432 | ---- | C] () -- C:\windows\System32\sqlite36_engine.dll
[2012/11/17 22:23:14 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/17 22:22:38 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/07 16:07:32 | 000,002,491 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2012/11/03 11:35:40 | 000,000,017 | ---- | C] () -- C:\windows\System32\shortcut_ex.dat
[2012/09/17 21:10:21 | 000,524,288 | -HS- | C] () -- C:\Users\Robi\ntuser.dat{1053e764-0103-11e2-9662-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2012/09/17 21:10:21 | 000,524,288 | -HS- | C] () -- C:\Users\Robi\ntuser.dat{1053e764-0103-11e2-9662-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2012/09/17 21:10:21 | 000,065,536 | -HS- | C] () -- C:\Users\Robi\ntuser.dat{1053e764-0103-11e2-9662-806e6f6e6963}.TM.blf
[2012/09/17 21:02:28 | 000,001,652 | ---- | C] () -- C:\windows\System32\ASOROSet.bin
[2012/09/03 20:25:13 | 000,000,193 | ---- | C] () -- C:\windows\WORDPAD.INI
[2012/07/22 19:46:16 | 000,000,000 | ---- | C] () -- C:\windows\appXYqt3.ini
[2012/06/17 23:40:45 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r06
[2012/06/17 23:40:43 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r05
[2012/06/17 23:40:43 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r04
[2012/06/17 23:40:39 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r03
[2012/06/17 23:40:39 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r02
[2012/06/17 23:40:39 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r01
[2012/06/17 23:40:38 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r00
[2012/06/17 23:40:38 | 000,009,006 | ---- | C] () -- C:\Users\Robi\aoe-project.nfo
[2012/05/13 18:11:07 | 000,119,300 | -H-- | C] () -- C:\windows\System32\mlfcache.dat
[2012/04/27 17:19:28 | 000,027,969 | ---- | C] () -- C:\Users\Robi\AppData\Roaming\UserTile.png
[2012/04/24 10:12:02 | 000,139,264 | ---- | C] () -- C:\windows\System32\usbceipi.dll
[2012/04/23 21:10:30 | 000,524,288 | -HS- | C] () -- C:\Users\Robi\ntuser.dat{6e5fe737-8d7e-11e1-bc0d-70f395cd17d6}.TMContainer00000000000000000002.regtrans-ms
[2012/04/23 21:10:29 | 000,524,288 | -HS- | C] () -- C:\Users\Robi\ntuser.dat{6e5fe737-8d7e-11e1-bc0d-70f395cd17d6}.TMContainer00000000000000000001.regtrans-ms
[2012/04/23 21:10:28 | 000,065,536 | -HS- | C] () -- C:\Users\Robi\ntuser.dat{6e5fe737-8d7e-11e1-bc0d-70f395cd17d6}.TM.blf
[2012/03/26 14:50:10 | 000,524,288 | -HS- | C] () -- C:\Users\Robi\ntuser.dat{4fead9e9-7747-11e1-86aa-70f395cd17d6}.TMContainer00000000000000000002.regtrans-ms
[2012/03/26 14:50:10 | 000,524,288 | -HS- | C] () -- C:\Users\Robi\ntuser.dat{4fead9e9-7747-11e1-86aa-70f395cd17d6}.TMContainer00000000000000000001.regtrans-ms
[2012/03/26 14:50:09 | 000,065,536 | -HS- | C] () -- C:\Users\Robi\ntuser.dat{4fead9e9-7747-11e1-86aa-70f395cd17d6}.TM.blf
[2012/03/20 21:21:18 | 000,000,046 | ---- | C] () -- C:\windows\QTW.INI
[2012/03/09 09:15:19 | 000,524,288 | -HS- | C] () -- C:\Users\Robi\ntuser.dat{f3a25e61-69bf-11e1-903e-70f395cd17d6}.TMContainer00000000000000000002.regtrans-ms
[2012/03/09 09:15:19 | 000,524,288 | -HS- | C] () -- C:\Users\Robi\ntuser.dat{f3a25e61-69bf-11e1-903e-70f395cd17d6}.TMContainer00000000000000000001.regtrans-ms
[2012/03/09 09:15:19 | 000,065,536 | -HS- | C] () -- C:\Users\Robi\ntuser.dat{f3a25e61-69bf-11e1-903e-70f395cd17d6}.TM.blf
[2012/02/21 10:51:49 | 000,000,190 | ---- | C] () -- C:\windows\cncscore.ini
[2012/02/17 18:30:29 | 000,286,720 | ---- | C] () -- C:\windows\vsnpstd.exe
[2012/02/17 18:30:28 | 000,053,248 | ---- | C] () -- C:\windows\System32\dsnpstd.dll
[2012/02/17 18:30:19 | 000,061,440 | ---- | C] ( ) -- C:\windows\System32\rsnpstd.dll
[2012/01/29 21:29:47 | 000,000,109 | ---- | C] () -- C:\windows\disney.ini
[2011/11/17 19:11:31 | 000,000,236 | ---- | C] () -- C:\ProgramData\{5CAFA1B7-9EEF-4cc7-B9F7-9DDB3DAA679E}
[2011/10/26 16:04:43 | 000,139,152 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys
[2011/10/26 16:04:43 | 000,139,152 | ---- | C] () -- C:\Users\Robi\AppData\Roaming\PnkBstrK.sys
[2011/10/26 16:04:32 | 000,111,928 | ---- | C] () -- C:\windows\System32\PnkBstrB.exe
[2011/10/26 16:04:14 | 002,793,768 | ---- | C] () -- C:\windows\System32\pbsvc.exe
[2011/10/26 16:04:14 | 000,066,872 | ---- | C] () -- C:\windows\System32\PnkBstrA.exe
[2011/08/02 10:34:12 | 000,000,528 | R--- | C] () -- C:\Program Files\MediaID.bin
[2011/07/27 19:48:14 | 000,021,840 | ---- | C] () -- C:\windows\System32\SIntfNT.dll
[2011/07/27 19:48:14 | 000,017,212 | ---- | C] () -- C:\windows\System32\SIntf32.dll
[2011/07/27 19:48:14 | 000,012,067 | ---- | C] () -- C:\windows\System32\SIntf16.dll
[2011/07/27 19:46:30 | 000,000,228 | ---- | C] () -- C:\windows\SIERRA.INI
[2011/07/21 21:18:46 | 000,000,236 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51}
[2011/07/02 23:43:21 | 000,053,600 | ---- | C] () -- C:\windows\System32\dosx.exe
[2011/06/23 21:02:37 | 000,137,216 | ---- | C] () -- C:\windows\epuninstall.exe
[2011/04/24 17:21:37 | 000,000,032 | ---- | C] () -- C:\windows\Menu.INI
[2011/04/09 20:30:55 | 000,001,849 | ---- | C] () -- C:\Users\Robi\AppData\Roaming\GhostObjGAFix.xml
[2011/03/26 12:21:10 | 000,524,288 | -HS- | C] () -- C:\Users\Robi\NTUSER.DAT{0c0f6de5-579b-11e0-b54f-70f395cd17d6}.TMContainer00000000000000000002.regtrans-ms
[2011/03/26 12:21:09 | 000,524,288 | -HS- | C] () -- C:\Users\Robi\NTUSER.DAT{0c0f6de5-579b-11e0-b54f-70f395cd17d6}.TMContainer00000000000000000001.regtrans-ms
[2011/03/26 12:21:09 | 000,065,536 | -HS- | C] () -- C:\Users\Robi\NTUSER.DAT{0c0f6de5-579b-11e0-b54f-70f395cd17d6}.TM.blf
[2011/03/14 15:18:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/30 19:14:14 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2011/01/28 23:32:42 | 000,000,088 | RHS- | C] () -- C:\ProgramData\32C99DC932.sys
[2011/01/28 23:32:28 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/01/28 21:39:21 | 002,544,613 | -H-- | C] () -- C:\Users\Robi\AppData\Local\IconCache.db
[2011/01/28 20:11:47 | 000,076,784 | ---- | C] () -- C:\Users\Robi\AppData\Local\GDIPFONTCACHEV1.DAT
[2011/01/28 20:05:33 | 000,524,288 | -HS- | C] () -- C:\Users\Robi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2011/01/28 20:05:33 | 000,524,288 | -HS- | C] () -- C:\Users\Robi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2011/01/28 20:05:33 | 000,065,536 | -HS- | C] () -- C:\Users\Robi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2011/01/28 20:05:32 | 004,980,736 | -HS- | C] () -- C:\Users\Robi\ntuser.dat.bak
[2011/01/28 20:05:32 | 004,718,592 | ---- | C] () -- C:\Users\Robi\ntuser.dat
[2011/01/28 20:05:32 | 000,000,020 | -HS- | C] () -- C:\Users\Robi\ntuser.ini

========== ZeroAccess Check ==========

[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/08/17 20:21:18 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Ashampoo
[2012/02/28 18:20:46 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Babylon
[2012/11/20 22:27:52 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Bloson
[2012/04/30 23:09:02 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\DAEMON Tools Lite
[2011/11/17 19:11:18 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Degener
[2012/11/21 18:15:02 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\DesktopIconForAmazon
[2012/10/05 19:28:29 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\DVDVideoSoft
[2012/09/16 20:20:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/06/23 14:49:05 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\GetRightToGo
[2012/03/24 23:38:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Lazy 8 Studios
[2011/10/14 16:23:36 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Leadertech
[2012/03/15 21:07:58 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\loadtbs
[2012/11/20 12:31:51 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\OCS
[2012/10/20 18:24:51 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\OpenCandy
[2012/04/16 18:56:37 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\OpenOffice.org
[2012/11/20 12:32:01 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Opera
[2012/04/07 19:19:43 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Rovio
[2012/04/24 18:48:13 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SMART Technologies
[2012/04/24 10:50:20 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SMART Technologies Inc
[2012/09/17 13:56:22 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SoftGrid Client
[2011/10/01 14:10:46 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SpringLobby
[2011/10/01 14:10:22 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\springsettings
[2011/01/30 08:27:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\supertuxkart
[2012/10/13 12:08:44 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Systweak
[2011/10/24 17:13:10 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Teeworlds
[2012/10/14 14:02:11 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Tonido
[2012/02/11 16:50:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\toolplugin
[2011/01/28 23:08:32 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\TP
[2011/05/02 22:00:52 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Visan
[2011/10/01 11:23:10 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Windows Live Writer
[2012/03/25 22:34:27 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Windows SideBar

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2011/01/28 20:12:52 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010/09/09 20:25:48 | 000,000,000 | ---D | M] -- C:\6b4adc41778d39ee87afcdf02bbacb6c
[2010/09/09 19:47:22 | 000,000,000 | ---D | M] -- C:\amd64
[2010/04/25 09:41:22 | 000,000,000 | -HSD | M] -- C:\boot
[2012/11/21 11:45:08 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009/07/14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010/09/09 10:49:15 | 000,000,000 | ---D | M] -- C:\EFI
[2011/05/03 19:12:37 | 000,000,000 | ---D | M] -- C:\GTA Vice City User Files
[2010/09/09 20:56:48 | 000,000,000 | -H-D | M] -- C:\hp
[2011/02/12 22:50:39 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009/07/14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/11/21 18:15:10 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/11/21 16:48:53 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010/04/25 08:48:57 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012/07/26 02:12:21 | 000,000,000 | ---D | M] -- C:\Sierra
[2012/02/05 21:55:53 | 000,000,000 | ---D | M] -- C:\swsetup
[2012/11/23 15:21:02 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/01/28 21:33:17 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV
[2011/01/28 20:05:31 | 000,000,000 | R--D | M] -- C:\Users
[2012/11/21 16:32:56 | 000,000,000 | ---D | M] -- C:\Windows
[2010/09/09 19:47:22 | 000,000,000 | ---D | M] -- C:\x86

< %SYSTEMDRIVE%\*.* >
[2012/02/03 15:11:10 | 000,000,000 | ---- | M] () -- C:\AILog.txt
[2011/11/07 15:49:03 | 000,356,420 | ---- | M] () -- C:\AnalysisLog.sr0
[2009/07/14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2012/08/30 00:15:30 | 003,782,214 | ---- | M] () -- C:\chatzum_nt.exe
[1997/02/17 11:37:54 | 000,171,520 | ---- | M] (Europress Software) -- C:\CNCS32.dll
[2012/08/17 20:22:33 | 000,000,009 | ---- | M] () -- C:\END
[2012/11/23 14:49:58 | 801,697,792 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/19 15:30:55 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/02/18 00:05:09 | 000,000,601 | ---- | M] () -- C:\MFW0.xml
[2011/03/04 20:10:52 | 000,000,601 | ---- | M] () -- C:\MFW1.xml
[2011/03/06 18:39:32 | 000,000,601 | ---- | M] () -- C:\MFW2.xml
[2011/03/19 12:36:54 | 000,000,601 | ---- | M] () -- C:\MFW3.xml
[2011/03/23 23:00:18 | 000,000,601 | ---- | M] () -- C:\MFW4.xml
[2011/03/24 11:35:29 | 000,000,601 | ---- | M] () -- C:\MFW5.xml
[2011/03/27 21:55:58 | 000,000,601 | ---- | M] () -- C:\MFW6.xml
[2011/03/29 16:39:37 | 000,000,601 | ---- | M] () -- C:\MFW7.xml
[2011/05/19 15:30:55 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/11/23 15:04:07 | 1119,809,536 | -HS- | M] () -- C:\pagefile.sys
[2011/01/30 09:29:24 | 000,002,471 | ---- | M] () -- C:\pdfco.log
[2012/02/16 16:37:48 | 000,000,510 | ---- | M] () -- C:\settings.ini
[2009/10/19 23:43:50 | 000,047,104 | ---- | M] () -- C:\Thumbs.db
[2012/03/02 15:17:32 | 000,000,474 | ---- | M] () -- C:\user.js
[2011/12/29 15:33:31 | 000,000,979 | ---- | M] () -- C:\WinRAR.lnk

< %PROGRAMFILES%\*.exe >
[2011/01/30 18:36:13 | 008,417,616 | ---- | M] (Mozilla) -- C:\Program Files\Firefox.exe
[2011/02/04 17:17:44 | 060,458,664 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Program Files\FreeStudio.exe
Invalid Environment Variable: PROGRAMFILES(X86)

< %systemroot%\*. /mp /s >

< %windir%\installer\*. /10 >
[2012/11/20 12:03:48 | 000,000,000 | ---D | M] -- C:\windows\installer\MSIF4F2.tmp-
[2012/11/17 21:00:27 | 000,000,000 | ---D | M] -- C:\windows\installer\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}
[2012/11/17 21:00:28 | 000,000,000 | ---D | M] -- C:\windows\installer\{787D1A33-A97B-4245-87C0-7174609A540C}
[2012/11/17 22:24:14 | 000,000,000 | ---D | M] -- C:\windows\installer\{90140000-0018-0000-0000-0000000FF1CE}
[2012/11/17 22:24:36 | 000,000,000 | ---D | M] -- C:\windows\installer\{90140000-001B-0000-0000-0000000FF1CE}
[2012/11/17 22:24:45 | 000,000,000 | ---D | M] -- C:\windows\installer\{95140000-00AF-0407-0000-0000000FF1CE}

< %appdata%\*. >
[2011/01/28 22:22:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Adobe
[2012/11/07 16:09:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Apple Computer
[2012/08/17 20:21:18 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Ashampoo
[2011/01/28 20:14:17 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\ATI
[2012/09/23 08:12:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Avira
[2012/02/28 18:20:46 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Babylon
[2012/11/20 22:27:52 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Bloson
[2011/01/28 23:32:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Corel
[2012/09/03 20:28:37 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\CorelHomeOffice
[2012/04/30 23:09:02 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\DAEMON Tools Lite
[2011/11/17 19:11:18 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Degener
[2012/11/21 18:15:02 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\DesktopIconForAmazon
[2011/12/25 19:24:36 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\DivX
[2011/06/15 21:08:17 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\dvdcss
[2012/10/05 19:28:29 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\DVDVideoSoft
[2012/09/16 20:20:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/06/23 14:49:05 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\GetRightToGo
[2011/07/09 16:06:39 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Hewlett-Packard
[2012/06/26 10:22:13 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\hpqLog
[2012/11/17 21:08:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\HpUpdate
[2011/01/28 20:12:54 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Identities
[2012/03/24 23:38:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Lazy 8 Studios
[2011/10/14 16:23:36 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Leadertech
[2012/03/15 21:07:58 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\loadtbs
[2011/01/28 22:22:51 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Macromedia
[2012/10/13 16:51:46 | 000,000,000 | --SD | M] -- C:\Users\Robi\AppData\Roaming\Microsoft
[2011/02/18 16:52:08 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Mozilla
[2012/11/20 12:31:51 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\OCS
[2012/10/20 18:24:51 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\OpenCandy
[2012/04/16 18:56:37 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\OpenOffice.org
[2012/11/20 12:32:01 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Opera
[2012/04/07 19:19:43 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Rovio
[2012/09/16 19:09:05 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Roxio Log Files
[2011/07/21 21:15:47 | 000,000,000 | RH-D | M] -- C:\Users\Robi\AppData\Roaming\SecuROM
[2011/04/07 22:28:56 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Skype
[2011/03/14 16:05:47 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\skypePM
[2012/04/24 18:48:13 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SMART Technologies
[2012/04/24 10:50:20 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SMART Technologies Inc
[2012/09/17 13:56:22 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SoftGrid Client
[2011/10/01 14:10:46 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SpringLobby
[2011/10/01 14:10:22 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\springsettings
[2011/01/30 08:27:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\supertuxkart
[2012/10/13 12:08:44 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Systweak
[2011/10/24 17:13:10 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Teeworlds
[2012/10/14 14:02:11 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Tonido
[2012/02/11 16:50:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\toolplugin
[2011/01/28 23:08:32 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\TP
[2012/01/23 08:35:19 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\U3
[2012/08/07 17:07:16 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\UltraVNC
[2011/05/02 22:00:52 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Visan
[2012/10/14 11:22:36 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\vlc
[2011/10/01 11:23:10 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Windows Live Writer
[2012/03/25 22:34:27 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Windows SideBar
[2011/12/29 15:33:56 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\WinRAR

< %appdata%\*.* >
[2011/05/28 14:35:34 | 000,001,849 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\GhostObjGAFix.xml
[2011/10/26 16:04:43 | 000,139,152 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\PnkBstrK.sys
[2012/04/27 17:19:28 | 000,027,969 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\UserTile.png

< %appdata%\*.exe /s >
[2012/11/20 12:32:10 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\Robi\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe
[2012/03/07 13:45:24 | 001,242,112 | ---- | M] (InfiniAd GmbH) -- C:\Users\Robi\AppData\Roaming\loadtbs\uninstall.exe
[2012/02/09 12:05:06 | 000,694,784 | ---- | M] (InfiniAd GmbH) -- C:\Users\Robi\AppData\Roaming\loadtbs\ytdl.exe
[2011/12/11 18:13:50 | 003,763,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Robi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2012/03/24 23:38:17 | 000,176,730 | R--- | M] () -- C:\Users\Robi\AppData\Roaming\Microsoft\Installer\{3B1329C8-C239-45F8-A4A7-E4477A9B0FED}\_8AED56ACCE516E2F8F20BE.exe
[2012/03/24 23:38:18 | 000,176,730 | R--- | M] () -- C:\Users\Robi\AppData\Roaming\Microsoft\Installer\{3B1329C8-C239-45F8-A4A7-E4477A9B0FED}\_D1620478A9711C91595E58.exe
[2012/11/20 12:31:51 | 000,106,496 | ---- | M] (OCS) -- C:\Users\Robi\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2012/11/20 12:31:51 | 000,040,960 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
[2012/09/24 20:17:24 | 027,448,224 | ---- | M] (TuneUp Software) -- C:\Users\Robi\AppData\Roaming\OpenCandy\769CCBC6B0AD43259C4F3CAF6474461D\TuneUpUtilities2013_2200218_de-DE.exe
[2012/02/06 23:49:12 | 052,016,336 | ---- | M] (Rovio) -- C:\Users\Robi\AppData\Roaming\Rovio\Angry Birds Rio\updates\Update\AngryBirdsRioInstaller_1.4.2.exe
[2012/08/09 14:46:44 | 034,269,024 | ---- | M] (Rovio) -- C:\Users\Robi\AppData\Roaming\Rovio\Angry Birds Space\updates\Update\AngryBirdsSpaceInstaller_1.2.2.exe
[2011/08/04 17:04:56 | 046,370,928 | ---- | M] (Rovio) -- C:\Users\Robi\AppData\Roaming\Rovio\Angry Birds\updates\Update\AngryBirdsInstaller_1.6.2.exe
[2011/11/01 17:34:20 | 046,678,912 | ---- | M] (Rovio) -- C:\Users\Robi\AppData\Roaming\Rovio\Angry Birds\updates\Update\AngryBirdsInstaller_1.6.3.1.exe
[2012/02/11 18:26:14 | 041,044,728 | ---- | M] (Rovio) -- C:\Users\Robi\AppData\Roaming\Rovio\Angry Birds\updates\Update\AngryBirdsInstaller_2.0.2-1.exe
[2007/10/23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\U3\temp\cleanup.exe
[2008/05/02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\Robi\AppData\Roaming\U3\temp\Launchpad Removal.exe

