Internetseiten-Fehler

Kevinator941 · 21.11.2012, 11:08

Hallo Leute,
mein Problem ist, wenn ich Mozilla Firefox öffne kommt als Startseite Google, was ja noch richtig ist. Wenn man bei Google dann den gewünschten Suchbegriff eingibt zeigt dieser ja mehrere Links zu dem Begriff. Nun das Problem : Klicke ich auf den gewünschten Link dann dauert es einen kurzen moment und dann leitet (Google?) mich auf andere Werbeseiten wie z.B. "Gamezone" oder so. Es ist nicht immer so aber zu 80%. Was ist das und wer kann mir vielleicht helfen?
Danke schonmal im vorraus!

Kevin

ryder · 21.11.2012, 18:16

Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich.

Zitat:

Lesestoff:
Regeln für die Bereinigung
Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
Bitte arbeite alle Schritte der Reihe nach ab. Gib mir bitte zu jedem Schritt Rückmeldung (Logfile oder Antwort), aber gesammelt, wenn du alles erledig hast.

Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.

Bitte kein Crossposting (posten in mehreren Foren).

Installiere oder Deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.

Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.

Poste die Logfiles direkt in deinen Thread (möglichst in Code-Tags). Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Mache deinen Namen nur dann unkenntlich, wenn es unbedingt sein muss.

Sollte ich nicht nach 3 Tagen geantwortet haben, dann (und nur dann) schicke mir bitte eine PM.

Eine Bitte: Mache bitte solange mit, bis ich oder ein anderer Helfer dir mitteilt, dass du "sauber" bist. Das gebietet alleine schon die Höflichkeit und ein Verschwinden der Symptome bedeutet nicht, dass die Schädlinge auch wirklich alle entfernt wurden.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.

Wenn du das alles gelesen und verstanden hast, kannst du loslegen!

Schritt 1:
In das inifizierte Benutzerkonto einloggen

Schritt 2:
Customscan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Starte bitte die OTL.exe.

Stelle folgendes ein:
Haken bei "Alle Benutzer scannen" und "Inklusive 64bit Scans"

Ausgabe: Minimal

Benutze SafeList in jedem Feld.

Haken bei "Benutze Hersteller-Whitelist"

Dateien erstellt und verändert innerhalb Datei-Alter

Haken bei LOP Prüfung und Purity Prüfung

Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.exe
%PROGRAMFILES(X86)%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /10
%appdata%\*. 
%appdata%\*.* 
%appdata%\*.exe /s
%localappdata%\*. 
%localappdata%\*.*
%localappdata%\*.exe /s
%allusersprofile%\*. 
%allusersprofile%\*.*
%allusersprofile%\*.exe /s
CREATERESTOREPOINT
         
Schliesse bitte nun alle Programme. (Wichtig)

Klicke nun bitte auf den Scan Button.

Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread (möglichst in CODE-Tags)

Kevinator941 · 23.11.2012, 15:51

OTL logfile created on: 11/23/2012 3:17:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Robi\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

764.56 Mb Total Physical Memory | 416.65 Mb Available Physical Memory | 54.50% Memory free
1.79 Gb Paging File | 0.74 Gb Available in Paging File | 41.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 215.59 Gb Total Space | 80.42 Gb Free Space | 37.30% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 0.00 Gb Free Space | 0.12% Space Free | Partition Type: FAT32

Computer Name: ROBI-HP | User Name: Robi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Robi\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Remote Mouse\server\server.exe ()
PRC - C:\Program Files\Remote Mouse\RemoteMouse.exe ()
PRC - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\System32\atibtmon.exe (Advanced Micro Devices, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()

========== Modules (No Company Name) ==========

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Program Files\Remote Mouse\server\server.exe ()
MOD - C:\Program Files\Remote Mouse\RemoteMouse.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Remote Mouse\server\win32gui.pyd ()
MOD - C:\Program Files\Remote Mouse\server\win32api.pyd ()
MOD - C:\Program Files\Remote Mouse\server\pywintypes26.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_de_b77a5c561934e089\System.Core.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\hpCASLLibrary\3.0.1.1__67b8d1b5179ba5f8\hpCASLLibrary.dll ()
MOD - C:\Program Files\Remote Mouse\server\_ctypes.pyd ()
MOD - C:\Program Files\Remote Mouse\server\_ssl.pyd ()
MOD - C:\Program Files\Remote Mouse\server\_socket.pyd ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Remote Mouse\server\autopy.mouse.pyd ()
MOD - C:\Program Files\Remote Mouse\server\autopy.key.pyd ()
MOD - C:\Program Files\RocketDock\RocketDock.exe ()
MOD - C:\Program Files\RocketDock\RocketDock.dll ()