< %localappdata%\*. >
[2011/01/28 20:05:33 | 000,000,000 | -HSD | M] -- C:\Users\Robi\AppData\Local\Anwendungsdaten
[2012/04/27 12:14:10 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Apple
[2012/11/07 16:09:44 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Apple Computer
[2012/08/17 20:21:10 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\ashampoo
[2011/01/28 20:14:17 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\ATI
[2011/01/28 20:13:27 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Broadcom
[2012/08/24 15:56:00 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Conduit
[2011/02/16 20:12:06 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\ConduitEngine
[2012/08/17 20:21:44 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\CRE
[2012/11/08 20:42:59 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Diagnostics
[2011/10/14 16:23:58 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Downloaded Installations
[2012/10/02 08:22:36 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\ElevatedDiagnostics
[2012/10/20 18:28:06 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Freetec
[2011/02/16 20:12:06 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Funload.de
[2012/10/13 12:04:43 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Google
[2012/03/25 00:02:14 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Halfbrick
[2011/02/20 18:53:23 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Hewlett-Packard
[2011/05/02 21:12:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\HP
[2012/03/25 00:00:17 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Intel
[2012/09/16 20:33:18 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Macromedia
[2012/11/07 17:09:11 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Microsoft
[2011/09/08 17:33:02 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Microsoft Games
[2012/10/13 13:41:27 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Microsoft Help
[2011/07/24 01:44:33 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\MicroVision Applications
[2011/01/30 09:50:36 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\MigWiz
[2011/01/30 17:53:22 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Mozilla
[2012/04/14 12:29:27 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\NFS Underground 2
[2011/01/28 20:13:12 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\PDFC
[2011/01/28 22:51:24 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Roxio
[2012/04/24 10:57:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\SMART Technologies
[2012/04/24 10:50:20 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\SMART Technologies Inc
[2011/01/28 23:08:04 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\SoftGrid Client
[2012/11/23 15:17:35 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Temp
[2011/01/28 20:05:33 | 000,000,000 | -HSD | M] -- C:\Users\Robi\AppData\Local\Temporary Internet Files
[2012/10/20 18:35:44 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\TubeBox
[2011/01/28 20:05:33 | 000,000,000 | -HSD | M] -- C:\Users\Robi\AppData\Local\Verlauf
[2012/09/16 20:03:05 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\VirtualStore
[2012/11/20 11:57:53 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Wajam
[2012/08/14 12:34:06 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Windows Live
[2011/06/09 22:29:48 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Windows Live Writer
[2011/01/30 14:46:51 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\WinZip
[2011/12/31 14:04:52 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{015FAEAB-4E38-4C7C-A023-3B8D2BC8EFA1}
[2011/11/25 08:38:49 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{019BD3E5-0135-4A6F-B55E-7E628D678B4E}
[2012/05/11 12:40:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{026C27B0-F8AD-4D08-BCD0-9C5D40DCF3A0}
[2011/10/28 11:58:04 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{037A8D08-A32C-4E5B-9A9F-85BE5E0292EE}
[2012/07/15 16:42:56 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{03C9BE97-91F7-4817-A050-50CBE50717C2}
[2011/10/10 18:14:16 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{04B3D14E-C9BD-4E4F-9775-82AE9247AE07}
[2011/06/23 09:50:39 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{067ACE15-4291-4035-8882-D114A9EC20F1}
[2011/10/12 13:03:25 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{06ADD07A-BA19-4D65-A0E9-CEB699CFC352}
[2011/08/12 10:20:47 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{07155021-628E-4E61-8388-2E7E8B9F36CC}
[2011/06/30 13:30:18 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{07730E8A-ADC8-4545-BD8D-DECC0BB66517}
[2011/10/20 15:49:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{0837252E-7BCE-4635-BDE7-56CF9FB9CD80}
[2011/07/04 22:16:10 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{0B5D2CB1-9755-4199-8468-36D40E0289D7}
[2012/01/02 15:01:44 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{0B6BA510-2F40-477D-BC70-E37D3850C002}
[2012/01/01 12:38:25 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{0BB50477-762E-4D8C-B53D-99E75F6E9A60}
[2011/11/13 17:51:31 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{0C899784-31F4-447B-83E7-CBD8D8CD5EF1}
[2011/11/15 08:24:59 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{0C92F768-0EBC-4C5F-9D29-C24D23317A75}
[2012/02/09 09:00:58 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{0D1C2B12-A264-414F-ACE6-101085FBFDF4}
[2011/11/30 17:27:20 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{0DDBAAC6-D40A-4C09-85A8-A7C495AD549F}
[2011/08/29 17:35:04 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{0E919348-B08B-4FD2-855C-BE88B87F4103}
[2011/10/21 15:13:29 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{0F41F39F-A506-465C-9A5D-431BEF8F801B}
[2011/12/29 13:20:13 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{0F5E16E9-AA65-4DC7-AB74-74E8AD4ABBE3}
[2012/05/08 15:44:29 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{0F9B8568-8400-402B-885E-6E361FC27614}
[2011/07/18 21:06:31 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{119646BE-0952-4B13-979A-2ABABD03F14C}
[2011/06/17 12:39:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{121E92F7-8A26-42BB-B996-4F7C1B4444D8}
[2011/08/04 09:50:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{12FE8392-EDDB-46C2-A04A-0029195D3D3E}
[2011/06/19 21:25:01 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{137842CE-5A49-46B5-A1FA-D5AB7051B51A}
[2011/06/21 16:24:27 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{148905D9-8163-4E08-A5F8-045E14C51E68}
[2011/08/30 10:48:31 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{15F10852-F498-4C3B-BBEB-FE716DD9E072}
[2011/07/03 10:24:27 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{167DF774-2E7F-40D2-B52B-0675482BB10B}
[2011/12/09 19:55:34 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{1909D481-1047-4DC4-9AA1-DD1E0C56154D}
[2011/06/09 22:30:00 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{1AEB67FB-FF95-451C-B622-A0A34EF4E042}
[2011/12/31 12:07:27 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{1BF16BA0-2834-4528-B15F-886E22DC2560}
[2011/09/28 14:16:49 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{1C402B48-BEBC-4EA2-B00A-29BC41EAE4F5}
[2011/10/17 20:07:27 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{1CF47066-840C-47AF-90C1-FAFE2AA11CA8}
[2012/01/02 02:13:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{1FDC9066-A154-4071-BDE8-1F663F818906}
[2011/12/10 17:51:06 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{1FE036A9-B056-4C80-8198-1BFB8461C5BC}
[2011/08/16 20:02:59 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{200BF3D1-B878-47A3-B336-DE12BCA9AC94}
[2011/06/12 11:37:20 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{202D7CEC-067D-4B42-A7FA-917836CEBDA2}
[2011/07/08 19:25:57 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{2041C2F9-88AE-45FE-A458-7A775725CF1E}
[2011/12/17 13:18:38 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{21B18087-AAE8-4975-8306-AAE0C4BB467D}
[2011/06/18 19:41:47 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{21D93EEB-FD02-4861-9A73-734BB7230781}
[2011/12/14 15:23:25 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{22DBF7B2-0F44-465E-B3C9-2D8531323AA6}
[2012/11/09 06:36:31 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{23ABBB6E-6153-4E10-9C0F-8A4C7CFA2B33}
[2011/07/05 15:19:33 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{24E16B02-F532-4D6E-968A-D6FDE6C698B7}
[2011/08/02 21:14:40 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{2864306D-A8AD-4AA7-9991-B4FDA8638541}
[2012/05/10 20:33:57 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{29740ACA-4407-4E29-A560-B69BA2D4F08D}
[2011/07/24 04:30:15 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{29E7336B-DEB6-4BA8-A4F0-06898CA062AB}
[2011/07/06 18:54:35 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{2BA77D5E-0AD4-422D-8152-19431BCE7078}
[2011/08/10 09:46:37 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{2DC84C56-899A-4645-BC60-088FB7888AD2}
[2011/12/22 20:44:14 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{2EC305F2-2CAA-4E26-9F03-A7164CE8FA38}
[2011/06/09 22:28:47 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local