========== Services (SafeList) ==========

SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe File not found
SRV - (SystemStoreService) -- C:\Program Files\Freetec\SystemStore\SystemStore.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\stacsv.exe (IDT, Inc.)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (hpHotkeyMonitor) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\AEstSrv.exe (Andrea Electronics Corporation)

========== Driver Services (SafeList) ==========

DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (mv2) -- C:\Windows\System32\drivers\mv2.sys (UVNC BVBA)
DRV - (SMARTMouseFilterx86) -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys (SMART Technologies ULC)
DRV - (SMARTVTabletPCx86) -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys (SMART Technologies ULC)
DRV - (SMARTVHidMini2000x86) -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys (SMART Technologies ULC)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (rtsuvc) -- C:\Windows\System32\drivers\rtsuvc.sys (Realtek Semiconductor Corp.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ChatZum Search
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {0f369707-379f-46df-a5c5-d04390f3459b} - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{531795A6-54C6-47E1-8ED6-34F290D57429}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 04 00 5E 03 0F 00 00 00 12 D2 81 26 01 00 00 80 06 00 5E 03 00 00 00 00 [binary data]
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\URLSearchHook: {0f369707-379f-46df-a5c5-d04390f3459b} - No CLSID value found
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - No CLSID value found
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes,DefaultScope = {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110824&tt=4712_6&babsrc=SP_ss&mntrId=ac513dbf000000000000002682cb6ddb
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes\{531795A6-54C6-47E1-8ED6-34F290D57429}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes\{7FA1E07F-182B-4840-8746-1D4F740CCBA3}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=2eddcdec-482e-487e-b9d2-d337c083fa0c&apn_sauid=16503CEE-24EC-4F95-9BC2-30168582F901
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://search.chatzum.com/?q={SearchTerms}
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..CT2481020.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Firefox Add-ons"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.10
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:4.1.1.5
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"

FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/28 18:46:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/28 18:46:47 | 000,000,000 | ---D | M]