Kevinator941 23.11.2012 15:54
\{2F41C724-B8E1-43E8-8DF7-5F41DC041518}
[2011/11/04 07:44:11 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{2F7FFBD6-CE33-4152-9D15-131D171B9E89}
[2012/07/15 04:34:32 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{2F99B4F4-A03E-4242-8171-1E585E627DE8}
[2011/09/06 21:39:23 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{2FEC2D11-3FA6-4CB1-B4D3-6B82FAB5A6F2}
[2012/01/12 17:45:24 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{2FF8227D-0D66-4C74-9147-145D2A7C1342}
[2011/09/06 23:09:19 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{306BC674-D282-4B05-BDCA-9B443492F7DF}
[2011/08/31 19:36:56 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{306F4ADD-DE9E-4208-95C1-8F485059333A}
[2011/08/26 13:16:10 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{31E67955-5FAC-4F83-83FB-1DE8BB7A96AA}
[2011/12/16 15:40:24 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{320965F6-D07F-40E6-A242-687EB96DF737}
[2011/12/12 14:59:15 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{3314E5FB-CD48-46E7-9934-F25E6701D609}
[2012/01/06 17:56:28 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{34BC12E1-8103-4E6A-8A1D-2A943F80AEE1}
[2011/06/21 06:25:38 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{34D2F057-D6D5-4C9A-9AD5-C9356D234E16}
[2011/06/26 18:12:45 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{3501E97D-1F9A-486A-8905-96BD23BAA368}
[2012/06/04 11:36:23 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{36618F64-4264-4CE8-A3C8-2EE8229E9B33}
[2011/12/13 19:26:46 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{368562E9-CA00-4B01-9B7A-73A02622A581}
[2011/09/11 17:44:59 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{376D705A-2B29-4ED4-A2A0-2E92CA619E72}
[2011/06/11 08:26:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{37F27321-F794-4388-A9A3-D6C234201F2C}
[2011/11/25 14:06:12 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{383E68B0-A3C9-4780-9E16-B6FD6A86BB6A}
[2011/10/06 21:27:22 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{3BE2129A-DCAD-4C79-8745-90964CB72C64}
[2011/06/07 17:18:08 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{3D32B278-7105-4DAF-8263-96B66EE29062}
[2011/12/18 18:43:28 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{3DCCBF37-F4C4-4E60-B056-ED2914A70BBC}
[2011/11/28 12:37:59 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{3E5D122D-7044-4685-A7A2-E7F78092A74A}
[2012/01/15 19:52:11 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{3FA97D25-A448-4EED-A1E1-BF329DF1EB31}
[2011/06/24 12:44:13 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{42FCAF6B-DBFD-4A5F-AAE3-322913670F05}
[2011/06/20 15:04:17 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{43B9CE92-5D0A-4792-BBF0-7FF49E1EC880}
[2011/11/12 15:38:54 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{446F402A-C989-47D2-B921-18EFF8785F00}
[2012/11/08 08:04:59 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{449D7202-ACCA-46FD-A049-6FA5561DDDE6}
[2011/06/27 08:55:01 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{450F6B32-8D77-46E9-8ED3-204928CF242E}
[2011/06/18 08:46:19 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{4596B161-5A47-45CD-BB05-BB787A7B90C0}
[2011/07/03 18:37:05 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{48CFA207-500B-49F3-9630-DCA89EE2A957}
[2011/07/06 12:39:21 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{4960DEDA-D7B6-47DE-B1F4-3F9240B2F6BF}
[2011/08/24 12:39:54 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{49F64394-3D11-4E46-8BD3-6050558F8056}
[2011/06/22 20:55:46 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{4B252EE8-357A-405C-B95D-D62A378C0448}
[2011/11/20 10:17:58 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{4B9E6E9D-EC3C-4BDD-B50E-13D84D3E00B3}
[2011/06/09 22:30:36 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{4D122C6F-EB99-4C19-BBA7-6923DF27645C}
[2011/09/05 13:20:25 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{4FBD5660-7D27-4724-BF16-7D0EA93AF4AA}
[2012/01/02 02:13:54 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{508868FD-993F-4088-9F71-5AAA9FFC4F56}
[2012/07/14 13:30:55 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{51413F1D-2723-476A-B655-CF039EDC2AEC}
[2011/07/12 21:08:53 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{52F67413-47FA-436E-8168-193BD653AE47}
[2011/09/27 08:50:20 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{53302264-98DE-43E9-A406-4F4109133B43}
[2011/10/01 09:16:04 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{535CC33D-8827-4913-9233-A017EFE9705A}
[2011/08/13 13:18:44 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{54A84A22-FAB6-4D29-82AE-9686DE8BD266}
[2011/08/13 15:10:35 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{557E7436-26B7-43DB-8715-D4DF6EC86DA4}
[2011/10/27 09:49:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{55942962-9F69-4F72-B521-B7FC308245A6}
[2012/01/18 18:41:21 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{55A13A06-3071-4484-98C8-3507CB81A08C}
[2012/07/15 04:41:13 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{55CFDF42-B527-4904-A525-53C8165BD2EB}
[2011/10/16 19:53:48 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{562A7E80-451D-4C2C-8C86-25B261805938}
[2011/08/19 11:22:27 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{56ED1E51-0F5E-4F81-8B85-4099BBEE5749}
[2012/01/14 12:25:04 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{56EE69BC-A2DC-4E8F-B516-A321097BA4F5}
[2012/11/22 12:16:43 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{56F4D31D-2F68-4B81-8FE6-4F6101085ECD}
[2011/11/24 08:17:28 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{57454150-AAE3-4741-A218-2EE21464E0C3}
[2011/08/28 11:22:06 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{57A06C74-0AD9-4449-B749-A43623AA96E5}
[2011/10/04 12:59:29 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{57CF4DE4-839D-4D59-813A-66195B4D1736}
[2011/11/16 08:30:21 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{5866F91A-63E2-4408-9F1E-633190C8C05F}
[2011/10/15 07:59:06 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{58CF7DA2-B0B4-4A20-BB2B-0DEB3ABF8565}
[2011/07/24 21:26:21 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{59AB2185-1CB5-4F73-8F27-6DE0F8D0D513}
[2011/06/14 13:53:17 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{5AAE44DB-50F8-4834-B253-E2625EB83909}
[2011/12/20 18:39:11 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{5AF0A886-D44F-4848-BBCF-5E278DD2F99B}
[2011/07/26 10:16:00 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{5B8E9C3E-BE4E-44BF-821A-8F947A32C9A8}
[2011/07/02 08:57:14 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{5B9B48B7-183A-49E5-B560-7B0CB9404C33}
[2011/12/01 16:02:18 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{5D1AABF0-698E-44DE-A37C-276788B5D7C9}
[2011/11/16 19:21:55 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{5D268991-3BF2-4620-9FF5-A0A1BC9FE977}
[2011/06/28 16:28:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{5D750822-8319-45DD-9C36-90A371898DE1}
[2011/12/27 15:19:09 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{5DE3D709-6499-43F0-8307-7565C56FF239}
[2011/12/07 15:37:23 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{5E0A34BE-EA35-46CD-B687-616CC3980184}
[2011/09/11 08:27:03 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{5E280111-B6DC-4E31-8CB8-DA3C348AF40C}
[2011/12/29 18:46:11 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{605E1A96-DE80-4A2E-9E59-983D91B9A041}
[2011/07/04 14:56:17 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{61C5E91F-4EA4-4469-A164-57253DD57CC4}
[2011/06/27 14:09:11 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{62D1FD99-A0B9-40E1-9A13-A725E5EE3C6E}
[2011/06/22 16:33:44 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{62F8D573-1FBC-41B8-B9C5-77F62EFE185D}
[2012/01/13 18:12:48 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{63104BED-5417-421F-974D-7490254A4DD3}
[2011/11/23 17:26:09 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{6380CF74-5B6B-415E-BEE7-658C525CD568}
[2012/02/10 07:20:08 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{6407CD81-670A-4E26-A30C-BD718A50C32A}
[2011/10/16 08:46:25 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{6444E09D-A0F2-47FA-A949-9089DBCD9951}
[2011/06/10 16:07:32 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{652203F0-CFEB-4492-93FF-C3E855EB2596}
[2011/07/09 15:00:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{6533D139-954F-4F83-BFA1-03EE19EFB4BE}
[2011/06/12 23:37:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{65B9AEBD-852F-4F8B-94D2-A63B873033D7}
[2011/11/17 13:12:09 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{661A9288-665E-4481-B7AF-73B9925E65F3}
[2012/11/22 11:55:12 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{66E052C8-5437-413C-8AC1-0CB48B0DB0BA}
[2011/12/15 17:27:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{696C418F-CE78-42F0-BE38-A0B52AAB9873}
[2012/05/11 12:39:17 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{6A835A9E-4777-4694-9CF8-C208587A5F48}
[2011/11/02 11:30:40 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{6B453144-9CD4-41C6-BA46-4D8FC6A2B7A7}
[2011/10/11 13:14:03 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{6B5B6CF5-DCB9-4280-88F8-353F714D4450}
[2011/07/20 21:23:28 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{6C1598CB-BBC5-4006-9A8E-DC7563BDEFAC}
[2012/01/07 21:11:04 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{6C15F4FF-0680-4F40-A3FA-45D03B9EDF33}
[2011/07/25 09:33:04 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{6D3044F5-EFAB-45D0-B6D5-713A91A69C95}
[2011/08/31 16:50:58 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{6E05B69E-8880-420A-A39E-50099CA22405}
[2012/01/24 16:45:28 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{6E7C9D89-4496-47D9-B567-31DF60B231AA}
[2011/12/23 19:25:08 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{6EBDBF3A-02F5-4CEE-9C16-698B0607C453}
[2011/06/19 09:23:49 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{6FDC4231-CBD1-4C16-9BAB-64C292488026}
[2011/12/06 17:06:25 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{70A99224-C4A6-4412-A21D-AAAB99599FD6}
[2011/10/16 07:41:21 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{711C6700-D325-49B0-BE70-FCF18C81EF53}
[2011/10/01 04:45:52 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{716A8027-CB17-497E-A752-60BFF056F09D}
[2011/07/27 09:50:47 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{71E85588-EFFC-4D4B-B19C-BEB065F0C186}
[2011/06/09 22:30:43 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{72BC01E2-AD1F-4237-A5B0-13E142FB20AD}
[2011/07/17 21:05:37 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{7383C85B-09F2-43D5-8422-F91B69B66605}
[2011/12/28 14:05:26 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{738EE5C6-2A60-453D-8DF3-B0F5FD6F6AC4}
[2011/11/04 14:38:34 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{739757AC-66B4-4CE8-B9B1-A81A60EE8B7E}
[2011/11/09 17:07:56 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{73DEA71B-A9AC-4087-B2A9-94F474ABBA86}
[2011/11/11 11:32:07 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{73DF16B1-DF32-4FDB-B535-485D0472B88B}
[2011/10/02 09:28:12 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{744A69B4-86B8-4540-BBA5-6ED15DD3660A}
[2011/06/16 13:59:13 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{74DF1748-85D6-49AF-8219-19E9AA867603}
[2011/12/22 20:43:59 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{75225A39-5DFA-455C-9ED4-7978A9D68C53}
[2011/08/25 12:31:43 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{77F0F236-0D58-40DC-9415-C99B71E9221E}
[2011/10/05 13:57:16 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{7822489D-8ED3-4C66-9EA8-72DD74CEFA56}
[2011/12/01 14:43:17 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{7828F840-D2A5-446B-BC99-AE5458502FAB}
[2012/01/02 03:42:52 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{785736F0-9C0C-4AE8-8D75-55848CC04F20}
[2011/08/17 22:34:04 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{7BB6E811-F0DB-4430-B849-E87B8F2CB268}
[2011/09/04 21:32:15 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{7E2AAB18-1D54-40FB-A8E6-480D2E66C119}
[2012/07/15 04:41:24 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{7E917084-67D8-4728-B925-079AC94AA397}
[2012/05/10 20:57:09 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{7EBD6B07-5393-462C-9BC5-B5B028DB18F4}
[2011/10/18 13:37:08 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{7F8271EC-AC87-44EE-9272-0BEFD22EFD80}
[2011/10/01 11:21:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{7F92378F-5FB4-49F6-8729-197B1E16ECB7}
[2011/08/10 19:36:07 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{808621B9-704D-4F6E-BD1D-4F7B31EA314C}
[2011/06/30 16:57:47 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{8130DE6E-CB5F-4D5C-93C2-0BF57B734E22}
[2011/06/13 18:02:43 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{82DC4858-7B5F-4553-BE35-0C33AA1CD879}
[2011/08/17 10:26:10 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{82FBFA07-3280-48ED-B360-CE0841F4845E}
[2012/07/15 04:33:04 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{83B383F9-F63C-4E43-A5E9-3789DF512AF9}
[2011/07/15 12:21:02 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{83F57F88-3710-4300-A4A7-1F3D4A7FB768}
[2011/08/28 21:27:58 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{85290049-B90A-4150-8F85-1A95857C6B90}
[2011/10/01 11:21:29 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{853FCA2B-8C36-485C-93C7-FA32C2D52B7B}
[2012/08/14 12:33:59 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{867C2644-A569-4BDB-8680-4201F0BBBCC4}
[2011/10/24 13:14:08 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{87D7FA12-9F72-4312-8469-D6C917FA3861}
[2011/09/19 15:02:58 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{87DB7C43-F973-4953-8F22-E6DD47CACFD5}
[2011/07/07 14:14:26 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{881E4076-D1C8-4FBF-B161-7F1BC3EB40B4}
[2011/11/07 15:29:11 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{882442F1-49D5-481D-987E-9914BDF12C23}
[2011/10/30 17:12:34 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{8914DD2A-08B9-4EF0-A2FC-B3A42C1E5676}
[2011/08/01 18:40:44 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{8A1FC62F-14E2-4697-A7C5-FBA3FE56AD6D}
[2011/07/14 14:03:53 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{8A289378-6024-401B-8867-00527AB5875D}
[2011/08/29 13:56:23 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{8E037A85-A20D-4DE1-93EA-E987EFF87CDF}
[2012/07/15 16:42:35 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{8EF00F16-5F50-4FDE-8B57-643EAE354997}
[2011/12/12 10:21:44 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{8F3D85D4-4625-4BE5-8A3F-2309535F433C}
[2012/06/04 11:42:56 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{902065DB-9A91-4982-B2D3-8505BAD21C1F}
[2011/12/18 18:43:07 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{903EE55F-C9B2-4307-B9F0-F6B9A9B94221}
[2012/05/08 15:45:34 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{9078866F-9045-4472-8766-5071BB5A4E90}
[2011/07/29 17:51:03 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{90C8153F-32C9-4952-93B9-3F0DB1E7F190}
[2011/11/05 19:29:43 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{91B54AEA-2DEF-4DC3-B77F-2D0CC333B6F9}
[2011/12/18 11:03:49 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{924A48CF-8985-4F3E-ACF6-44C5A5437AE4}
[2011/07/04 19:14:08 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{92698A47-23EB-42DF-A4BE-9F052CE507F1}
[2011/11/21 18:30:53 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{93673367-DA97-4E2C-B666-74936A5FEF77}
[2011/07/19 20:23:49 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{93B98EC8-1BA6-418C-9EFD-234E255A6059}
[2011/07/05 19:44:29 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{93BC14E8-9F98-4A19-B7D0-554315D46715}
[2011/06/09 22:28:05 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{942D06E6-E6B4-4867-9F0E-69F507BF561D}
[2011/12/22 17:07:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{95B6DE0F-FD41-4E16-9084-AE5C62A55188}
[2011/11/06 19:10:33 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{96A193AD-8197-42CD-9F8C-D558B06734CC}
[2012/01/08 20:03:44 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{98226C24-B267-4F0D-BA1D-E8AE1509E6D3}
[2011/10/28 08:40:39 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{9AD4C0B2-E6EE-4726-8193-9B8E2C70D38E}
[2011/06/17 20:19:39 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{9B9D74CA-2C46-433B-BA69-D027A390BD13}
[2011/08/03 07:08:30 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{9C7B3364-55A0-43F8-884E-1C62AA1AA835}
[2011/06/29 21:35:02 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{9E806F7E-359F-4B51-BF31-86DCFE645A43}
[2011/12/17 16:27:35 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{9E87CD04-A11A-4ED6-810C-BDECDF3FFEB0}
[2011/09/19 18:53:12 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{9F0A1472-D750-4118-91ED-1A6E9403586E}
[2011/11/23 19:00:23 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{A1F5BCCE-036C-4814-9E5E-21FFE0CCBA74}
[2011/11/03 11:19:26 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{A202E1B7-B325-4B53-8EB8-68EA076AF8D3}
[2011/07/20 20:28:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{A2993A4E-FAC6-42F8-A87A-6162591CBC76}
[2012/01/24 00:01:35 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{A2E211E3-31E5-4654-9C37-1E234EFEF28C}
[2011/09/08 15:00:40 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{A4AF41A3-D63C-4D78-A75F-A80F1B2D1DC6}
[2012/02/10 07:19:55 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{A4BABBC5-8584-4384-B8CF-4C6B40672AFB}
[2012/07/15 04:32:52 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{A54F689B-E652-48C2-BD14-CCC57C8EDD9E}
[2011/09/05 11:45:30 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{A62930E5-44C7-4557-AF45-ED0F8F7F21EA}
[2011/10/16 08:46:08 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{A72816B2-D80B-45B3-B083-264BBD9BEFBF}
[2011/12/11 20:36:52 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{A7B8CF63-E05E-4F28-9514-B5A7354A9086}
[2012/05/07 20:05:01 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{A7DF5C3D-CB9D-4C1F-933B-080B632BE6A5}
[2011/11/20 17:57:25 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{A990F812-96AE-4B02-952E-B9F9CF30B0D8}
[2011/06/26 20:08:45 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{AA68F806-31B1-4EB0-8A73-68692B1A5F41}
[2011/07/22 10:25:26 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{AAC1E2E7-AE62-49F5-80F0-6714210DF6DD}
[2011/11/23 12:59:59 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{AB1C91A5-6BB3-41C2-9C18-A5B4F5A61362}
[2011/10/14 13:08:15 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{ABF2A2EC-66DC-4409-8E2E-27B99A7DD845}
[2011/06/10 16:10:05 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{AC1928A3-A55E-4144-B701-35CAA1649F2F}
[2012/01/03 17:35:01 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{AE502122-5F14-485D-BDC4-1A945EC840A3}
[2011/06/15 13:27:04 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{AFFE6B76-384C-4D38-83AD-1956A4FED323}
[2011/11/24 13:46:31 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{B0688F78-A44E-43D1-BA6F-3AF19890EA0E}
[2011/11/18 13:34:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{B0F05897-D180-4721-A738-4E1647B25ED1}
[2011/08/09 09:48:55 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{B121859A-4D47-43A9-B1D8-7946A0FA356D}
[2011/08/07 17:52:25 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{B2568680-427C-4F00-BF61-0431BF015B75}
[2012/05/07 20:06:29 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{B2638002-69CE-471D-A309-E1814B056777}
[2012/05/10 20:36:48 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{B30E9F28-C098-4472-AD89-C50CFE96EDE9}
[2011/06/09 19:55:51 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{B388EE1B-3894-4AE1-ABCC-73F6DA6C17E0}
[2011/08/01 15:17:49 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{B5D68C06-1EB2-47F2-9D74-6B0B966F746E}
[2011/11/02 16:16:47 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{B6C1E066-9983-4525-9D0D-F9C76F068521}
[2011/06/21 17:44:36 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{B6C955DF-908B-490D-9DA1-29112568A0F8}
[2012/05/10 20:57:44 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{B8224A9A-FB0F-4F89-9474-0DD6FBF20989}
[2011/07/27 13:49:18 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{B8D3DF2A-FA5A-4898-ACC3-526E7279830E}
[2012/08/14 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{B96039F5-B71E-4C77-BC79-C0955F5AD72D}
[2012/02/09 09:01:10 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{B9CF8245-81FC-4384-99FA-A7D9922E0464}
[2012/02/06 07:44:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{BA26709E-C1F4-43A2-A9A9-5E0D0198B668}
[2011/11/30 08:13:39 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{BAB0B185-0716-4A74-A7C9-F80D69365C44}
[2011/10/15 23:45:26 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{BB21B69F-75C2-49BC-8573-01DD093AB138}
[2011/12/01 09:48:14 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{BC6A57DD-C4F5-4EE2-9847-00C7CFD99034}
[2011/06/08 12:46:02 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{BCDFAE04-1359-4F1B-B0F7-5E508B324FE3}
[2011/11/23 08:16:26 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{BD760273-8CD0-4972-BA9D-E6BB782A63FE}
[2011/07/21 21:05:53 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{BEA4E3FF-8A5F-4471-BFFA-5B57B03809D9}
[2011/08/03 14:11:07 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{BFD7C650-0AD8-48E5-BC9D-713960345D7D}
[2011/09/05 20:46:20 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{C065DD39-40E5-4E79-A867-906A7CB7211C}
[2011/10/15 23:18:53 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{C0EAD9D0-D5EE-481E-A680-3D0D6DE16834}
[2011/12/29 14:28:18 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{C1DDC10E-9E03-446E-B2BE-F31264FF88D9}
[2011/12/21 18:51:56 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{C328E7F0-98BF-4FB5-B6F7-5D832C4E22A2}
[2011/06/27 13:06:02 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{C36F7163-3648-475A-9D00-2669515DA472}
[2012/01/19 13:00:30 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{C3A497A7-C363-4DA0-B09B-6A3A1C9E0955}
[2012/01/25 16:23:40 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{C4211F9C-18ED-410E-B227-5255195729CA}
[2011/09/09 13:27:12 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{C49CCCD0-D48B-4497-8D7B-4D02C011A625}
[2012/03/15 21:20:56 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{C6B30BFE-0E4D-4447-A6D4-4A5333F4F912}
[2011/07/19 11:28:58 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{C82C51BD-1DF9-4252-BEC7-AD49CC1B19DA}
[2011/08/23 20:04:22 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{C8AAA216-83EF-491F-81D2-79EBE7969005}
[2011/12/06 20:57:00 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{C8E65EE0-46FE-4E87-87B4-3C5C6ED656E3}
[2011/07/28 13:39:03 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{CACDC570-20E8-4A40-8B35-56C058EB51BA}
[2011/08/18 21:24:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{CAF4B6CA-AAF0-4723-AE0C-EE47A493A315}
[2011/07/15 19:13:19 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{CCD49806-4B4D-486A-955B-702F610D7265}
[2011/11/13 10:48:32 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{CD6401E8-69FF-4386-8037-61842F1B3FC4}
[2012/01/02 03:43:00 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{CD8ADF45-8665-4AB4-8509-C23D371406B7}
[2011/10/26 15:54:04 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{CEED595C-3ACE-42EE-B1E4-55AA46857CB9}
[2011/07/24 23:33:08 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{CFC3EB63-860E-429D-A2DF-0ABA494C0DC8}
[2011/08/09 21:13:32 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{D1406AD6-09E4-4DE5-A9D1-316FBDF17CCF}
[2012/07/15 04:33:54 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{D1567B91-6831-49BF-B9EF-896BCD58C977}
[2012/01/10 18:24:47 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{D1747A60-1748-423D-BAF1-0646B660663B}
[2011/11/10 17:06:24 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{D3D81E27-D8B2-4428-B1D7-6B5AE71E5744}
[2011/06/25 08:01:31 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{D43BA313-1F5A-48D1-B5C8-80E30E5C66A6}
[2011/08/11 18:53:16 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{D508D7E7-AE25-451C-827F-CCE974249A50}
[2011/07/29 15:25:53 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{D5F91A60-C599-44EE-A7C0-BB2C44152B5A}
[2011/07/29 09:10:31 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{D851CBE9-ADD7-472D-A268-9250D930FCCD}
[2011/07/10 09:21:24 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{D94D69BE-5B1D-4B01-AAE3-FD03FC2300F9}
[2011/09/06 12:40:47 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{D94EC047-C0A8-4AA2-9B43-82B07A56EF23}
[2011/07/01 18:05:37 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{DEF5AA20-ABA3-4F33-A9BA-E652A29D023B}
[2012/02/06 07:44:53 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{DFABEE08-3990-4292-90FD-988D366A3143}
[2012/07/15 04:34:05 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{E2A496BF-D4F2-4511-B6C9-20F6C1F0D00F}
[2011/12/03 09:53:45 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{E2E6B485-2EA5-46DE-8309-11C363770690}
[2011/09/11 08:27:18 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{E3181281-899F-4778-B303-DB8148DD18A6}
[2011/11/14 20:59:44 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{E3305830-1B0B-49E4-ABC5-970016916B2D}
[2012/01/24 16:58:28 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{E361EC5C-94BD-4D63-8FE4-D79BC6A5A4DD}
[2012/05/11 12:40:53 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{E3680B68-F986-4D14-BF19-E224DD7A250C}
[2011/12/15 09:47:39 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{E725DA20-46CB-42C3-A941-76BAA83E2F58}
[2011/06/16 22:44:44 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{E8315317-B59D-4E4D-8985-C08177942268}
[2011/09/22 06:38:20 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{E83B3A99-D262-4426-8DAD-B36A8ED9FBE9}
[2011/07/25 21:57:17 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{E867DE44-8010-43FE-8808-DB34D18D64EC}
[2011/08/23 12:06:45 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{E924B061-00F0-43B7-8B3F-0C236480B8A2}
[2012/01/24 00:01:49 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{E9D9D2E2-E22A-4C86-AE59-8E2442898E08}
[2012/02/07 07:40:00 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{EA55884F-46C8-4C49-BA8A-97455B70A4FD}
[2011/06/15 18:49:10 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{EB932E82-F0BD-480B-B7E4-5AA919C6068E}
[2011/11/27 19:52:34 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{EBF28265-1B96-4B59-9049-681E31AA9692}
[2011/07/27 19:35:36 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{ED6360A7-44D6-4D43-8E13-7FBE95B96800}
[2011/11/15 16:01:09 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{ED784853-9AB8-4DF5-9D6A-5E9181CF45EF}
[2012/02/07 07:40:12 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{EDED76D1-0374-4242-85ED-0A61BC528366}
[2011/09/27 06:43:31 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{EE133310-E6D1-4A85-8E2A-7FBC0DA503BA}
[2011/10/03 19:36:23 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{EE6273CE-858A-42A9-B67D-9880DDD9CA56}
[2011/12/31 18:02:01 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{EEDD88FB-636C-43CF-B8E6-BFD9F0A60B89}
[2012/05/08 15:44:31 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{EF5E2CEF-81A7-4845-A1C2-102E1F947D3F}
[2011/08/22 09:53:28 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{F1494E28-43B7-4618-A403-0A6EA3F45B11}
[2011/07/17 16:07:36 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{F23C6CB2-34E5-43FF-B4E8-4D99C549310C}
[2011/07/23 12:26:12 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{F276223C-7773-4035-BA33-4537C3940826}
[2012/06/04 11:33:38 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{F60E382A-56BD-498A-ADDE-1246DCC25421}
[2011/08/04 20:07:58 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{F71B717B-AE0A-4D2C-B1F9-E24583AFB7B4}
[2011/10/03 11:27:01 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{F7A469AF-6B54-4A4E-A2CE-BB39EF40B8F6}
[2011/08/03 18:17:13 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{FDD31FC8-9040-4D7B-99D6-DBC489A518E6}
[2011/10/31 16:38:02 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{FEF461D3-64D5-4D25-A8BA-FFD3A22F65C4}

< %localappdata%\*.* >
[2012/11/18 19:25:53 | 000,076,784 | ---- | M] () -- C:\Users\Robi\AppData\Local\GDIPFONTCACHEV1.DAT
[2012/11/22 13:46:00 | 002,544,613 | -H-- | M] () -- C:\Users\Robi\AppData\Local\IconCache.db