[2011/02/18 16:52:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\Extensions
[2012/11/23 14:59:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\Firefox\Profiles\e7qdcxpt.default\extensions
[2012/11/20 22:21:57 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\Users\Robi\AppData\Roaming\mozilla\Firefox\Profiles\e7qdcxpt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/11/23 14:59:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\Firefox\Profiles\e7qdcxpt.default\extensions\staged
[2012/11/20 22:21:19 | 000,111,107 | ---- | M] () (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\extensions\extension@preispilot.com.xpi
[2012/10/11 12:06:25 | 000,281,285 | ---- | M] () (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2012/11/20 22:21:56 | 000,035,785 | ---- | M] () (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012/11/23 14:59:58 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/11/23 14:59:45 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\extensions\staged\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012/11/21 18:14:00 | 000,002,497 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\browsemngr.xml
[2012/11/21 11:53:59 | 000,001,632 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\firefox-add-ons.xml
[2012/11/21 18:14:00 | 000,000,828 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\icqplugin-2.xml
[2012/11/21 18:14:00 | 000,000,828 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\icqplugin-3.xml
[2012/11/21 18:14:00 | 000,000,828 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\icqplugin-4.xml
[2012/11/21 18:14:00 | 000,000,828 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\icqplugin-5.xml
[2012/11/21 18:14:00 | 000,000,828 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\icqplugin-6.xml
[2012/11/21 18:14:00 | 000,000,842 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\mozilla\firefox\profiles\e7qdcxpt.default\searchplugins\icqplugin.xml
[2012/10/28 18:46:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/10/28 18:46:51 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/16 18:51:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/15 15:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012/11/21 18:14:00 | 000,001,400 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/11/21 18:14:00 | 000,002,173 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/11/21 18:14:00 | 000,001,679 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/21 18:14:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/11/21 18:14:00 | 000,006,818 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/12/25 19:11:09 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src
[2012/11/20 12:32:01 | 000,001,278 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/11/21 18:14:00 | 000,000,903 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0f369707-379f-46df-a5c5-d04390f3459b} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - No CLSID value found.
O3 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\Toolbar\WebBrowser: (no name) - {0F369707-379F-46DF-A5C5-D04390F3459B} - No CLSID value found.
O3 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [Remote Mouse] C:\Program Files\Remote Mouse\RemoteMouse.exe ()
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [SystemExplorerAutoStart] "C:\Program Files\System Explorer\SystemExplorer.exe" /TRAY File not found
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\Run: [Tonido] "C:\Users\Robi\AppData\Roaming\Tonido\launcher.exe" /nobrowser File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001..\RunOnce: [FlashPlayerUpdate] C:\windows\System32\Macromed\Flash\FlashUtil32_11_4_402_265_Plugin.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2944064596-2206248867-496890886-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Robi\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Robi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4FCF358-0D16-48CE-8144-1A6C7EBEBD6C}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{08e171f4-0894-11e1-ae71-70f395cd17d6}\Shell - "" = AutoRun
O33 - MountPoints2\{08e171f4-0894-11e1-ae71-70f395cd17d6}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{1b084906-b87f-11e0-afee-70f395cd17d6}\Shell - "" = AutoRun
O33 - MountPoints2\{1b084906-b87f-11e0-afee-70f395cd17d6}\Shell\AutoRun\command - "" = I:\SETUP.EXE
O33 - MountPoints2\{1b084906-b87f-11e0-afee-70f395cd17d6}\Shell\configure\command - "" = I:\SETUP.EXE
O33 - MountPoints2\{1b084906-b87f-11e0-afee-70f395cd17d6}\Shell\install\command - "" = I:\SETUP.EXE
O33 - MountPoints2\{1b08492c-b87f-11e0-afee-70f395cd17d6}\Shell - "" = AutoRun
O33 - MountPoints2\{1b08492c-b87f-11e0-afee-70f395cd17d6}\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\{31e487ea-845d-11e0-a0d1-70f395cd17d6}\Shell - "" = AutoRun
O33 - MountPoints2\{31e487ea-845d-11e0-a0d1-70f395cd17d6}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{31e48800-845d-11e0-a0d1-70f395cd17d6}\Shell - "" = AutoRun
O33 - MountPoints2\{31e48800-845d-11e0-a0d1-70f395cd17d6}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{702b32a5-f1d6-11e1-9117-70f395cd17d6}\Shell - "" = AutoRun
O33 - MountPoints2\{702b32a5-f1d6-11e1-9117-70f395cd17d6}\Shell\AutoRun\command - "" = D:\Startme.exe
O33 - MountPoints2\{a5983634-a092-11e0-a5dc-70f395cd17d6}\Shell - "" = AutoRun
O33 - MountPoints2\{a5983634-a092-11e0-a5dc-70f395cd17d6}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{a598363f-a092-11e0-a5dc-70f395cd17d6}\Shell - "" = AutoRun
O33 - MountPoints2\{a598363f-a092-11e0-a5dc-70f395cd17d6}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{afb8bd0e-b0af-11e0-b94b-70f395cd17d6}\Shell - "" = AutoRun
O33 - MountPoints2\{afb8bd0e-b0af-11e0-b94b-70f395cd17d6}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{afb8bd19-b0af-11e0-b94b-70f395cd17d6}\Shell - "" = AutoRun
O33 - MountPoints2\{afb8bd19-b0af-11e0-b94b-70f395cd17d6}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{c757b64d-2b10-11e0-bb70-70f395cd17d6}\Shell - "" = AutoRun
O33 - MountPoints2\{c757b64d-2b10-11e0-bb70-70f395cd17d6}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{c757b65a-2b10-11e0-bb70-70f395cd17d6}\Shell - "" = AutoRun
O33 - MountPoints2\{c757b65a-2b10-11e0-bb70-70f395cd17d6}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{c757b6d4-2b10-11e0-bb70-70f395cd17d6}\Shell - "" = AutoRun
O33 - MountPoints2\{c757b6d4-2b10-11e0-bb70-70f395cd17d6}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{d8911338-8222-11e0-a14d-002682cb6ddb}\Shell - "" = AutoRun
O33 - MountPoints2\{d8911338-8222-11e0-a14d-002682cb6ddb}\Shell\AutoRun\command - "" = D:\laucher.exe
O33 - MountPoints2\{e7f8fdef-1b6f-11e1-a6de-70f395cd17d6}\Shell - "" = AutoRun
O33 - MountPoints2\{e7f8fdef-1b6f-11e1-a6de-70f395cd17d6}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{e7f8fdf3-1b6f-11e1-a6de-70f395cd17d6}\Shell - "" = AutoRun
O33 - MountPoints2\{e7f8fdf3-1b6f-11e1-a6de-70f395cd17d6}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2B9268EE-8B1B-DB49-CE17-85553FB2DE6D} - Internet Explorer
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9C8AC2D4-98F3-46ED-7D1E-5256B13F43C7} - Microsoft Windows Media Player 12.0
ActiveX: {B158681E-71E9-7278-2A49-DF3D4F8C73FD} - Internet Explorer
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^Users^Robi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - - File not found
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: Google Update - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - File not found
MsConfig - StartUpReg: PDF Complete - hkey= - key= - C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
MsConfig - StartUpReg: RocketDock - hkey= - key= - C:\Program Files\RocketDock\RocketDock.exe ()
MsConfig - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
MsConfig - State: "bootini" - 2
MsConfig - State: "startup" - 2

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.IV41 - C:\windows\System32\ir41_32.ax (Intel Corporation)

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/22 12:16:43 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\{56F4D31D-2F68-4B81-8FE6-4F6101085ECD}
[2012/11/22 11:55:12 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\{66E052C8-5437-413C-8AC1-0CB48B0DB0BA}
[2012/11/21 18:14:00 | 000,000,000 | ---D | C] -- C:\windows\System32\IO
[2012/11/21 16:06:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/11/21 11:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/11/21 11:43:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/11/20 12:32:34 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\windows\System32\dhRichClient3.dll
[2012/11/20 12:32:11 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Roaming\DesktopIconForAmazon
[2012/11/20 12:32:01 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Roaming\Opera
[2012/11/20 12:31:51 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Roaming\OCS
[2012/11/20 12:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\SelfUpdater
[2012/11/20 11:58:43 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Roaming\Bloson
[2012/11/20 11:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/11/20 11:57:53 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\Wajam
[2012/11/19 17:21:17 | 000,000,000 | ---D | C] -- C:\Users\Robi\Desktop\päda filmr fotos
[2012/11/17 22:23:11 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\WdfLdr.sys
[2012/11/17 22:23:11 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Wdfres.dll
[2012/11/17 22:22:39 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFPlatform.dll
[2012/11/17 22:22:38 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFx.dll
[2012/11/17 22:22:38 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFCoinstaller.dll
[2012/11/17 22:20:23 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/11/17 22:20:22 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2012/11/17 22:20:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/11/17 22:20:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012/11/17 22:20:22 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/11/17 22:20:20 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012/11/17 22:20:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/11/17 22:20:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012/11/17 20:48:26 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netcorehc.dll
[2012/11/17 20:48:26 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncsi.dll
[2012/11/17 20:48:26 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netevent.dll
[2012/11/17 20:48:17 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\synceng.dll
[2012/11/17 20:48:12 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/11/17 20:48:10 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dhcpcore6.dll
[2012/11/17 20:48:10 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dhcpcsvc6.dll
[2012/11/09 06:36:20 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\{23ABBB6E-6153-4E10-9C0F-8A4C7CFA2B33}
[2012/11/08 12:36:46 | 000,000,000 | ---D | C] -- C:\Users\Robi\Documents\GTA San Andreas User Files
[2012/11/08 08:04:59 | 000,000,000 | ---D | C] -- C:\Users\Robi\AppData\Local\{449D7202-ACCA-46FD-A049-6FA5561DDDE6}
[2012/11/07 16:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2012/10/28 18:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/03/15 16:12:29 | 000,885,024 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Robi\JavaSetup6u24.exe
[2011/02/17 19:45:10 | 008,417,616 | ---- | C] (Mozilla) -- C:\Users\Robi\Firefox_Setup_3.6.13.exe
[2011/02/07 17:25:15 | 060,458,664 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Program Files\FreeStudio.exe
[2011/01/30 18:36:11 | 008,417,616 | ---- | C] (Mozilla) -- C:\Program Files\Firefox.exe
[10 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/23 15:25:11 | 004,718,592 | ---- | M] () -- C:\Users\Robi\ntuser.dat