< %localappdata%\*.exe /s >
[2012/05/07 20:05:30 | 001,287,528 | ---- | M] (Microsoft Corporation) -- C:\Users\Robi\AppData\Local\Microsoft\Windows Live\Installer\Catalog\wlsetup.exe
[2012/03/26 15:16:31 | 000,020,480 | ---- | M] (Microsoft) -- C:\Users\Robi\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GermanyRain.gadget\RegisterHost.exe
[2011/01/30 18:09:47 | 000,003,475 | ---- | M] () -- C:\Users\Robi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4KRAUZKB\Firefox_Setup_3.6.13[1].exe
[2011/02/18 16:49:22 | 000,003,475 | ---- | M] () -- C:\Users\Robi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4KRAUZKB\Firefox_Setup_3.6.13[2].exe
[2011/01/30 19:04:13 | 000,030,083 | ---- | M] () -- C:\Users\Robi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\71NZKN5I\Firefox_Setup_3.6.13[1].exe
[2011/02/17 19:45:47 | 000,032,843 | ---- | M] () -- C:\Users\Robi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\71NZKN5I\Firefox_Setup_3.6.13[2].exe
[2011/01/30 18:08:42 | 000,002,483 | ---- | M] () -- C:\Users\Robi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ENHH61XT\Firefox_Setup_3.6.13[1].exe
[2011/01/30 18:56:57 | 000,004,522 | ---- | M] () -- C:\Users\Robi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ENHH61XT\Firefox_Setup_3.6.13[2].exe
[2011/01/30 19:03:32 | 000,003,475 | ---- | M] () -- C:\Users\Robi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ENHH61XT\Firefox_Setup_3.6.13[3].exe
[2011/02/17 19:41:13 | 000,003,475 | ---- | M] () -- C:\Users\Robi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ENHH61XT\Firefox_Setup_3.6.13[4].exe
[2011/02/18 16:49:43 | 000,032,843 | ---- | M] () -- C:\Users\Robi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ENHH61XT\Firefox_Setup_3.6.13[5].exe
[2010/03/18 21:56:18 | 000,079,648 | ---- | M] (Microsoft Corporation) -- C:\Users\Robi\AppData\Local\Microsoft\XLive\Updates\5454083b\Content\setup.exe
[2005/11/01 04:09:50 | 000,729,088 | ---- | M] (Electronic Arts Inc.) -- C:\Users\Robi\AppData\Local\Temp\AutoRun.exe
[2012/09/17 17:02:17 | 003,778,052 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\chatzum_aff50_nt_s.exe
[2008/04/24 00:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Robi\AppData\Local\Temp\DataCard_Setup.exe
[2011/10/16 08:48:21 | 048,014,496 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Robi\AppData\Local\Temp\EAD5DC8.exe
[2011/10/16 07:44:10 | 048,014,496 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Robi\AppData\Local\Temp\EAD66DC.exe
[2005/11/01 04:09:50 | 000,344,064 | ---- | M] (Electronic Arts Inc.) -- C:\Users\Robi\AppData\Local\Temp\eauninstall.exe
[2008/10/15 11:42:52 | 000,050,432 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\Extract.exe
[2010/02/08 14:50:24 | 000,167,936 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\ffunzip.exe
[2008/10/04 19:16:40 | 001,882,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Robi\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
[2011/01/31 21:53:13 | 002,790,864 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Robi\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
[2010/10/27 14:36:04 | 002,487,120 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\Funload.de.exe
[2012/07/01 23:01:00 | 007,742,384 | ---- | M] (Oracle Corporation) -- C:\Users\Robi\AppData\Local\Temp\fx-runtime.exe
[2010/10/18 12:27:46 | 000,157,536 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\GLF4312.tmp.ConduitEngineSetup.exe
[2010/10/18 12:27:46 | 000,157,536 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\GLF4FA0.tmp.ConduitEngineSetup.exe
[2010/10/18 12:27:46 | 000,157,536 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\GLF6F7F.tmp.ConduitEngineSetup.exe
[2010/10/18 12:27:46 | 000,157,536 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\GLFB7D3.tmp.ConduitEngineSetup.exe
[2010/10/18 12:27:46 | 000,157,536 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\GLFC8F4.tmp.ConduitEngineSetup.exe
[2010/10/18 12:27:46 | 000,157,536 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\GLFE866.tmp.ConduitEngineSetup.exe
[2010/10/18 12:27:46 | 000,157,536 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\GLFF31F.tmp.ConduitEngineSetup.exe
[2012/06/05 23:57:00 | 000,746,336 | ---- | M] (Google Inc.) -- C:\Users\Robi\AppData\Local\Temp\GoogleUpdateSetup.exe1bc300
[2012/01/23 23:32:49 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Users\Robi\AppData\Local\Temp\GoogleUpdate.exec6566
[2010/05/25 17:13:02 | 000,172,600 | ---- | M] (Hewlett-Packard Company) -- C:\Users\Robi\AppData\Local\Temp\HPHASUtil.exe
[2008/01/14 23:28:12 | 000,069,632 | ---- | M] (Hewlett-Packard Company) -- C:\Users\Robi\AppData\Local\Temp\HPQSi.exe
[2012/07/01 23:00:19 | 000,893,936 | ---- | M] (Oracle Corporation) -- C:\Users\Robi\AppData\Local\Temp\JREInstall160_22.exe
[2012/11/20 12:33:34 | 000,163,896 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\MachineIdCreator.exe
[2005/10/03 23:26:23 | 000,073,728 | ---- | M] (Electronic Arts Inc.) -- C:\Users\Robi\AppData\Local\Temp\Need for Speed Most Wanted_uninst.exe
[2012/11/20 12:33:53 | 002,985,568 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\oi_{E3E87DEF-EB13-4111-99C4-9E2544002164}.exe
[2010/03/15 18:06:00 | 000,149,352 | R--- | M] (Microsoft Corporation) -- C:\Users\Robi\AppData\Local\Temp\ose00000.exe
[2002/11/11 15:16:30 | 000,024,576 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\Play.exe
[2012/11/20 11:56:52 | 000,714,640 | ---- | M] (PriceGong) -- C:\Users\Robi\AppData\Local\Temp\pricegong_268.exe
[2008/02/19 23:16:48 | 000,007,168 | R--- | M] () -- C:\Users\Robi\AppData\Local\Temp\ResetDevice.exe
[2011/02/04 18:20:12 | 000,088,120 | ---- | M] (Hewlett-Packard Company) -- C:\Users\Robi\AppData\Local\Temp\Resource.exe
[2011/02/20 18:42:17 | 035,845,112 | ---- | M] (Hewlett-Packard ) -- C:\Users\Robi\AppData\Local\Temp\sp50843.exe.exe
[2011/06/26 19:50:11 | 037,043,344 | ---- | M] (Hewlett-Packard ) -- C:\Users\Robi\AppData\Local\Temp\sp52110.exe.exe
[2011/07/07 16:12:59 | 001,592,176 | ---- | M] (Hewlett-Packard ) -- C:\Users\Robi\AppData\Local\Temp\SP52407.exe
[2011/10/16 08:08:02 | 048,461,176 | ---- | M] (Hewlett-Packard ) -- C:\Users\Robi\AppData\Local\Temp\sp54373.exe
[2012/02/05 21:55:40 | 048,868,760 | ---- | M] (Hewlett-Packard ) -- C:\Users\Robi\AppData\Local\Temp\sp54620.exe
[2012/09/27 07:25:36 | 015,204,344 | ---- | M] (Freetec) -- C:\Users\Robi\AppData\Local\Temp\TubeBoxSetup.exe
[2011/10/26 18:14:31 | 008,634,358 | ---- | M] (Macrovision Corporation) -- C:\Users\Robi\AppData\Local\Temp\ubiBC9D.tmp.exe
[2012/10/17 16:37:08 | 000,340,632 | ---- | M] (Babylon Ltd.) -- C:\Users\Robi\AppData\Local\Temp\uninst1.exe
[2012/11/21 12:30:37 | 000,961,480 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\UNINSTALL.EXE
[2012/09/16 16:37:45 | 001,091,024 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\Uninstaller.exe
[2011/09/09 17:07:56 | 000,449,592 | ---- | M] (Hewlett-Packard Company) -- C:\Users\Robi\AppData\Local\Temp\UninstallHPSA.exe
[2011/06/21 14:55:12 | 000,449,592 | ---- | M] (Hewlett-Packard Company) -- C:\Users\Robi\AppData\Local\Temp\UninstallHPTCA.exe
[2011/12/29 14:37:37 | 000,103,888 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\Verbindungsassistent.exe
[2012/11/20 11:57:46 | 000,417,088 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\wajam_install.exe
[2007/01/20 03:46:42 | 000,455,600 | R--- | M] (Macrovision Corporation) -- C:\Users\Robi\AppData\Local\Temp\_is82B6.exe
[2007/01/20 03:46:42 | 000,455,600 | R--- | M] (Macrovision Corporation) -- C:\Users\Robi\AppData\Local\Temp\_isBA3.exe
[313 C:\Users\Robi\AppData\Local\Temp\*.tmp files -> C:\Users\Robi\AppData\Local\Temp\*.tmp -> ]
[2012/11/21 11:41:37 | 002,792,336 | ---- | M] (AVAST Software) -- C:\Users\Robi\AppData\Local\Temp\_av_sfx.tm~a03944\aswOfferTool.exe
[2011/03/22 14:38:42 | 001,092,920 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\{3194A6FD-5474-4560-92B6-F84A2C1194EE}\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}\ICQToolbarSetup.exe
[2012/09/16 16:40:34 | 000,398,728 | ---- | M] (Acresso Software Inc.) -- C:\Users\Robi\AppData\Local\Temp\{67FEB7D7-1A5A-46C6-8BB9-F5DD6E7EEFD0}\setup.exe
[2012/04/05 16:46:45 | 000,398,728 | ---- | M] (Acresso Software Inc.) -- C:\Users\Robi\AppData\Local\Temp\{A364277F-1CAA-40E6-ABE8-7BCE1505DD48}\setup.exe
[2012/10/13 13:01:23 | 000,655,032 | ---- | M] (Sony) -- C:\Users\Robi\AppData\Local\Temp\{E895AA35-8E24-40D8-8267-45BD76A89A3F}\setup.exe
[2011/10/26 15:56:08 | 000,377,480 | ---- | M] (Macrovision Corporation) -- C:\Users\Robi\AppData\Local\Temp\{EA56A2F8-FBA7-4258-A250-5DFE3FCEBE1A}\setup.exe
[2012/10/17 20:29:20 | 010,220,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Robi\AppData\Local\Temp\{EADE20B2-B2E8-4642-A796-7524846F3641}\InstallFlashPlayer.exe
[2012/11/20 22:28:04 | 000,655,032 | ---- | M] (Sony) -- C:\Users\Robi\AppData\Local\Temp\{FB14D2C5-584C-421E-8542-56FC9BDD223E}\setup.exe
[2011/11/27 13:49:44 | 001,362,728 | ---- | M] (BabylonToolbar) -- C:\Users\Robi\AppData\Local\Temp\36FBF359-BAB0-7891-8F36-663A7D06408B\MyBabylonTB.exe
[2012/01/03 10:18:58 | 001,789,040 | ---- | M] (Babylon Ltd.) -- C:\Users\Robi\AppData\Local\Temp\36FBF359-BAB0-7891-8F36-663A7D06408B\Setup.exe
[2011/11/27 13:49:44 | 001,362,728 | ---- | M] (BabylonToolbar) -- C:\Users\Robi\AppData\Local\Temp\4DF5AF6A-BAB0-7891-9125-DF8CF7ADF15F\MyBabylonTB.exe
[2012/01/03 10:18:58 | 001,789,040 | ---- | M] (Babylon Ltd.) -- C:\Users\Robi\AppData\Local\Temp\4DF5AF6A-BAB0-7891-9125-DF8CF7ADF15F\Setup.exe
[2011/05/04 13:11:17 | 002,832,544 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Robi\AppData\Local\Temp\6C1B.dir\InstallFlashPlayer.exe
[2011/05/21 08:13:47 | 003,081,376 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Robi\AppData\Local\Temp\9C10.dir\InstallFlashPlayer.exe
[2012/03/02 15:17:13 | 000,920,176 | ---- | M] (Babylon Ltd.) -- C:\Users\Robi\AppData\Local\Temp\Addons\2431C6F0\babylon.exe
[2012/11/20 12:33:56 | 001,087,944 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\avg_a05752\avg-secure-search-installer.exe
[2012/11/20 12:33:56 | 000,600,008 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\avg_a05752\CommonFiles\AVG Secure Search\DriverInstaller.exe
[2012/11/20 12:33:56 | 000,146,376 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\avg_a05752\CommonFiles\AVG Secure Search\DriverInstaller_64.exe
[2012/11/20 12:33:56 | 000,970,696 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\avg_a05752\CommonFiles\AVG Secure Search\ScriptHelper.exe
[2012/11/20 12:33:56 | 000,711,112 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\avg_a05752\CommonFiles\AVG Secure Search\ToolbarUpdater.exe
[2012/11/20 12:33:56 | 000,155,592 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\avg_a05752\ConfigFiles\MachineIdCreator.exe
[2012/11/20 12:33:56 | 000,612,296 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\avg_a05752\ProgFiles\AVG Secure Search\lip.exe
[2012/11/20 12:33:56 | 000,504,264 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\avg_a05752\ProgFiles\AVG Secure Search\PostInstall.exe
[2012/11/20 12:33:56 | 001,020,512 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\avg_a05752\ProgFiles\AVG Secure Search\ROC_ssl.exe
[2012/11/20 12:33:56 | 000,961,480 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\avg_a05752\ProgFiles\AVG Secure Search\Uninstall.exe
[2012/11/20 12:33:56 | 000,997,320 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\avg_a05752\ProgFiles\AVG Secure Search\vprot.exe
[2012/06/27 14:45:38 | 000,155,648 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\CCIS\ccsqlh.exe
[2012/08/17 20:21:42 | 002,310,424 | ---- | M] (Conduit) -- C:\Users\Robi\AppData\Local\Temp\ct2481020\chLogic.exe
[2012/08/17 20:21:21 | 001,418,464 | ---- | M] (Conduit) -- C:\Users\Robi\AppData\Local\Temp\ct2481020\ffLogic.exe
[2012/08/17 20:20:51 | 002,155,560 | ---- | M] (Conduit) -- C:\Users\Robi\AppData\Local\Temp\ct2481020\ieLogic.exe
[2012/08/17 20:22:21 | 000,203,656 | ---- | M] (Conduit) -- C:\Users\Robi\AppData\Local\Temp\ct2481020\statisticsStub.exe
[2012/09/02 14:08:55 | 010,217,672 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Robi\AppData\Local\Temp\E0EC.dir\InstallFlashPlayer.exe
[2012/06/27 16:40:33 | 001,816,216 | ---- | M] (Babylon Ltd.) -- C:\Users\Robi\AppData\Local\Temp\E264640D-BAB0-7891-B174-E47D4D4BF88A\Setup.exe
[2012/10/11 12:18:48 | 001,283,128 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\E264640D-BAB0-7891-B174-E47D4D4BF88A\Latest\BrowserManagerSetup.exe
[2012/10/17 16:37:08 | 000,340,632 | ---- | M] (Babylon Ltd.) -- C:\Users\Robi\AppData\Local\Temp\E264640D-BAB0-7891-B174-E47D4D4BF88A\Latest\GUninstaller.exe
[2012/10/14 21:08:47 | 001,735,084 | ---- | M] (BabylonToolbar) -- C:\Users\Robi\AppData\Local\Temp\E264640D-BAB0-7891-B174-E47D4D4BF88A\Latest\MyBabylonTB.exe
[2012/10/15 19:32:43 | 001,837,720 | ---- | M] (Babylon Ltd.) -- C:\Users\Robi\AppData\Local\Temp\E264640D-BAB0-7891-B174-E47D4D4BF88A\Latest\Setup.exe
[2011/11/10 00:43:11 | 003,102,920 | ---- | M] (Hewlett-Packard ) -- C:\Users\Robi\AppData\Local\Temp\HpUpdate\25545\hpusetup.exe
[2012/10/25 19:51:08 | 000,484,656 | ---- | M] (DealPly) -- C:\Users\Robi\AppData\Local\Temp\is398349909\dp.exe
[2012/08/15 14:41:36 | 000,899,224 | ---- | M] (Babylon Ltd.) -- C:\Users\Robi\AppData\Local\Temp\is398349909\MyBabylonTB.exe
[2012/10/25 17:47:14 | 015,177,320 | ---- | M] (Freetec) -- C:\Users\Robi\AppData\Local\Temp\is398349909\Tubebox_BrotherSoft_Setup.exe
[2012/06/13 18:34:06 | 000,056,232 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\is398349909\wajam_download.exe
[2012/10/28 13:20:42 | 001,210,432 | ---- | M] (Web Deals Interactive LLC) -- C:\Users\Robi\AppData\Local\Temp\is398349909\Yontoo-C4.exe
[2011/11/08 12:50:52 | 000,073,080 | ---- | M] (Conduit) -- C:\Users\Robi\AppData\Local\Temp\is-G126P.tmp\ConduitInstaller.exe
[2011/01/30 13:43:11 | 000,001,380 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CAU2P8GB\PuzzleCollectionPortable_1.0.paf[1].exe
[2012/08/29 20:14:44 | 000,270,304 | ---- | M] (Mozilla Foundation) -- C:\Users\Robi\AppData\Local\Temp\MozUpdater\updater.exe
[2012/09/08 20:19:22 | 000,270,304 | ---- | M] (Mozilla Foundation) -- C:\Users\Robi\AppData\Local\Temp\MozUpdater-1\updater.exe
[2012/10/20 15:01:26 | 000,270,816 | ---- | M] (Mozilla Foundation) -- C:\Users\Robi\AppData\Local\Temp\MozUpdater-2\updater.exe
[2010/03/23 00:18:03 | 015,474,420 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\mtka_tmp\EFLC.exe
[2010/01/27 20:22:16 | 005,317,976 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\mtka_tmp\LaunchEFLC_activation.exe
[2010/01/27 20:22:34 | 000,101,520 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\mtka_tmp\secupacker_launcher.exe
[1 C:\Users\Robi\AppData\Local\Temp\mtka_tmp\*.tmp files -> C:\Users\Robi\AppData\Local\Temp\mtka_tmp\*.tmp -> ]
[2012/11/20 12:29:58 | 000,294,912 | ---- | M] (OCS) -- C:\Users\Robi\AppData\Local\Temp\OCS\ocs_v6q.exe
[2012/11/20 12:32:31 | 002,377,384 | ---- | M] (FireJump.net ) -- C:\Users\Robi\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\818016712e786dfc9e740090dbadc34a\FireJump_Setup.exe
[2012/11/20 12:32:48 | 001,191,596 | ---- | M] (Preispilot ) -- C:\Users\Robi\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\965421448e2ae6935357883e4db13ff5\preispilot-firefox-installer.exe
[2012/11/20 12:32:10 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\Robi\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\9c01e5d71e442bf564f271e62b1d5357\AmazonIconInstaller.exe
[2012/11/20 12:31:50 | 000,249,856 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\a3c2caa9cc4cdb568568c06b47f7fb36\SearchAnonymizerStarter.exe
[2012/11/20 12:33:31 | 010,224,184 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\a5f109cad706f70230e98e4424126475\avg-secure-setup.exe
[2012/11/20 12:32:07 | 001,088,872 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\ee1f7b4c6726cb98d08df809b1f7c2ac\TubeBox_Setup.exe
[2011/06/18 19:58:28 | 000,452,923 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\Temp1_Doodle.zip\Doodle.exe
[2011/02/17 22:23:24 | 005,298,620 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\Temp1_gp_win_rc6.1.zip\greenpois0n.exe
[2007/10/19 11:36:44 | 001,774,432 | ---- | M] (McAfee, Inc.) -- C:\Users\Robi\AppData\Local\Temp\Temp1_McafeeRootkitDetective_1.1.zip\Rootkit_Detective.exe
[2009/09/11 23:00:06 | 003,801,901 | ---- | M] (Netdisaster ) -- C:\Users\Robi\AppData\Local\Temp\Temp1_Netdisaster-1.1.zip\Go.exe
[2011/02/21 10:17:14 | 001,401,344 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\Temp1_Visual_Pinball.zip\VPinball911.exe
[2012/04/15 23:01:24 | 004,719,408 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Users\Robi\AppData\Local\Temp\Temp2_clickmusicalkeys.zip\BundleSweetIMSetup.exe
[2012/07/20 04:16:50 | 000,501,248 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\VSDE997.tmp\setup.exe
[2012/10/01 20:16:01 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Users\Robi\AppData\Local\Temp\VSDE997.tmp\DotNetFX\dotnetchk.exe
[2009/07/18 10:13:30 | 001,843,544 | ---- | M] (Microsoft Corporation) -- C:\Users\Robi\AppData\Local\Temp\VSDE997.tmp\vcredist_x86\vcredist_x86.exe

< %allusersprofile%\*. >
[2012/09/17 13:51:00 | 000,000,000 | ---D | M] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/09/16 20:30:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2012/04/27 12:13:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple
[2012/04/27 12:14:25 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer
[2009/07/14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/08/17 20:20:15 | 000,000,000 | ---D | M] -- C:\ProgramData\ashampoo
[2011/01/28 20:14:17 | 000,000,000 | ---D | M] -- C:\ProgramData\ATI
[2012/11/21 16:42:46 | 000,000,000 | ---D | M] -- C:\ProgramData\AVAST Software
[2012/09/23 08:03:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Avira
[2012/02/28 18:20:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2012/10/20 18:27:24 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2010/09/09 20:11:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Corel
[2012/04/30 18:41:42 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2011/11/17 19:11:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Degener
[2009/07/14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2011/12/25 19:33:00 | 000,000,000 | ---D | M] -- C:\ProgramData\DivX
[2009/07/14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2012/04/24 10:52:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Downloaded Installations
[2011/10/14 16:24:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2009/07/14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/04/24 10:49:19 | 000,000,000 | ---D | M] -- C:\ProgramData\FLEXnet
[2012/10/13 12:58:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Hewlett-Packard
[2011/06/12 21:06:10 | 000,000,000 | ---D | M] -- C:\ProgramData\HP
[2011/08/18 10:26:20 | 000,000,000 | ---D | M] -- C:\ProgramData\HP Photo Creations
[2011/06/06 21:25:57 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2012/03/02 15:17:22 | 000,000,000 | ---D | M] -- C:\ProgramData\InstallMate
[2012/09/16 16:32:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Intel
[2012/04/05 19:34:20 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
[2012/11/17 22:24:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help
[2012/06/04 10:39:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla
[2011/02/13 10:57:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Norton
[2012/11/21 10:31:45 | 000,000,000 | ---D | M] -- C:\ProgramData\PDFC
[2012/03/02 15:17:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Premium
[2012/04/05 17:38:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\SecuROM
[2011/03/14 16:25:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype
[2012/04/25 14:29:22 | 000,000,000 | ---D | M] -- C:\ProgramData\SMART Technologies
[2011/01/30 09:33:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Sonic
[2009/07/14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2012/04/16 18:52:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun
[2012/04/23 21:08:57 | 000,000,000 | ---D | M] -- C:\ProgramData\SystemExplorer
[2012/11/20 11:57:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Tarma Installer
[2012/11/21 16:18:49 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2009/07/14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012/10/14 15:02:49 | 000,000,000 | ---D | M] -- C:\ProgramData\TheBflix
[2012/04/26 11:12:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Trymedia
[2012/09/16 22:31:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Uninstall
[2011/03/13 13:19:59 | 000,000,000 | ---D | M] -- C:\ProgramData\VirtualizedApplications
[2011/05/02 22:00:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Visan
[2012/08/24 16:05:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Vokabel Trainer
[2011/01/28 20:06:23 | 000,000,000 | ---D | M] -- C:\ProgramData\WinZip
[2011/02/20 18:44:51 | 000,000,000 | ---D | M] -- C:\ProgramData\{23D58E70-3B83-4B83-A227-68770F84F5EC}
[2012/04/27 12:15:31 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/09 20:12:17 | 000,000,000 | ---D | M] -- C:\ProgramData\{8D274659-3D84-4410-A197-C170D180BC76}
[2012/02/05 21:57:51 | 000,000,000 | ---D | M] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
[2012/10/20 18:27:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2011/10/16 08:15:16 | 000,000,000 | ---D | M] -- C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
[2011/06/26 19:52:08 | 000,000,000 | ---D | M] -- C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}

< %allusersprofile%\*.* >
[2012/11/23 15:01:38 | 000,000,088 | RHS- | M] () -- C:\ProgramData\32C99DC932.sys
[2011/03/14 15:18:14 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2012/11/23 15:01:39 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/12/15 12:23:30 | 000,000,236 | ---- | M] () -- C:\ProgramData\{5CAFA1B7-9EEF-4cc7-B9F7-9DDB3DAA679E}
[2011/12/15 12:58:48 | 000,000,236 | ---- | M] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51}

< %allusersprofile%\*.exe /s >
[2012/08/21 12:01:28 | 001,977,816 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\GEARDIFx.exe
[2012/08/21 12:01:22 | 000,115,672 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DifXInst32.exe
[2012/09/17 13:36:45 | 000,073,624 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple Computer\Installer Cache\iTunes 10.7.0.21\SetupAdmin.exe
[2012/04/25 11:24:06 | 000,073,584 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple Computer\Installer Cache\Safari 5.34.57.2\SetupAdmin.exe
[2012/09/17 13:33:13 | 000,073,576 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple\Installer Cache\iCloud Control Panel 1.1.0.40\SetupAdmin.exe
[2012/11/14 15:23:15 | 000,612,640 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\update.exe
[2012/09/07 19:26:02 | 000,047,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\updrgui.exe
[2011/08/11 01:57:44 | 001,248,312 | ---- | M] (Hewlett-Packard) -- C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe
[2011/08/18 10:26:01 | 000,161,960 | ---- | M] () -- C:\ProgramData\HP Photo Creations\MessageCheck.exe
[2011/08/18 10:26:01 | 000,301,224 | ---- | M] (Visan / RocketLife) -- C:\ProgramData\HP Photo Creations\PhotoProductCore.exe
[2011/08/18 10:26:01 | 000,162,208 | ---- | M] () -- C:\ProgramData\HP Photo Creations\PhotoProductReg.exe
[2010/05/20 16:12:48 | 004,238,264 | ---- | M] (Adobe Systems, Inc.) -- C:\ProgramData\HP\HP Deskjet 3050 J610 series\Help\flash\FlashPla.exe
[2012/02/21 01:45:08 | 000,015,496 | R-S- | M] (Tarma Software Research Pty Ltd) -- C:\ProgramData\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\Setup.exe
[2010/03/31 18:11:10 | 001,100,664 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\Office14\setup.exe
[2010/03/24 15:57:08 | 000,838,536 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\Office14\Office.de-de\DW20.EXE
[2010/03/24 15:57:14 | 000,519,584 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\Office14\Office.de-de\dwtrig20.exe
[2010/03/31 18:11:26 | 000,149,352 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\Office14\SingleImage.WW\ose.exe
[2010/03/01 00:38:28 | 005,336,456 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\de-de\Office.exe
[2010/03/31 16:25:30 | 001,629,584 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\de-de\SetupConsumerC2R.exe
[2010/03/31 16:25:30 | 001,629,584 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\de-de\SetupConsumerC2ROLW.exe
[2011/03/11 04:29:11 | 000,225,936 | R-S- | M] (Tarma Software Research Pty Ltd) -- C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe
[2010/04/15 20:17:42 | 003,276,784 | R--- | M] (Sonic Solutions) -- C:\ProgramData\Uninstall\{1D61E881-43CD-447B-9E6B-D2C6138B2862}\setup.exe

< >
[2009/07/14 05:53:46 | 000,032,640 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2009/07/14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2011/12/10 17:55:38 | 000,000,316 | ---- | C] () -- C:\windows\Tasks\HPCeeScheduleForRobi.job
[2012/04/24 10:12:03 | 000,000,314 | ---- | C] () -- C:\windows\Tasks\asilfsat.job

========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >


hoffe es ist richtig so?:/

hey..
ich habe gar keine ahnung von pc oder laptop:(
wenn es falsch ist dann mache ich es gerne nochmal neu.
Danke lg Kevinator

ryder 23.11.2012 16:06
Zitat:
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307
Das ist ganz schön zugemüllt, da müssen wir erst anders ran:

Schritt 1:
Adware entfernen mit JRT

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
http://imageshack.us/a/img841/7292/thisisujrt.gif
Bitte lade Junkware Removal Tool auf Deinen Desktop.
  • Starte das Tool mit Doppelklick. Vista und 7 Nutzer bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Das Tool wird sich öffnen und mit dem Scan beginnen.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


Schritt 2:
Scan mit Combofix
Zitat:
WARNUNG:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
Schritt 3:
Liste der installierten Programme (Combofix)
Bitte suche und poste mir die folgende Datei:
c:\Qoobox\Add-Remove Programs.txt

Kevinator941 23.11.2012 17:00
Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner.

Wie mache ich das?:(

hxxp://thisisudax.org/downloads/JRT.exe
und den habe ich heruntergeladen, und geöffnet aber der scannt automatisch, ohne dass ich was auswählen kann?!

ryder 23.11.2012 17:06
Genau der arbeitet alleine.

AVira deaktivieren: Rechtsklick auf das Regenschirmsymbol und deaktivieren

Kevinator941 23.11.2012 17:18
ComboFix sagt mir, das antivirus: AntiVir Desktop
und antispyware : AntiVir Desktop aktiv sind und ich sie abschalten muss.. wie mache ich das??

ryder 23.11.2012 17:22
Wenn du es deaktiviert hast, dann ist das Okay und du kannst weiter machen. Avira ist ein dümmliches Programm und meldet sich oft nicht korrekt ab.

Zitat:
AVira deaktivieren: Rechtsklick auf das Regenschirmsymbol und deaktivieren

Kevinator941 23.11.2012 17:47
Code:
ComboFix 12-11-23.02 - Robi 23.11.2012  17:26:01.1.1 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.765.212 [GMT 1:00]
ausgeführt von:: c:\users\Robi\Downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\32C99DC932.sys
c:\programdata\TheBflix
c:\programdata\TheBflix\background.html
c:\programdata\TheBflix\bccldkoinakjmmgebambiaggjobhikfg.crx
c:\programdata\TheBflix\content.js
c:\programdata\TheBflix\settings.ini
C:\Thumbs.db
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-10-23 bis 2012-11-23  ))))))))))))))))))))))))))))))
.
.
2012-11-23 16:37 . 2012-11-23 16:38        --------        d-----w-        c:\users\Robi\AppData\Local\temp
2012-11-23 16:37 . 2012-11-23 16:37        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-11-23 15:49 . 2012-11-23 15:49        --------        d-----w-        c:\windows\ERUNT
2012-11-23 15:49 . 2012-11-23 15:49        --------        d-----w-        C:\JRT
2012-11-21 17:14 . 2012-11-21 17:14        --------        d-----w-        c:\windows\system32\IO
2012-11-21 10:43 . 2012-11-21 15:42        --------        d-----w-        c:\programdata\AVAST Software
2012-11-21 10:43 . 2012-11-21 10:43        --------        d-----w-        c:\program files\AVAST Software
2012-11-20 11:32 . 2011-05-13 12:16        493056        ----a-w-        c:\windows\system32\dhRichClient3.dll
2012-11-20 11:32 . 2011-03-25 20:42        338432        ----a-w-        c:\windows\system32\sqlite36_engine.dll
2012-11-20 11:32 . 2012-11-21 17:15        --------        d-----w-        c:\users\Robi\AppData\Roaming\DesktopIconForAmazon
2012-11-20 11:31 . 2012-11-20 11:31        --------        d-----w-        c:\users\Robi\AppData\Roaming\OCS
2012-11-20 11:04 . 2012-11-20 21:30        --------        d-----w-        c:\program files\SelfUpdater
2012-11-20 10:58 . 2012-11-20 21:27        --------        d-----w-        c:\users\Robi\AppData\Roaming\Bloson
2012-11-17 21:23 . 2012-07-26 03:39        526952        ----a-w-        c:\windows\system32\drivers\Wdf01000.sys
2012-11-17 21:23 . 2012-07-26 03:39        47720        ----a-w-        c:\windows\system32\drivers\WdfLdr.sys
2012-11-17 21:23 . 2012-07-26 02:46        9728        ----a-w-        c:\windows\system32\Wdfres.dll
2012-11-17 21:22 . 2012-07-26 03:20        73216        ----a-w-        c:\windows\system32\WUDFSvc.dll
2012-11-17 21:22 . 2012-07-26 03:20        172032        ----a-w-        c:\windows\system32\WUDFPlatform.dll
2012-11-17 21:22 . 2012-07-26 02:33        66560        ----a-w-        c:\windows\system32\drivers\WUDFPf.sys
2012-11-17 21:22 . 2012-07-26 02:32        155136        ----a-w-        c:\windows\system32\drivers\WUDFRd.sys
2012-11-17 21:22 . 2012-07-26 03:21        196608        ----a-w-        c:\windows\system32\WUDFHost.exe
2012-11-17 21:22 . 2012-07-26 03:20        613888        ----a-w-        c:\windows\system32\WUDFx.dll
2012-11-17 21:22 . 2012-07-26 03:20        38912        ----a-w-        c:\windows\system32\WUDFCoinstaller.dll
2012-11-17 19:48 . 2012-10-03 16:58        1293680        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-11-17 19:48 . 2012-10-03 16:42        52224        ----a-w-        c:\windows\system32\nlaapi.dll
2012-11-17 19:48 . 2012-10-03 16:42        242176        ----a-w-        c:\windows\system32\nlasvc.dll
2012-11-17 19:48 . 2012-10-03 16:42        18944        ----a-w-        c:\windows\system32\netevent.dll
2012-11-17 19:48 . 2012-10-03 16:42        175104        ----a-w-        c:\windows\system32\netcorehc.dll
2012-11-17 19:48 . 2012-10-03 16:42        156672        ----a-w-        c:\windows\system32\ncsi.dll
2012-11-17 19:48 . 2012-10-03 16:40        499712        ----a-w-        c:\windows\system32\iphlpsvc.dll
2012-11-17 19:48 . 2012-10-03 15:21        35328        ----a-w-        c:\windows\system32\drivers\tcpipreg.sys
2012-11-17 19:48 . 2012-09-25 22:47        78336        ----a-w-        c:\windows\system32\synceng.dll
2012-11-17 19:48 . 2012-10-18 17:59        2345984        ----a-w-        c:\windows\system32\win32k.sys
2012-11-17 19:48 . 2012-10-09 17:40        44032        ----a-w-        c:\windows\system32\dhcpcsvc6.dll
2012-11-17 19:48 . 2012-10-09 17:40        193536        ----a-w-        c:\windows\system32\dhcpcore6.dll
2012-11-07 15:06 . 2012-11-07 15:07        --------        d-----w-        c:\program files\Safari
2012-10-29 20:03 . 2012-10-29 20:03        32832        ----a-w-        c:\program files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)\install.res.1028.dll
2012-10-29 20:03 . 2012-10-29 20:03        48192        ----a-w-        c:\program files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)\install.res.1033.dll
2012-10-29 20:03 . 2012-10-29 20:03        32320        ----a-w-        c:\program files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)\install.res.2052.dll
2012-10-29 20:03 . 2012-10-29 20:03        597040        ----a-w-        c:\program files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)\install.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-23 14:01 . 2011-01-28 22:32        2828        --sha-w-        c:\programdata\KGyGaAvL.sys
2012-09-16 19:29 . 2012-09-16 19:29        696520        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-09-16 19:29 . 2011-08-17 11:15        73416        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-14 18:28 . 2012-10-10 20:45        2048        ----a-w-        c:\windows\system32\tzres.dll
2012-09-07 18:26 . 2012-09-23 07:04        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2012-09-07 18:26 . 2012-09-23 07:04        83392        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-09-07 18:26 . 2012-09-23 07:04        137928        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-08-31 17:18 . 2012-10-10 20:45        1211760        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2012-08-30 17:12 . 2012-10-10 20:44        3968880        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 20:44        3914096        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-08-29 23:15 . 2012-08-29 23:15        3782214        ----a-w-        C:\chatzum_nt.exe
2011-08-02 09:34 . 2011-08-02 09:34        528        ----a-r-        c:\program files\MediaID.bin
2011-02-04 16:17 . 2011-02-07 16:25        60458664        ----a-w-        c:\program files\FreeStudio.exe
2011-01-30 17:36 . 2011-01-30 17:36        8417616        ----a-w-        c:\program files\Firefox.exe
2012-10-28 17:46 . 2012-10-28 17:46        261600        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.4.8 (11.22.2012)
OS: Windows 7 Home Premium x86
Ran by Robi on 23.11.2012 at 16:49:51,55
Blog: hxxp://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\bProtectorDefaultScope
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{30f9b915-b755-4826-820b-08fba6bd249d}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{30f9b915-b755-4826-820b-08fba6bd249d}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\urlsearchhooks\\{855f3b16-6d32-4fe6-8a56-bbb695989046}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2944064596-2206248867-496890886-1001\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2944064596-2206248867-496890886-1001\software\microsoft\internet explorer\searchscopes\\DefaultScope



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\conduit"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\conduitengine"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\conduitsearchscopes"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\crossrider"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\pricegong"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\smartbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\toolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\conduit"
Successfully deleted: [Registry Key] "hkey_current_user\software\cr_installer"
Failed to delete: [Registry Key]"hkey_current_user\software\datamngr"
Failed to delete: [Registry Key]"hkey_current_user\software\datamngr_toolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\windows\currentversion\ext\bprotectsettings"
Successfully deleted: [Registry Key] "hkey_current_user\software\softonic"
Successfully deleted: [Registry Key] "hkey_current_user\software\sweetim"
Successfully deleted: [Registry Key] "hkey_current_user\software\systweak"
Successfully deleted: [Registry Key] "hkey_local_machine\software\browserchoice"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\conduit.engine"
Successfully deleted: [Registry Key] "hkey_local_machine\software\conduit"
Failed to delete: [Registry Key]"hkey_local_machine\software\datamngr"
Successfully deleted: [Registry Key] "hkey_local_machine\software\systweak"
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{30f9b915-b755-4826-820b-08fba6bd249d}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{e46c8196-b634-44a1-af6e-957c64278ab1}



~~~ Files

Successfully deleted: [File] "C:\windows\system32\roboot.exe"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\installmate"
Successfully deleted: [Folder] "C:\ProgramData\premium"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Failed to delete: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\Users\Robi\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Robi\AppData\Roaming\dvdvideosoft"
Successfully deleted: [Folder] "C:\Users\Robi\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Robi\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Robi\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Program Files\Common Files\dvdvideosoft"
Successfully deleted: [Folder] "C:\Users\Robi\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Robi\appdata\local\conduitengine"
Successfully deleted: [Folder] "C:\Users\Robi\appdata\local\wajam"
Successfully deleted: [Folder] "C:\Users\Robi\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Robi\appdata\locallow\conduitengine"
Successfully deleted: [Folder] "C:\Users\Robi\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\conduitengine"
Failed to delete: [Folder] "C:\Program Files\dvdvideosoft"
Successfully deleted: [Folder] "C:\Program Files\trymedia"



~~~ FireFox

Successfully deleted: [File] C:\Users\Robi\AppData\Roaming\Mozilla\Firefox\Profiles\e7qdcxpt.default\user.js
Successfully deleted: [File] C:\user.js
Failed to delete: [Folder] C:\Users\Robi\AppData\Roaming\Mozilla\Firefox\Profiles\e7qdcxpt.default\extensions\{acaa314b-eeba-48e4-ad47-84e31c44796c}
Failed to delete: [Folder] C:\Users\Robi\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
Successfully deleted: [File] C:\Users\Robi\AppData\Roaming\Mozilla\Firefox\Profiles\e7qdcxpt.default\searchplugins\browsemngr.xml
Successfully deleted: [File] "C:\Program Files\mozilla firefox\searchplugins"\babylon.xml



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.11.2012 at 16:54:32,64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
wie mache ich schritt drei?

ryder 23.11.2012 17:50
Das Combofixlog ist nicht vollständig.

Kevinator941 23.11.2012 18:24
überprüfst du grade die daten?
und wird der laptop dadurch auch wieder etwas schneller?:)

ryder 23.11.2012 18:26
Natürlich prüfe ich das ... ich brauche jedes Logfile komplett und das von Combofix ist es nicht - Schritt 3 fehlt.