[2012/11/23 15:01:47 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 15:01:46 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 15:01:39 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012/11/23 15:01:38 | 000,000,088 | RHS- | M] () -- C:\ProgramData\32C99DC932.sys
[2012/11/23 14:50:23 | 000,000,314 | ---- | M] () -- C:\windows\tasks\asilfsat.job
[2012/11/23 14:50:12 | 000,016,384 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2012/11/23 14:50:10 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2012/11/23 14:50:06 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/11/23 14:49:58 | 801,697,792 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/22 13:46:00 | 002,544,613 | -H-- | M] () -- C:\Users\Robi\AppData\Local\IconCache.db
[2012/11/22 13:21:13 | 000,007,250 | ---- | M] () -- C:\Users\Robi\Documents\Pädagogik Projekt.wlmp
[2012/11/22 12:21:02 | 001,500,254 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2012/11/22 12:21:02 | 000,654,844 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/11/22 12:21:02 | 000,616,686 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/11/22 12:21:02 | 000,130,426 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/11/22 12:21:02 | 000,106,808 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/11/21 23:05:20 | 000,211,168 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim 09.07.2012 - 03.08.2012.jpg
[2012/11/21 23:03:25 | 000,203,440 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim 02.04.2012 - 13.04.2012.jpg
[2012/11/21 23:01:38 | 000,370,461 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Diakonie 02.01.2012 - 06.01.2012.jpg
[2012/11/21 22:59:28 | 000,361,755 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim schulisch 21.03.2011 - 08.04.2011.jpg
[2012/11/21 22:57:34 | 000,327,275 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Kindergarten 15.11.2010 - 03.12.2010.jpg
[2012/11/21 22:52:42 | 000,289,663 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim 11.10.2010 - 22.10.2010.jpg
[2012/11/21 22:50:54 | 000,276,004 | ---- | M] () -- C:\Users\Robi\Desktop\Praktika Altenheim 26.07.2010 - 13.08.2010.jpg
[2012/11/21 22:47:21 | 000,343,463 | ---- | M] () -- C:\Users\Robi\Desktop\Halbjahreszeugnis der Fachhochschulreife 2.jpg
[2012/11/21 22:45:59 | 000,306,644 | ---- | M] () -- C:\Users\Robi\Desktop\Halbjahreszeugnis der Fachhochschulreife 1.jpg
[2012/11/21 22:43:07 | 000,180,681 | ---- | M] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 4.jpg
[2012/11/21 22:41:51 | 000,292,828 | ---- | M] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 3.jpg
[2012/11/21 22:40:39 | 000,234,454 | ---- | M] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 2.jpg
[2012/11/21 22:39:14 | 000,240,593 | ---- | M] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 1.jpg
[2012/11/21 22:37:58 | 000,337,336 | ---- | M] () -- C:\Users\Robi\Desktop\Arbeits und Sozialverhalten.jpg
[2012/11/21 16:27:40 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2012/11/18 19:25:53 | 000,076,784 | ---- | M] () -- C:\Users\Robi\AppData\Local\GDIPFONTCACHEV1.DAT
[2012/11/18 19:23:40 | 000,339,296 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/11/17 22:19:49 | 000,000,867 | ---- | M] () -- C:\windows\win.ini
[2012/11/09 08:38:08 | 000,000,316 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForRobi.job
[2012/11/07 16:19:00 | 000,119,300 | -H-- | M] () -- C:\windows\System32\mlfcache.dat
[2012/11/03 11:35:40 | 000,000,017 | ---- | M] () -- C:\windows\System32\shortcut_ex.dat
[10 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/22 13:21:13 | 000,007,250 | ---- | C] () -- C:\Users\Robi\Documents\Pädagogik Projekt.wlmp
[2012/11/21 23:05:20 | 000,211,168 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim 09.07.2012 - 03.08.2012.jpg
[2012/11/21 23:03:25 | 000,203,440 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim 02.04.2012 - 13.04.2012.jpg
[2012/11/21 23:01:37 | 000,370,461 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Diakonie 02.01.2012 - 06.01.2012.jpg
[2012/11/21 22:59:28 | 000,361,755 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim schulisch 21.03.2011 - 08.04.2011.jpg