Kevinator941 23.11.2012 18:27
Code:
ComboFix 12-11-23.02 - Robi 23.11.2012  17:26:01.1.1 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.765.212 [GMT 1:00]
ausgeführt von:: c:\users\Robi\Downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\32C99DC932.sys
c:\programdata\TheBflix
c:\programdata\TheBflix\background.html
c:\programdata\TheBflix\bccldkoinakjmmgebambiaggjobhikfg.crx
c:\programdata\TheBflix\content.js
c:\programdata\TheBflix\settings.ini
C:\Thumbs.db
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-10-23 bis 2012-11-23  ))))))))))))))))))))))))))))))
.
.
2012-11-23 16:37 . 2012-11-23 16:38        --------        d-----w-        c:\users\Robi\AppData\Local\temp
2012-11-23 16:37 . 2012-11-23 16:37        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-11-23 15:49 . 2012-11-23 15:49        --------        d-----w-        c:\windows\ERUNT
2012-11-23 15:49 . 2012-11-23 15:49        --------        d-----w-        C:\JRT
2012-11-21 17:14 . 2012-11-21 17:14        --------        d-----w-        c:\windows\system32\IO
2012-11-21 10:43 . 2012-11-21 15:42        --------        d-----w-        c:\programdata\AVAST Software
2012-11-21 10:43 . 2012-11-21 10:43        --------        d-----w-        c:\program files\AVAST Software
2012-11-20 11:32 . 2011-05-13 12:16        493056        ----a-w-        c:\windows\system32\dhRichClient3.dll
2012-11-20 11:32 . 2011-03-25 20:42        338432        ----a-w-        c:\windows\system32\sqlite36_engine.dll
2012-11-20 11:32 . 2012-11-21 17:15        --------        d-----w-        c:\users\Robi\AppData\Roaming\DesktopIconForAmazon
2012-11-20 11:31 . 2012-11-20 11:31        --------        d-----w-        c:\users\Robi\AppData\Roaming\OCS
2012-11-20 11:04 . 2012-11-20 21:30        --------        d-----w-        c:\program files\SelfUpdater
2012-11-20 10:58 . 2012-11-20 21:27        --------        d-----w-        c:\users\Robi\AppData\Roaming\Bloson
2012-11-17 21:23 . 2012-07-26 03:39        526952        ----a-w-        c:\windows\system32\drivers\Wdf01000.sys
2012-11-17 21:23 . 2012-07-26 03:39        47720        ----a-w-        c:\windows\system32\drivers\WdfLdr.sys
2012-11-17 21:23 . 2012-07-26 02:46        9728        ----a-w-        c:\windows\system32\Wdfres.dll
2012-11-17 21:22 . 2012-07-26 03:20        73216        ----a-w-        c:\windows\system32\WUDFSvc.dll
2012-11-17 21:22 . 2012-07-26 03:20        172032        ----a-w-        c:\windows\system32\WUDFPlatform.dll
2012-11-17 21:22 . 2012-07-26 02:33        66560        ----a-w-        c:\windows\system32\drivers\WUDFPf.sys
2012-11-17 21:22 . 2012-07-26 02:32        155136        ----a-w-        c:\windows\system32\drivers\WUDFRd.sys
2012-11-17 21:22 . 2012-07-26 03:21        196608        ----a-w-        c:\windows\system32\WUDFHost.exe
2012-11-17 21:22 . 2012-07-26 03:20        613888        ----a-w-        c:\windows\system32\WUDFx.dll
2012-11-17 21:22 . 2012-07-26 03:20        38912        ----a-w-        c:\windows\system32\WUDFCoinstaller.dll
2012-11-17 19:48 . 2012-10-03 16:58        1293680        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-11-17 19:48 . 2012-10-03 16:42        52224        ----a-w-        c:\windows\system32\nlaapi.dll
2012-11-17 19:48 . 2012-10-03 16:42        242176        ----a-w-        c:\windows\system32\nlasvc.dll
2012-11-17 19:48 . 2012-10-03 16:42        18944        ----a-w-        c:\windows\system32\netevent.dll
2012-11-17 19:48 . 2012-10-03 16:42        175104        ----a-w-        c:\windows\system32\netcorehc.dll
2012-11-17 19:48 . 2012-10-03 16:42        156672        ----a-w-        c:\windows\system32\ncsi.dll
2012-11-17 19:48 . 2012-10-03 16:40        499712        ----a-w-        c:\windows\system32\iphlpsvc.dll
2012-11-17 19:48 . 2012-10-03 15:21        35328        ----a-w-        c:\windows\system32\drivers\tcpipreg.sys
2012-11-17 19:48 . 2012-09-25 22:47        78336        ----a-w-        c:\windows\system32\synceng.dll
2012-11-17 19:48 . 2012-10-18 17:59        2345984        ----a-w-        c:\windows\system32\win32k.sys
2012-11-17 19:48 . 2012-10-09 17:40        44032        ----a-w-        c:\windows\system32\dhcpcsvc6.dll
2012-11-17 19:48 . 2012-10-09 17:40        193536        ----a-w-        c:\windows\system32\dhcpcore6.dll
2012-11-07 15:06 . 2012-11-07 15:07        --------        d-----w-        c:\program files\Safari
2012-10-29 20:03 . 2012-10-29 20:03        32832        ----a-w-        c:\program files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)\install.res.1028.dll
2012-10-29 20:03 . 2012-10-29 20:03        48192        ----a-w-        c:\program files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)\install.res.1033.dll
2012-10-29 20:03 . 2012-10-29 20:03        32320        ----a-w-        c:\program files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)\install.res.2052.dll
2012-10-29 20:03 . 2012-10-29 20:03        597040        ----a-w-        c:\program files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)\install.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-23 14:01 . 2011-01-28 22:32        2828        --sha-w-        c:\programdata\KGyGaAvL.sys
2012-09-16 19:29 . 2012-09-16 19:29        696520        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-09-16 19:29 . 2011-08-17 11:15        73416        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-14 18:28 . 2012-10-10 20:45        2048        ----a-w-        c:\windows\system32\tzres.dll
2012-09-07 18:26 . 2012-09-23 07:04        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2012-09-07 18:26 . 2012-09-23 07:04        83392        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-09-07 18:26 . 2012-09-23 07:04        137928        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-08-31 17:18 . 2012-10-10 20:45        1211760        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2012-08-30 17:12 . 2012-10-10 20:44        3968880        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 20:44        3914096        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-08-29 23:15 . 2012-08-29 23:15        3782214        ----a-w-        C:\chatzum_nt.exe
2011-08-02 09:34 . 2011-08-02 09:34        528        ----a-r-        c:\program files\MediaID.bin
2011-02-04 16:17 . 2011-02-07 16:25        60458664        ----a-w-        c:\program files\FreeStudio.exe
2011-01-30 17:36 . 2011-01-30 17:36        8417616        ----a-w-        c:\program files\Firefox.exe
2012-10-28 17:46 . 2012-10-28 17:46        261600        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Remote Mouse"="c:\program files\Remote Mouse\RemoteMouse.exe" [2012-03-19 1020416]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
"com.apple.dav.bookmarks.daemon"="c:\program files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 256056]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-26 1713448]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-05 98304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-17 495708]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-07 348664]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-12-31 91520]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-30 836896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Robi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Robi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-27 19:32        59280        ----a-w-        c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 21:30        421776        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2010-03-06 13:39        563736        ----a-w-        c:\program files\PDF Complete\pdfsty.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
2007-09-02 12:58        495616        ----a-w-        c:\program files\RocketDock\RocketDock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-06-17 11:44        85160        ----a-w-        c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 SystemStoreService;System Store Service;c:\program files\Freetec\SystemStore\SystemStore.exe  -displayname System Store Service -servicename:SystemStoreService [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 mv2;mv2;c:\windows\system32\DRIVERS\mv2.sys [x]
R3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [x]
R3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [x]
R3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\aestsrv.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 18:38        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-23 c:\windows\Tasks\asilfsat.job
- c:\windows\system32\usbceipi.dll [2012-04-24 09:12]
.
2012-11-09 c:\windows\Tasks\HPCeeScheduleForRobi.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\Robi\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Robi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Robi\AppData\Roaming\Mozilla\Firefox\Profiles\e7qdcxpt.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{0f369707-379f-46df-a5c5-d04390f3459b} - (no file)
URLSearchHooks-{5786d022-540e-4699-b350-b4be0ae94b79} - (no file)
Toolbar-{0f369707-379f-46df-a5c5-d04390f3459b} - (no file)
Toolbar-{DFEFCDEE-CF1A-4FC8-88AD-129872198372} - (no file)
WebBrowser-{0F369707-379F-46DF-A5C5-D04390F3459B} - (no file)
HKCU-Run-SystemExplorerAutoStart - c:\program files\System Explorer\SystemExplorer.exe
HKCU-Run-Tonido - c:\users\Robi\AppData\Roaming\Tonido\launcher.exe
HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe
MSConfigStartUp-Google Update - c:\users\Robi\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
AddRemove-conduitEngine - c:\progra~1\CONDUI~1\ConduitEngineUninstall.exe
AddRemove-Free Audio CD Burner_is1 - c:\program files\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-Free Studio_is1 - c:\program files\Common Files\DVDVideoSoft\Uninstall.exe
AddRemove-Free YouTube Download_is1 - c:\program files\DVDVideoSoft\Free YouTube Download\unins000.exe
AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SystemStoreService]
"ImagePath"="\"c:\program files\Freetec\SystemStore\SystemStore.exe\"  -displayname \"System Store Service\" -servicename:SystemStoreService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-2944064596-2206248867-496890886-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-2944064596-2206248867-496890886-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-2944064596-2206248867-496890886-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-2944064596-2206248867-496890886-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-2944064596-2206248867-496890886-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2944064596-2206248867-496890886-1001\Software\SecuROM\License information*]
"datasecu"=hex:1a,b9,4f,10,02,56,2e,94,cf,c4,ce,c4,5a,3b,1b,57,6a,23,b1,b1,30,
  ee,34,11,97,a1,a5,e2,ed,0d,c0,0b,9c,12,bf,1e,bf,4b,e7,ff,d4,69,10,1c,4f,35,\
"rkeysecu"=hex:59,f6,46,8f,fa,19,09,00,b5,fa,6c,08,4d,63,de,e7
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-23  17:41:54
ComboFix-quarantined-files.txt  2012-11-23 16:41
.
Vor Suchlauf: 13 Verzeichnis(se), 87.422.029.824 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 89.342.414.848 Bytes frei
.
- - End Of File - - AEA976FE2484B4F9868BE2CA71B2AAA8
das ist alles was da steht?:(

ryder 23.11.2012 18:28
jetzt ist es komplett, Schritt 3 noch

Kevinator941 23.11.2012 18:28
wie mache ich schritt drei denn?
Tut mir leid wie gesagt habe gar keine ahnung:(

ryder 23.11.2012 18:39
Deswegen haben wir eine Anleitung die man lesen sollte.

Liste der installierten Programme (Combofix)
Bitte suche und poste mir die folgende Datei:
c:\Qoobox\Add-Remove Programs.txt

Kevinator941 23.11.2012 19:04
Code:
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Age of Empires III
Angry Birds
Angry Birds Rio
Angry Birds Space
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Avira Free Antivirus
Bing Rewards Client Installer
Bonjour
Broadcom 2070 Bluetooth 3.0
Broadcom 802.11 Wireless LAN Adapter
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cogs GO Lite
Conduit Engine
Corel Home Office
Corel Home Office - CS Templates
Corel Home Office - CT Templates
Corel Home Office - IPM
Corel Home Office - JP Templates
Corel Home Office - KR Templates
Corel Home Office - Launcher
Corel Home Office - Templates RU
Corel Home Office - Templates1
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Empire Earth
Empire Earth Gold
Energy Star Digital Logo
Far Cry 2
Free Audio CD Burner version 1.4
Free NaturalReader
Free Studio version 5.7.3.916
Free YouTube Download version 2.10.33.324
Free YouTube to MP3 Converter version 3.8
Grand Theft Auto San Andreas
Grand Theft Auto Vice City
HP Advisor
HP Customer Experience Enhancements
HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät
HP Deskjet 3050 J610 series Hilfe
HP Documentation
HP ESU for Microsoft Windows 7
HP HotKey Support
HP Photo Creations
HP Setup
HP SoftPaq Download Manager
HP Software Framework
HP Software Setup
HP Update
HP Web Camera
HP Webcam
HP Webcam Driver
HP Wireless Assistant
iCloud
IDT Audio
iTunes
LightScribe System Software
Microsoft .NET Framework 4 Client Profile
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Groove MUI (German) 2010
Microsoft Office InfoPath MUI (German) 2010
Microsoft Office Klick-und-Los 2010
Microsoft Office Language Pack 2010 - German/Deutsch
Microsoft Office O MUI (German) 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer MUI (German) 2010
Microsoft Office Starter 2010 - Deutsch
Microsoft Office Word 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office Word MUI (German) 2010
Microsoft Office X MUI (German) 2010
Microsoft PowerPoint 2010
Microsoft PowerPoint Viewer
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft Word 2010
Mozilla Firefox 16.0.2 (x86 de)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Need for Speed Underground 2
OpenAL
PDF Complete Special Edition
PunkBuster Services
QuickTime
Realtek Ethernet Controller All-In-One Windows Driver
Remote Mouse version 1.50
RocketDock 1.3.5
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Steamless Counter Strike Source Pack
Studie zur Verbesserung von HP Deskjet 3050 J610 series Produkten
Synaptics Pointing Device Driver
System Explorer 3.2.1
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
USB PC Camera (SN9C101)
VC80CRTRedist - 8.0.50727.6195
VirtualCloneDrive
VLC media player 1.1.6
Vokabel Trainer 5
Windows 7 Default Setting
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mesh ActiveX control for remote connections
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.01 (32-Bit)
WinZip 14.5

ryder 23.11.2012 19:13
Sieht gut aus, dann müssen wir jetzt noch ein paar Überreste entfernen:

Schritt 1:
AdwCleaner: Werbeprogramme suchen und löschen

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Schreibe mir nur ob der Schritt geklappt hat, das anfallende Logfile brauchen wir nicht.

Schritt 2:
Kontrollscan mit OTL

  • Starte bitte OTL.exe - falls noch nicht vorhanden: LINK
  • Stelle sicher, dass "Alle Benuzter Scannen" angehakt ist!
  • Drücke den Quick Scan Button.
  • Poste die OTL.txt hier in deinen Thread.

Schritt 3:
Scan mit SecurityCheck
Downloade Dir bitte SecurityCheck
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Kevinator941 23.11.2012 19:49
Code:
OTL logfile created on: 11/23/2012 7:28:05 PM - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Robi\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
764.56 Mb Total Physical Memory | 135.64 Mb Available Physical Memory | 17.74% Memory free
1.75 Gb Paging File | 0.56 Gb Available in Paging File | 31.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 215.59 Gb Total Space | 83.14 Gb Free Space | 38.56% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 0.00 Gb Free Space | 0.12% Space Free | Partition Type: FAT32
 
Computer Name: ROBI-HP | User Name: Robi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Robi\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Remote Mouse\server\server.exe ()
PRC - C:\Program Files\Remote Mouse\RemoteMouse.exe ()
PRC - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows NT\Accessories\WORDPAD.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\lpksetup.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Remote Mouse\server\server.exe ()
MOD - C:\Program Files\Remote Mouse\RemoteMouse.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Remote Mouse\server\win32gui.pyd ()
MOD - C:\Program Files\Remote Mouse\server\win32api.pyd ()
MOD - C:\Program Files\Remote Mouse\server\pywintypes26.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_de_b77a5c561934e089\System.Core.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\hpCASLLibrary\3.0.1.1__67b8d1b5179ba5f8\hpCASLLibrary.dll ()
MOD - C:\Program Files\Remote Mouse\server\_ctypes.pyd ()
MOD - C:\Program Files\Remote Mouse\server\_ssl.pyd ()
MOD - C:\Program Files\Remote Mouse\server\_socket.pyd ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Remote Mouse\server\autopy.mouse.pyd ()
MOD - C:\Program Files\Remote Mouse\server\autopy.key.pyd ()
MOD - C:\Program Files\RocketDock\RocketDock.exe ()
MOD - C:\Program Files\RocketDock\RocketDock.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe File not found
SRV - (SystemStoreService) -- C:\Program Files\Freetec\SystemStore\SystemStore.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe (IDT, Inc.)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (hpHotkeyMonitor) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe (Andrea Electronics Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (catchme) -- C:\Users\Robi\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (mv2) -- C:\Windows\System32\drivers\mv2.sys (UVNC BVBA)
DRV - (SMARTMouseFilterx86) -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys (SMART Technologies ULC)
DRV - (SMARTVTabletPCx86) -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys (SMART Technologies ULC)
DRV - (SMARTVHidMini2000x86) -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys (SMART Technologies ULC)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (rtsuvc) -- C:\Windows\System32\drivers\rtsuvc.sys (Realtek Semiconductor Corp.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{531795A6-54C6-47E1-8ED6-34F290D57429}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,defaultscope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,defaultscope =
 
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes\{531795A6-54C6-47E1-8ED6-34F290D57429}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes\{7FA1E07F-182B-4840-8746-1D4F740CCBA3}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=2eddcdec-482e-487e-b9d2-d337c083fa0c&apn_sauid=16503CEE-24EC-4F95-9BC2-30168582F901
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.10
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:4.2.1.7
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/28 18:46:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/28 18:46:47 | 000,000,000 | ---D | M]
 
[2012/11/23 17:09:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\Extensions
[2012/11/23 18:38:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\Firefox\Profiles\e7qdcxpt.default\extensions
[2012/11/20 22:21:19 | 000,111,107 | ---- | M] () (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\extensions\extension@preispilot.com.xpi
[2012/10/11 12:06:25 | 000,281,285 | ---- | M] () (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2012/11/23 18:38:46 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012/11/23 14:59:58 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/11/21 11:53:59 | 000,001,632 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\firefox-add-ons.xml
[2012/11/21 18:14:00 | 000,000,828 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\icqplugin-4.xml
[2012/11/21 18:14:00 | 000,000,828 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\icqplugin-5.xml
[2012/11/21 18:14:00 | 000,000,828 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\icqplugin-6.xml
[2012/10/28 18:46:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/10/28 18:46:51 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/16 18:51:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/15 15:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012/11/21 18:14:00 | 000,001,400 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/11/21 18:14:00 | 000,001,679 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/21 18:14:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/11/21 18:14:00 | 000,006,818 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/12/25 19:11:09 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src
[2012/11/20 12:32:01 | 000,001,278 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/11/21 18:14:00 | 000,000,903 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012/11/23 17:37:55 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [Remote Mouse] C:\Program Files\Remote Mouse\RemoteMouse.exe ()
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Robi\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Robi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4FCF358-0D16-48CE-8144-1A6C7EBEBD6C}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/11/23 17:42:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/23 17:42:00 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/11/23 17:42:00 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\temp
[2012/11/23 17:22:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/11/23 17:22:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/11/23 17:22:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/11/23 17:09:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/23 17:09:09 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/11/23 16:49:42 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2012/11/23 16:49:18 | 000,000,000 | ---D | C] -- C:\JRT
[2012/11/22 12:16:43 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\{56F4D31D-2F68-4B81-8FE6-4F6101085ECD}
[2012/11/22 11:55:12 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\{66E052C8-5437-413C-8AC1-0CB48B0DB0BA}
[2012/11/21 18:14:00 | 000,000,000 | ---D | C] -- C:\windows\System32\IO
[2012/11/21 16:06:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/11/21 11:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/11/21 11:43:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/11/20 12:32:34 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\windows\System32\dhRichClient3.dll
[2012/11/20 12:32:11 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Roaming\DesktopIconForAmazon
[2012/11/20 12:32:01 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Roaming\Opera
[2012/11/20 12:31:51 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Roaming\OCS
[2012/11/20 12:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\SelfUpdater
[2012/11/20 11:58:43 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Roaming\Bloson
[2012/11/19 17:21:17 | 000,000,000 | ---D | C] -- C:\Users\Robi\Desktop\päda filmr fotos
[2012/11/09 06:36:20 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\{23ABBB6E-6153-4E10-9C0F-8A4C7CFA2B33}
[2012/11/08 12:36:46 | 000,000,000 | ---D | C] -- C:\Users\Robi\Documents\GTA San Andreas User Files
[2012/11/08 08:04:59 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\{449D7202-ACCA-46FD-A049-6FA5561DDDE6}
[2012/11/07 16:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2012/10/28 18:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/03/15 16:12:29 | 000,885,024 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Robi\JavaSetup6u24.exe
[2011/02/17 19:45:10 | 008,417,616 | ---- | C] (Mozilla) -- C:\Users\Robi\Firefox_Setup_3.6.13.exe
[2011/02/07 17:25:15 | 060,458,664 | ---- | C] (DVDVideoSoft Limited.                                      ) -- C:\Program Files\FreeStudio.exe
[2011/01/30 18:36:11 | 008,417,616 | ---- | C] (Mozilla) -- C:\Program Files\Firefox.exe
[10 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/11/23 19:33:57 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 19:33:57 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 19:23:26 | 000,000,314 | ---- | M] () -- C:\windows\tasks\asilfsat.job
[2012/11/23 19:23:10 | 000,016,384 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2012/11/23 19:23:04 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/11/23 19:22:56 | 801,697,792 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/23 17:37:55 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/11/23 15:01:39 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012/11/22 13:21:13 | 000,007,250 | ---- | M] () -- C:\Users\Robi\Documents\Pädagogik Projekt.wlmp
[2012/11/22 12:21:02 | 000,654,844 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/11/22 12:21:02 | 000,616,686 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/11/22 12:21:02 | 000,130,426 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/11/22 12:21:02 | 000,106,808 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/11/21 23:05:20 | 000,211,168 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim 09.07.2012 - 03.08.2012.jpg
[2012/11/21 23:03:25 | 000,203,440 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim 02.04.2012 - 13.04.2012.jpg
[2012/11/21 23:01:38 | 000,370,461 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Diakonie 02.01.2012 - 06.01.2012.jpg
[2012/11/21 22:59:28 | 000,361,755 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim schulisch 21.03.2011 - 08.04.2011.jpg
[2012/11/21 22:57:34 | 000,327,275 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Kindergarten 15.11.2010 - 03.12.2010.jpg
[2012/11/21 22:52:42 | 000,289,663 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim 11.10.2010 - 22.10.2010.jpg
[2012/11/21 22:50:54 | 000,276,004 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim 26.07.2010 - 13.08.2010.jpg
[2012/11/21 22:47:21 | 000,343,463 | ---- | M] () -- C:\Users\Robi\Desktop\Halbjahreszeugnis der Fachhochschulreife 2.jpg
[2012/11/21 22:45:59 | 000,306,644 | ---- | M] () -- C:\Users\Robi\Desktop\Halbjahreszeugnis der Fachhochschulreife 1.jpg
[2012/11/21 22:43:07 | 000,180,681 | ---- | M] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 4.jpg
[2012/11/21 22:41:51 | 000,292,828 | ---- | M] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 3.jpg
[2012/11/21 22:40:39 | 000,234,454 | ---- | M] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 2.jpg
[2012/11/21 22:39:14 | 000,240,593 | ---- | M] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 1.jpg
[2012/11/21 22:37:58 | 000,337,336 | ---- | M] () -- C:\Users\Robi\Desktop\Arbeits und Sozialverhalten.jpg
[2012/11/21 16:27:40 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2012/11/18 19:23:40 | 000,339,296 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/11/09 08:38:08 | 000,000,316 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForRobi.job
[2012/11/07 16:19:00 | 000,119,300 | -H-- | M] () -- C:\windows\System32\mlfcache.dat
[2012/11/03 11:35:40 | 000,000,017 | ---- | M] () -- C:\windows\System32\shortcut_ex.dat
[10 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/11/23 17:22:56 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/11/23 17:22:56 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/11/23 17:22:56 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/11/23 17:22:56 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/11/23 17:22:56 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/11/22 13:21:13 | 000,007,250 | ---- | C] () -- C:\Users\Robi\Documents\Pädagogik Projekt.wlmp
[2012/11/21 23:05:20 | 000,211,168 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim 09.07.2012 - 03.08.2012.jpg
[2012/11/21 23:03:25 | 000,203,440 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim 02.04.2012 - 13.04.2012.jpg
[2012/11/21 23:01:37 | 000,370,461 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Diakonie 02.01.2012 - 06.01.2012.jpg
[2012/11/21 22:59:28 | 000,361,755 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim schulisch 21.03.2011 - 08.04.2011.jpg
[2012/11/21 22:57:34 | 000,327,275 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Kindergarten 15.11.2010 - 03.12.2010.jpg
[2012/11/21 22:52:41 | 000,289,663 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim 11.10.2010 - 22.10.2010.jpg
[2012/11/21 22:50:54 | 000,276,004 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim 26.07.2010 - 13.08.2010.jpg
[2012/11/21 22:47:21 | 000,343,463 | ---- | C] () -- C:\Users\Robi\Desktop\Halbjahreszeugnis der Fachhochschulreife 2.jpg
[2012/11/21 22:45:59 | 000,306,644 | ---- | C] () -- C:\Users\Robi\Desktop\Halbjahreszeugnis der Fachhochschulreife 1.jpg
[2012/11/21 22:43:07 | 000,180,681 | ---- | C] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 4.jpg
[2012/11/21 22:41:50 | 000,292,828 | ---- | C] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 3.jpg
[2012/11/21 22:40:39 | 000,234,454 | ---- | C] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 2.jpg
[2012/11/21 22:39:13 | 000,240,593 | ---- | C] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 1.jpg
[2012/11/21 22:37:57 | 000,337,336 | ---- | C] () -- C:\Users\Robi\Desktop\Arbeits und Sozialverhalten.jpg
[2012/11/20 12:32:34 | 000,338,432 | ---- | C] () -- C:\windows\System32\sqlite36_engine.dll
[2012/11/17 22:23:14 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/17 22:22:38 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/07 16:07:32 | 000,002,491 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2012/11/03 11:35:40 | 000,000,017 | ---- | C] () -- C:\windows\System32\shortcut_ex.dat
[2012/09/17 21:02:28 | 000,001,652 | ---- | C] () -- C:\windows\System32\ASOROSet.bin
[2012/09/03 20:25:13 | 000,000,193 | ---- | C] () -- C:\windows\WORDPAD.INI
[2012/07/22 19:46:16 | 000,000,000 | ---- | C] () -- C:\windows\appXYqt3.ini
[2012/06/17 23:40:45 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r06
[2012/06/17 23:40:43 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r05
[2012/06/17 23:40:43 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r04
[2012/06/17 23:40:39 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r03
[2012/06/17 23:40:39 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r02
[2012/06/17 23:40:39 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r01
[2012/06/17 23:40:38 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r00
[2012/06/17 23:40:38 | 000,009,006 | ---- | C] () -- C:\Users\Robi\aoe-project.nfo
[2012/05/13 18:11:07 | 000,119,300 | -H-- | C] () -- C:\windows\System32\mlfcache.dat
[2012/04/27 17:19:28 | 000,027,969 | ---- | C] () -- C:\Users\Robi\AppData\Roaming\UserTile.png
[2012/04/24 10:12:02 | 000,139,264 | ---- | C] () -- C:\windows\System32\usbceipi.dll
[2012/03/20 21:21:18 | 000,000,046 | ---- | C] () -- C:\windows\QTW.INI
[2012/02/21 10:51:49 | 000,000,190 | ---- | C] () -- C:\windows\cncscore.ini
[2012/02/17 18:30:29 | 000,286,720 | ---- | C] () -- C:\windows\vsnpstd.exe
[2012/02/17 18:30:28 | 000,053,248 | ---- | C] () -- C:\windows\System32\dsnpstd.dll
[2012/02/17 18:30:19 | 000,061,440 | ---- | C] ( ) -- C:\windows\System32\rsnpstd.dll
[2012/01/29 21:29:47 | 000,000,109 | ---- | C] () -- C:\windows\disney.ini
[2011/11/17 19:11:31 | 000,000,236 | ---- | C] () -- C:\ProgramData\{5CAFA1B7-9EEF-4cc7-B9F7-9DDB3DAA679E}
[2011/10/26 16:04:43 | 000,139,152 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys
[2011/10/26 16:04:43 | 000,139,152 | ---- | C] () -- C:\Users\Robi\AppData\Roaming\PnkBstrK.sys
[2011/10/26 16:04:32 | 000,111,928 | ---- | C] () -- C:\windows\System32\PnkBstrB.exe
[2011/10/26 16:04:14 | 002,793,768 | ---- | C] () -- C:\windows\System32\pbsvc.exe
[2011/10/26 16:04:14 | 000,066,872 | ---- | C] () -- C:\windows\System32\PnkBstrA.exe
[2011/08/02 10:34:12 | 000,000,528 | R--- | C] () -- C:\Program Files\MediaID.bin
[2011/07/27 19:48:14 | 000,021,840 | ---- | C] () -- C:\windows\System32\SIntfNT.dll
[2011/07/27 19:48:14 | 000,017,212 | ---- | C] () -- C:\windows\System32\SIntf32.dll
[2011/07/27 19:48:14 | 000,012,067 | ---- | C] () -- C:\windows\System32\SIntf16.dll
[2011/07/27 19:46:30 | 000,000,228 | ---- | C] () -- C:\windows\SIERRA.INI
[2011/07/21 21:18:46 | 000,000,236 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51}
[2011/06/23 21:02:37 | 000,137,216 | ---- | C] () -- C:\windows\epuninstall.exe
[2011/04/24 17:21:37 | 000,000,032 | ---- | C] () -- C:\windows\Menu.INI
[2011/04/09 20:30:55 | 000,001,849 | ---- | C] () -- C:\Users\Robi\AppData\Roaming\GhostObjGAFix.xml
[2011/03/14 15:18:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/30 19:14:14 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2011/01/28 23:32:28 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/08/17 20:21:18 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Ashampoo
[2012/11/20 22:27:52 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Bloson
[2012/04/30 23:09:02 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\DAEMON Tools Lite
[2011/11/17 19:11:18 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Degener
[2012/11/21 18:15:02 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\DesktopIconForAmazon
[2011/06/23 14:49:05 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\GetRightToGo
[2012/03/24 23:38:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Lazy 8 Studios
[2011/10/14 16:23:36 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Leadertech
[2012/11/20 12:31:51 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\OCS
[2012/04/16 18:56:37 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\OpenOffice.org
[2012/11/20 12:32:01 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Opera
[2012/04/07 19:19:43 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Rovio
[2012/04/24 18:48:13 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SMART Technologies
[2012/04/24 10:50:20 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SMART Technologies Inc
[2012/09/17 13:56:22 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SoftGrid Client
[2011/10/01 14:10:46 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SpringLobby
[2011/10/01 14:10:22 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\springsettings
[2011/01/30 08:27:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\supertuxkart
[2011/10/24 17:13:10 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Teeworlds
[2012/10/14 14:02:11 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Tonido
[2011/01/28 23:08:32 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\TP
[2011/05/02 22:00:52 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Visan
[2011/10/01 11:23:10 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Windows Live Writer
[2012/03/25 22:34:27 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Windows SideBar
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >


Code:
Results of screen317's Security Check version 0.99.54 
 Windows 7 Service Pack 1 x86 (UAC is disabled!) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
AntiVir Desktop 
 Antivirus out of date! 
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player        11.4.402.265 
 Mozilla Firefox (16.0.2)
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
kannst du mir vielleicht noch sagen wie ich den laptop wieder schneller machen kann?

ein ganz ganz herzlichen dank von mir:)
Du hast mir echt super geholfen!!

lg Kevin

Der fehler ist aber immer noch?:((

ryder 23.11.2012 21:00
Schneller machen wir ihn am Schluß, wenn das BÖÖÖSE weg ist :)

Schritt 1:
Fix mit OTL

Zitat:
Warnung: Dieses Skript wurde nur für diesen User und diese spezielle Situation geschrieben. Auf anderen Computern ausgeführt kann es nachhaltige Schäden anrichten!
Hinweis: Wenn du deinen Benutzernamen unkenntlich gemacht hast, musst du wieder deinen richtigen Namen einsetzen, ansonsten wird das Skript nicht funktionieren.

Code:

:OTL
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes\{7FA1E07F-182B-4840-8746-1D4F740CCBA3}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9

:files
ipconfig /flushdns /c

:commands
[Emptytemp]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop. ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
  • Kopiere nun den Inhalt hier in deinen Thread, möglichst in Code-Tags.


Hinweis: Die Ausführung des Kommandos kann einige Minuten dauern und OTL scheint in dieser Zeit nicht zu reagieren. Bitte geduldig sein! :kaffee:

Schritt 2:
Deinstalliere den alten Flashplayer

Schritt 3:
Kontrollscan mit OTL

  • Starte bitte OTL.exe - falls noch nicht vorhanden: LINK
  • Stelle sicher, dass "Alle Benuzter Scannen" angehakt ist!
  • Drücke den Quick Scan Button.
  • Poste die OTL.txt hier in deinen Thread.

Schritt 4:
Scan mit SecurityCheck
Downloade Dir bitte SecurityCheck
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.
Schritt 5:
Besteht das Problem jetzt noch?

Kevinator941 23.11.2012 21:46
Code:
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Internet Explorer\SearchScopes\{7FA1E07F-182B-4840-8746-1D4F740CCBA3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FA1E07F-182B-4840-8746-1D4F740CCBA3}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//about.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Exclude.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//FWEvent.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//LanguageSelection.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Message.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryCmd.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryNag.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyNotification.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//NOCLessUpdate.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//quarantine.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//ScanNow.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//strings.vbs/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Template.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Update.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//VirFound.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\*\ deleted successfully.
Invalid CLSID key: *
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\*\ not found.
Invalid CLSID key: *
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www\ not found.
ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Robi\Downloads\cmd.bat deleted successfully.
C:\Users\Robi\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Robi
->Temp folder emptied: 1160905 bytes
->Temporary Internet Files folder emptied: 48630359 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 104509351 bytes
->Apple Safari cache emptied: 5618688 bytes
->Flash cache emptied: 3888361 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8842 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 156.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11232012_211545

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Code:
OTL logfile created on: 11/23/2012 9:30:33 PM - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Robi\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
764.56 Mb Total Physical Memory | 121.01 Mb Available Physical Memory | 15.83% Memory free
1.75 Gb Paging File | 0.54 Gb Available in Paging File | 30.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 215.59 Gb Total Space | 82.96 Gb Free Space | 38.48% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 0.00 Gb Free Space | 0.12% Space Free | Partition Type: FAT32
 
Computer Name: ROBI-HP | User Name: Robi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Robi\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Remote Mouse\server\server.exe ()
PRC - C:\Program Files\Remote Mouse\RemoteMouse.exe ()
PRC - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Remote Mouse\server\server.exe ()
MOD - C:\Program Files\Remote Mouse\RemoteMouse.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Remote Mouse\server\win32gui.pyd ()
MOD - C:\Program Files\Remote Mouse\server\win32api.pyd ()
MOD - C:\Program Files\Remote Mouse\server\pywintypes26.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_de_b77a5c561934e089\System.Core.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\hpCASLLibrary\3.0.1.1__67b8d1b5179ba5f8\hpCASLLibrary.dll ()
MOD - C:\Program Files\Remote Mouse\server\_ctypes.pyd ()
MOD - C:\Program Files\Remote Mouse\server\_ssl.pyd ()
MOD - C:\Program Files\Remote Mouse\server\_socket.pyd ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Remote Mouse\server\autopy.mouse.pyd ()
MOD - C:\Program Files\Remote Mouse\server\autopy.key.pyd ()
MOD - C:\Program Files\RocketDock\RocketDock.exe ()
MOD - C:\Program Files\RocketDock\RocketDock.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe File not found
SRV - (SystemStoreService) -- C:\Program Files\Freetec\SystemStore\SystemStore.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe (IDT, Inc.)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (hpHotkeyMonitor) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe (Andrea Electronics Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (catchme) -- C:\Users\Robi\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (mv2) -- C:\Windows\System32\drivers\mv2.sys (UVNC BVBA)
DRV - (SMARTMouseFilterx86) -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys (SMART Technologies ULC)
DRV - (SMARTVTabletPCx86) -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys (SMART Technologies ULC)
DRV - (SMARTVHidMini2000x86) -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys (SMART Technologies ULC)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (rtsuvc) -- C:\Windows\System32\drivers\rtsuvc.sys (Realtek Semiconductor Corp.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{531795A6-54C6-47E1-8ED6-34F290D57429}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,defaultscope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,defaultscope =
 
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes\{531795A6-54C6-47E1-8ED6-34F290D57429}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.10
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:4.2.1.7
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/28 18:46:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/28 18:46:47 | 000,000,000 | ---D | M]
 
[2012/11/23 17:09:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\Extensions
[2012/11/23 18:38:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\Firefox\Profiles\e7qdcxpt.default\extensions
[2012/11/20 22:21:19 | 000,111,107 | ---- | M] () (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\extensions\extension@preispilot.com.xpi
[2012/10/11 12:06:25 | 000,281,285 | ---- | M] () (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2012/11/23 18:38:46 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012/11/23 14:59:58 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/11/21 11:53:59 | 000,001,632 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\firefox-add-ons.xml
[2012/11/21 18:14:00 | 000,000,828 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\icqplugin-4.xml
[2012/11/21 18:14:00 | 000,000,828 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\icqplugin-5.xml
[2012/11/21 18:14:00 | 000,000,828 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\icqplugin-6.xml
[2012/10/28 18:46:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/10/28 18:46:51 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/16 18:51:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/15 15:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012/11/21 18:14:00 | 000,001,400 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/11/21 18:14:00 | 000,001,679 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/21 18:14:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/11/21 18:14:00 | 000,006,818 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/12/25 19:11:09 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src
[2012/11/20 12:32:01 | 000,001,278 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/11/21 18:14:00 | 000,000,903 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012/11/23 17:37:55 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [Remote Mouse] C:\Program Files\Remote Mouse\RemoteMouse.exe ()
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Robi\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Robi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4FCF358-0D16-48CE-8144-1A6C7EBEBD6C}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/11/23 21:15:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/23 17:42:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/23 17:42:00 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/11/23 17:42:00 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\temp
[2012/11/23 17:22:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/11/23 17:22:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/11/23 17:22:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/11/23 17:09:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/23 17:09:09 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/11/23 16:49:42 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2012/11/23 16:49:18 | 000,000,000 | ---D | C] -- C:\JRT
[2012/11/22 12:16:43 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\{56F4D31D-2F68-4B81-8FE6-4F6101085ECD}
[2012/11/22 11:55:12 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\{66E052C8-5437-413C-8AC1-0CB48B0DB0BA}
[2012/11/21 18:14:00 | 000,000,000 | ---D | C] -- C:\windows\System32\IO
[2012/11/21 16:06:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/11/21 11:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/11/21 11:43:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/11/20 12:32:34 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\windows\System32\dhRichClient3.dll
[2012/11/20 12:32:11 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Roaming\DesktopIconForAmazon
[2012/11/20 12:32:01 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Roaming\Opera
[2012/11/20 12:31:51 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Roaming\OCS
[2012/11/20 12:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\SelfUpdater
[2012/11/20 11:58:43 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Roaming\Bloson
[2012/11/19 17:21:17 | 000,000,000 | ---D | C] -- C:\Users\Robi\Desktop\päda filmr fotos
[2012/11/09 06:36:20 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\{23ABBB6E-6153-4E10-9C0F-8A4C7CFA2B33}
[2012/11/08 12:36:46 | 000,000,000 | ---D | C] -- C:\Users\Robi\Documents\GTA San Andreas User Files
[2012/11/08 08:04:59 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\{449D7202-ACCA-46FD-A049-6FA5561DDDE6}
[2012/11/07 16:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2012/10/28 18:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/03/15 16:12:29 | 000,885,024 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Robi\JavaSetup6u24.exe
[2011/02/17 19:45:10 | 008,417,616 | ---- | C] (Mozilla) -- C:\Users\Robi\Firefox_Setup_3.6.13.exe
[2011/02/07 17:25:15 | 060,458,664 | ---- | C] (DVDVideoSoft Limited.                                      ) -- C:\Program Files\FreeStudio.exe
[2011/01/30 18:36:11 | 008,417,616 | ---- | C] (Mozilla) -- C:\Program Files\Firefox.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012/11/23 21:26:59 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 21:26:59 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 21:18:59 | 000,000,314 | ---- | M] () -- C:\windows\tasks\asilfsat.job
[2012/11/23 21:18:44 | 000,016,384 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2012/11/23 21:18:38 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/11/23 21:18:30 | 801,697,792 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/23 17:37:55 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/11/23 15:01:39 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012/11/22 13:21:13 | 000,007,250 | ---- | M] () -- C:\Users\Robi\Documents\Pädagogik Projekt.wlmp
[2012/11/22 12:21:02 | 000,654,844 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/11/22 12:21:02 | 000,616,686 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/11/22 12:21:02 | 000,130,426 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/11/22 12:21:02 | 000,106,808 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/11/21 23:05:20 | 000,211,168 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim 09.07.2012 - 03.08.2012.jpg
[2012/11/21 23:03:25 | 000,203,440 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim 02.04.2012 - 13.04.2012.jpg
[2012/11/21 23:01:38 | 000,370,461 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Diakonie 02.01.2012 - 06.01.2012.jpg
[2012/11/21 22:59:28 | 000,361,755 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim schulisch 21.03.2011 - 08.04.2011.jpg
[2012/11/21 22:57:34 | 000,327,275 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Kindergarten 15.11.2010 - 03.12.2010.jpg
[2012/11/21 22:52:42 | 000,289,663 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim 11.10.2010 - 22.10.2010.jpg
[2012/11/21 22:50:54 | 000,276,004 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim 26.07.2010 - 13.08.2010.jpg
[2012/11/21 22:47:21 | 000,343,463 | ---- | M] () -- C:\Users\Robi\Desktop\Halbjahreszeugnis der Fachhochschulreife 2.jpg
[2012/11/21 22:45:59 | 000,306,644 | ---- | M] () -- C:\Users\Robi\Desktop\Halbjahreszeugnis der Fachhochschulreife 1.jpg
[2012/11/21 22:43:07 | 000,180,681 | ---- | M] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 4.jpg
[2012/11/21 22:41:51 | 000,292,828 | ---- | M] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 3.jpg
[2012/11/21 22:40:39 | 000,234,454 | ---- | M] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 2.jpg
[2012/11/21 22:39:14 | 000,240,593 | ---- | M] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 1.jpg
[2012/11/21 22:37:58 | 000,337,336 | ---- | M] () -- C:\Users\Robi\Desktop\Arbeits und Sozialverhalten.jpg
[2012/11/21 16:27:40 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2012/11/18 19:23:40 | 000,339,296 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/11/09 08:38:08 | 000,000,316 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForRobi.job
[2012/11/07 16:19:00 | 000,119,300 | -H-- | M] () -- C:\windows\System32\mlfcache.dat
[2012/11/03 11:35:40 | 000,000,017 | ---- | M] () -- C:\windows\System32\shortcut_ex.dat
 
========== Files Created - No Company Name ==========
 
[2012/11/23 17:22:56 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/11/23 17:22:56 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/11/23 17:22:56 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/11/23 17:22:56 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/11/23 17:22:56 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/11/22 13:21:13 | 000,007,250 | ---- | C] () -- C:\Users\Robi\Documents\Pädagogik Projekt.wlmp
[2012/11/21 23:05:20 | 000,211,168 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim 09.07.2012 - 03.08.2012.jpg
[2012/11/21 23:03:25 | 000,203,440 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim 02.04.2012 - 13.04.2012.jpg
[2012/11/21 23:01:37 | 000,370,461 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Diakonie 02.01.2012 - 06.01.2012.jpg
[2012/11/21 22:59:28 | 000,361,755 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim schulisch 21.03.2011 - 08.04.2011.jpg
[2012/11/21 22:57:34 | 000,327,275 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Kindergarten 15.11.2010 - 03.12.2010.jpg
[2012/11/21 22:52:41 | 000,289,663 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim 11.10.2010 - 22.10.2010.jpg
[2012/11/21 22:50:54 | 000,276,004 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim 26.07.2010 - 13.08.2010.jpg
[2012/11/21 22:47:21 | 000,343,463 | ---- | C] () -- C:\Users\Robi\Desktop\Halbjahreszeugnis der Fachhochschulreife 2.jpg
[2012/11/21 22:45:59 | 000,306,644 | ---- | C] () -- C:\Users\Robi\Desktop\Halbjahreszeugnis der Fachhochschulreife 1.jpg
[2012/11/21 22:43:07 | 000,180,681 | ---- | C] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 4.jpg
[2012/11/21 22:41:50 | 000,292,828 | ---- | C] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 3.jpg
[2012/11/21 22:40:39 | 000,234,454 | ---- | C] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 2.jpg
[2012/11/21 22:39:13 | 000,240,593 | ---- | C] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 1.jpg
[2012/11/21 22:37:57 | 000,337,336 | ---- | C] () -- C:\Users\Robi\Desktop\Arbeits und Sozialverhalten.jpg
[2012/11/20 12:32:34 | 000,338,432 | ---- | C] () -- C:\windows\System32\sqlite36_engine.dll
[2012/11/17 22:23:14 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/17 22:22:38 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/07 16:07:32 | 000,002,491 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2012/11/03 11:35:40 | 000,000,017 | ---- | C] () -- C:\windows\System32\shortcut_ex.dat
[2012/09/17 21:02:28 | 000,001,652 | ---- | C] () -- C:\windows\System32\ASOROSet.bin
[2012/09/03 20:25:13 | 000,000,193 | ---- | C] () -- C:\windows\WORDPAD.INI
[2012/07/22 19:46:16 | 000,000,000 | ---- | C] () -- C:\windows\appXYqt3.ini
[2012/06/17 23:40:45 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r06
[2012/06/17 23:40:43 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r05
[2012/06/17 23:40:43 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r04
[2012/06/17 23:40:39 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r03
[2012/06/17 23:40:39 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r02
[2012/06/17 23:40:39 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r01
[2012/06/17 23:40:38 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r00
[2012/06/17 23:40:38 | 000,009,006 | ---- | C] () -- C:\Users\Robi\aoe-project.nfo
[2012/05/13 18:11:07 | 000,119,300 | -H-- | C] () -- C:\windows\System32\mlfcache.dat
[2012/04/27 17:19:28 | 000,027,969 | ---- | C] () -- C:\Users\Robi\AppData\Roaming\UserTile.png
[2012/03/20 21:21:18 | 000,000,046 | ---- | C] () -- C:\windows\QTW.INI
[2012/02/21 10:51:49 | 000,000,190 | ---- | C] () -- C:\windows\cncscore.ini
[2012/02/17 18:30:29 | 000,286,720 | ---- | C] () -- C:\windows\vsnpstd.exe
[2012/02/17 18:30:28 | 000,053,248 | ---- | C] () -- C:\windows\System32\dsnpstd.dll
[2012/02/17 18:30:19 | 000,061,440 | ---- | C] ( ) -- C:\windows\System32\rsnpstd.dll
[2012/01/29 21:29:47 | 000,000,109 | ---- | C] () -- C:\windows\disney.ini
[2011/11/17 19:11:31 | 000,000,236 | ---- | C] () -- C:\ProgramData\{5CAFA1B7-9EEF-4cc7-B9F7-9DDB3DAA679E}
[2011/10/26 16:04:43 | 000,139,152 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys
[2011/10/26 16:04:43 | 000,139,152 | ---- | C] () -- C:\Users\Robi\AppData\Roaming\PnkBstrK.sys
[2011/10/26 16:04:32 | 000,111,928 | ---- | C] () -- C:\windows\System32\PnkBstrB.exe
[2011/10/26 16:04:14 | 002,793,768 | ---- | C] () -- C:\windows\System32\pbsvc.exe
[2011/10/26 16:04:14 | 000,066,872 | ---- | C] () -- C:\windows\System32\PnkBstrA.exe
[2011/08/02 10:34:12 | 000,000,528 | R--- | C] () -- C:\Program Files\MediaID.bin
[2011/07/27 19:48:14 | 000,021,840 | ---- | C] () -- C:\windows\System32\SIntfNT.dll
[2011/07/27 19:48:14 | 000,017,212 | ---- | C] () -- C:\windows\System32\SIntf32.dll
[2011/07/27 19:48:14 | 000,012,067 | ---- | C] () -- C:\windows\System32\SIntf16.dll
[2011/07/27 19:46:30 | 000,000,228 | ---- | C] () -- C:\windows\SIERRA.INI
[2011/07/21 21:18:46 | 000,000,236 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51}
[2011/06/23 21:02:37 | 000,137,216 | ---- | C] () -- C:\windows\epuninstall.exe
[2011/04/24 17:21:37 | 000,000,032 | ---- | C] () -- C:\windows\Menu.INI
[2011/04/09 20:30:55 | 000,001,849 | ---- | C] () -- C:\Users\Robi\AppData\Roaming\GhostObjGAFix.xml
[2011/03/14 15:18:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/30 19:14:14 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2011/01/28 23:32:28 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/08/17 20:21:18 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Ashampoo
[2012/11/20 22:27:52 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Bloson
[2012/04/30 23:09:02 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\DAEMON Tools Lite
[2011/11/17 19:11:18 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Degener
[2012/11/21 18:15:02 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\DesktopIconForAmazon
[2011/06/23 14:49:05 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\GetRightToGo
[2012/03/24 23:38:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Lazy 8 Studios
[2011/10/14 16:23:36 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Leadertech
[2012/11/20 12:31:51 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\OCS
[2012/04/16 18:56:37 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\OpenOffice.org
[2012/11/20 12:32:01 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Opera
[2012/04/07 19:19:43 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Rovio
[2012/04/24 18:48:13 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SMART Technologies
[2012/04/24 10:50:20 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SMART Technologies Inc
[2012/09/17 13:56:22 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SoftGrid Client
[2011/10/01 14:10:46 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SpringLobby
[2011/10/01 14:10:22 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\springsettings
[2011/01/30 08:27:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\supertuxkart
[2011/10/24 17:13:10 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Teeworlds
[2012/10/14 14:02:11 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Tonido
[2011/01/28 23:08:32 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\TP
[2011/05/02 22:00:52 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Visan
[2011/10/01 11:23:10 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Windows Live Writer
[2012/03/25 22:34:27 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Windows SideBar
 
========== Purity Check ==========
 
 

< End of report >

Code:
Results of screen317's Security Check version 0.99.54 
 Windows 7 Service Pack 1 x86 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
AntiVir Desktop 
 Antivirus out of date! 
`````````Anti-malware/Other Utilities Check:`````````
 Mozilla Firefox (16.0.2)
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
ja danke das problem scheint schonmal weg zu sein:)

ryder 23.11.2012 21:50
YAY! Dann Avira-UPdate noch und ... dannn ...

Prima! :daumenhoc

Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich.

Schritt 1:
Tools deinstallieren

  • Falls Defogger benutzt wurde: jetzt auf re-enable klicken.
  • Falls Combofix benutzt wurde: Windowstaste + R > Combofix /Uninstall (eingeben) > OK
  • Downloade Dir bitte delfix auf deinen Desktop:
    • Starte Delfix und klicke auf Löschen.
    • Bitte poste mir das sich jetzt öffnende Logfile: C:\DelFix[S1].txt.
    • Klicke dann auf Deinstallation und dann OK.


Schritt 2:
ESET deinstallieren (Optional)

Ich empfehle dir dein System einmal pro Woche mit ESET zu scannen. Möchtest du ESET aber entfernen:
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen-Fenster und klicke OK.
Code:
"%ProgramFiles%\Eset\Eset Online Scanner\OnlineScannerUninstaller.exe"
Abschließend noch Tipps zu folgenden Themen:

  • Systemupdates
  • Softwareupdates
  • Sicherheitssoftware
  • Sicheres Surfen


Zitat:
Lesestoff:
Systemupdates
Man kann es gar nicht oft genug erwähnen, wie wichtig es ist, sein System aktuell zu halten. Dein Auto bringst du ja auch regelmässig zur Inspektion in die Werkstatt. Stelle also bitte sicher, dass die Systemupdates aktiviert sind:
  • Bitte überprüfe, ob dein System Windows Updates automatisch herunter lädt:
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.

Zitat:
Lesestoff:
Softwareupdates
Ebenso wichtig wie die Systemprogramme ist auch die Software, die du täglich nutzt. Die folgende Liste gibt dir einen kleinen Überblick mit Links zu den Updates, welche Programme dringend aktuell gehalten werden müssen (falls du sie überhaupt installiert hast und nutzt), weil durch deren Sicherheitslücken oft Malware auf die Computer gelangen kann:

Auch nicht gelistete Programme sind natürlich wichtig. Ob es für diese eine neue Version gibt, kannst du auf deren Herstellerwebseite oder ganz bequem mit diesen Tools überprüfen:

Zitat:
Lesestoff:
Sicherheitssoftware
Würde dich jemand nackt auf dem Motorrad auf der Autobahn überholen würdest du auch den Kopf schütteln. Dein Computer braucht auch einen Schutz vor den täglichen kleinen Angriffen durch Schädlinge. Neben hervorragenden kommerziellen Anti-Viren-Lösungen gibt es auch durchaus gute Schutzprogramme, die kostenfrei mit reduziertem Funktionsumfang erhältlich sind. Aber vorsicht, hier gilt nicht "je mehr desto besser". Was du brauchst ist genau einen Virenscanner mit Hintergrundwächter. Nicht mehr und nicht weniger. Es gibt hier viele Produkte auf dem Markt, die einem gute Dienste leisten. Ich persönlich empfehle dir Avast Free Antivirus. Es bietet relativ guten Schutz, bei wenig nerviger Werbung und installiert dir ein Browserplugin, das dich vor gefährlichen Webseiten warnt.
  • Wenn du deine Antivirenlösung wechseln solltest, findest du hier Tools mit denen du die Überreste nach der Deinstallation deines alten Scanners entfernen kannst.
  • Installiere niemals mehr als einen Virenscanner. Deren Hintergrundwächter würden sich gegenseitig behindern und dein System ausbremsen.
  • Ein Browserplugin, das dich vor betrügerischen Webseiten schützt, kann dir gute Dienste leisten, wenn du dich nicht gut auskennst (siehe oben).
  • Sorge dafür, dass deine Sicherheitslösung ständig up-to-date ist und sich automatisch Updates besorgt. Wenn du auf manuelle Updates setzt bist du meistens zu spät, da die Virendatenbanken oft täglich sogar mehrfach erneuert werden.
  • Einen zusätzlichen Schutz (und dieser wäre auch erlaubt) bietet ein spezieller Malwarescanner. Hier empfehle ich dir dringend Malwarebytes und einmal wöchentlich damit zu scannen. In der kostenpflichtigen Version hat es sogar einen Hintergrundwächter. Hierfür haben wir eine Anleitung für dich.

Zuletzt empfehle ich dir deine Daten regelmässig (am besten automatisch) zu sichern. Dies kann eine professionelle Backuplösung, externe Festplatten, Brennen auf DVDs oder Überspielen auf ein Online-Laufwerk wie z.B. Dropbox sein. Erzeuge so viele Kopien wie möglich und halte sie aktuell. Nur so bist du auf den schlimmsten Fall vorbereitet, wenn dein Computer - wodurch auch immer - unbrauchbar werden sollte. Leider passiert das ja immer unangekündigt und immer dann wenn man ihn am Nötigsten braucht. Also sorge vor! :)

Zitat:
Lesestoff:
Sicheres Surfen
Zunächst muss man sagen, dass es üblicherweise immer der menschliche Faktor ist, der es Malware ermöglicht auf einen Computer zu gelangen. Kaufst du Leuten, die an deiner Haustür klingeln, auch sofort ohne nachzudenken irgendwelches Zeug ab? Gewöhne dir daher zunächst einige Verhaltensregeln beim Surfen im Internet an:
  • Klicke nicht irgendwo hin, nur weil es bunt ist und leuchtet, in einer Ecke aufpoppt oder so aussieht, als wäre es eine Systemmeldung.
  • Lade dir keine illegale Software, keine Cracks, keine Keygens, keine Gametrainer usw ... die Webseiten, die so etwas anbieten, sind meist nicht seriös und die angeblichen Helfer sind meist verseuchter als du es dir ausmalen würdest. Es spielt dabei keine Rolle, ob du diese Dateien über einen Browser oder Filesharingprogramme beziehst.
  • Öffne keine Emailanhänge von Leuten, die du nicht kennst, Emails mit seltsamen Rechtschreibfehlern oder starte Dateien, die dir eine Webseite anbietet, ohne dass du sie wolltest.
  • Lasse niemand an deinem Computer surfen, der diese Regeln nicht auch befolgt.
  • Verlasse dich nicht darauf, dass dein Virenscanner schon alles findet. Keine Sicherheitslösung ist 100% sicher!


Aber selbst bei der peinlichen Einhaltung dieser Regeln kann es dennoch zu einer sogenannten Drive-By-Infektion kommen, bei der ein Schädling aus dem Schutzmechanismus des Webbrowsers ausbricht. Um die Sicherheit noch weiter zu erhöhen gibt es spezielle Schutzsoftware, die deinen Browser noch weiter absichert.
  • WOT (Web of trust) Dieses Add-On warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst. Hinweis: Avast enthält ein solches Plugin bereits.
  • Sandboxie schafft eine zusätzliche isolierte Programmumgebung, damit dein Browser wie ein Kleinkind im Sandkasten sicher ist. (Anleitung: Sandboxie)
  • Securebanking ist ein Software, die Verbindungen untersucht und dir meldet, wenn jemand "mithört". Wie der Name sagt, wurde es entwickelt, damit Onlinebanking wirklich sicher ist. Mehr Infos auf der Homepage: Secure Banking


Zuletzt denke bitte über die Benutzung eines alternativen Browsers nach. Programme, die nicht so oft verwendet werden, sind auch nicht so sehr im Focus der "bösen Jungs". D.h. du bist mit einem exotischen Browser eher auf der sicheren Seite. Grundsätzlich bist du erst einmal deutlich sicherer, wenn du nicht den Internet Explorer benutzt.

Damit wünsche ich dir noch viel Spaß beim Surfen im Internet :daumenhoc

... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Eine Bitte: Gib mir eine kurze Rückmeldung, wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.

Kevinator941 23.11.2012 22:18
Code:
# AdwCleaner v6.2 - Datei am 23/11/2012 um 22:17:23 erstellt
# Aktualisiert am 11/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Robi - ROBI-HP
# Ausgeführt unter : C:\Users\Robi\Downloads\delfix.exe
# Option [Löschen]


~~~~~~ Ordner ~~~~~~

Gelöscht : C:\JRT
Gelöscht : C:\_OTL

~~~~~~ Datei(en) ~~~~~~

Gelöscht : C:\AdwCleaner[S1].txt
Gelöscht : C:\Users\Robi\Desktop\JRT.txt
Gelöscht : C:\Users\Robi\Downloads\adwcleaner.exe
Gelöscht : C:\Users\Robi\Downloads\Extras.Txt
Gelöscht : C:\Users\Robi\Downloads\JRT(1).exe
Gelöscht : C:\Users\Robi\Downloads\JRT.exe
Gelöscht : C:\Users\Robi\Downloads\OTL.Txt
Gelöscht : C:\Users\Robi\Downloads\OTL(1).exe
Gelöscht : C:\Users\Robi\Downloads\OTL(2).exe
Gelöscht : C:\Users\Robi\Downloads\OTL.exe
Gelöscht : C:\Users\Robi\Downloads\SecurityCheck(1).exe
Gelöscht : C:\Users\Robi\Downloads\SecurityCheck.exe

~~~~~~ Registrierungsdatenbank ~~~~~~

Schlüssel gelöscht : HKLM\SOFTWARE\OldTimer Tools
Schlüssel gelöscht : HKLM\SOFTWARE\AdwCleaner
Schlüssel gelöscht : HKLM\SOFTWARE\Swearware

~~~~~~ Sonstiges ~~~~~~

-> Prefetch Geleert

*************************

DelFix[S1].txt - [1199 octets] - [23/11/2012 22:17:23]

########## EOF - C:\DelFix[S1].txt - [1323 octets] ##########
Was ist defogger oder wo sehe ich das und ESET?:/

ryder 23.11.2012 22:31
Da steht "falls"

und ESET haben wir irgendwie übersehen :D

Kevinator941 23.11.2012 22:32
Ich danke dir für diese nette und sehr hilfsreiche Hilfe!! :)
Ich werde auf jeden fall etwas spenden!
Die letzte frage die ich noch habe, ist wo ich den adobe flash player jetzt runterladen soll?
Mit freundlichem gruß Kevin!:)

ryder 23.11.2012 22:35
Der Link in meinem letzten Post müßte funktoinieren.

Schön, dass wir helfen konnten :abklatsch:

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:31 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131