[2012/11/21 22:57:34 | 000,327,275 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Kindergarten 15.11.2010 - 03.12.2010.jpg
[2012/11/21 22:52:41 | 000,289,663 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim 11.10.2010 - 22.10.2010.jpg
[2012/11/21 22:50:54 | 000,276,004 | ---- | C] () -- C:\Users\Robi\Desktop\Praktika Altenheim 26.07.2010 - 13.08.2010.jpg
[2012/11/21 22:47:21 | 000,343,463 | ---- | C] () -- C:\Users\Robi\Desktop\Halbjahreszeugnis der Fachhochschulreife 2.jpg
[2012/11/21 22:45:59 | 000,306,644 | ---- | C] () -- C:\Users\Robi\Desktop\Halbjahreszeugnis der Fachhochschulreife 1.jpg
[2012/11/21 22:43:07 | 000,180,681 | ---- | C] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 4.jpg
[2012/11/21 22:41:50 | 000,292,828 | ---- | C] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 3.jpg
[2012/11/21 22:40:39 | 000,234,454 | ---- | C] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 2.jpg
[2012/11/21 22:39:13 | 000,240,593 | ---- | C] () -- C:\Users\Robi\Desktop\Zeugnis der Fachhochschulreife 1.jpg
[2012/11/21 22:37:57 | 000,337,336 | ---- | C] () -- C:\Users\Robi\Desktop\Arbeits und Sozialverhalten.jpg
[2012/11/20 12:32:34 | 000,338,432 | ---- | C] () -- C:\windows\System32\sqlite36_engine.dll
[2012/11/17 22:23:14 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/17 22:22:38 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/07 16:07:32 | 000,002,491 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2012/11/03 11:35:40 | 000,000,017 | ---- | C] () -- C:\windows\System32\shortcut_ex.dat
[2012/09/17 21:10:21 | 000,524,288 | -HS- | C] () -- C:\Users\Robi\ntuser.dat{1053e764-0103-11e2-9662-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2012/09/17 21:10:21 | 000,524,288 | -HS- | C] () -- C:\Users\Robi\ntuser.dat{1053e764-0103-11e2-9662-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2012/09/17 21:10:21 | 000,065,536 | -HS- | C] () -- C:\Users\Robi\ntuser.dat{1053e764-0103-11e2-9662-806e6f6e6963}.TM.blf
[2012/09/17 21:02:28 | 000,001,652 | ---- | C] () -- C:\windows\System32\ASOROSet.bin
[2012/09/03 20:25:13 | 000,000,193 | ---- | C] () -- C:\windows\WORDPAD.INI
[2012/07/22 19:46:16 | 000,000,000 | ---- | C] () -- C:\windows\appXYqt3.ini
[2012/06/17 23:40:45 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r06
[2012/06/17 23:40:43 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r05
[2012/06/17 23:40:43 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r04
[2012/06/17 23:40:39 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r03
[2012/06/17 23:40:39 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r02
[2012/06/17 23:40:39 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r01
[2012/06/17 23:40:38 | 015,000,000 | ---- | C] () -- C:\Users\Robi\aoe-project.r00
[2012/06/17 23:40:38 | 000,009,006 | ---- | C] () -- C:\Users\Robi\aoe-project.nfo
[2012/05/13 18:11:07 | 000,119,300 | -H-- | C] () -- C:\windows\System32\mlfcache.dat
[2012/04/27 17:19:28 | 000,027,969 | ---- | C] () -- C:\Users\Robi\AppData\Roaming\UserTile.png
[2012/04/24 10:12:02 | 000,139,264 | ---- | C] () -- C:\windows\System32\usbceipi.dll
[2012/04/23 21:10:30 | 000,524,288 | -HS- | C] () -- C:\Users\Robi\ntuser.dat{6e5fe737-8d7e-11e1-bc0d-70f395cd17d6}.TMContainer00000000000000000002.regtrans-ms
[2012/04/23 21:10:29 | 000,524,288 | -HS- | C] () -- C:\Users\Robi\ntuser.dat{6e5fe737-8d7e-11e1-bc0d-70f395cd17d6}.TMContainer00000000000000000001.regtrans-ms
[2012/04/23 21:10:28 | 000,065,536 | -HS- | C] () -- C:\Users\Robi\ntuser.dat{6e5fe737-8d7e-11e1-bc0d-70f395cd17d6}.TM.blf
[2012/03/26 14:50:10 | 000,524,288 | -HS- | C] () -- C:\Users\Robi\ntuser.dat{4fead9e9-7747-11e1-86aa-70f395cd17d6}.TMContainer00000000000000000002.regtrans-ms
[2012/03/26 14:50:10 | 000,524,288 | -HS- | C] () -- C:\Users\Robi\ntuser.dat{4fead9e9-7747-11e1-86aa-70f395cd17d6}.TMContainer00000000000000000001.regtrans-ms
[2012/03/26 14:50:09 | 000,065,536 | -HS- | C] () -- C:\Users\Robi\ntuser.dat{4fead9e9-7747-11e1-86aa-70f395cd17d6}.TM.blf
[2012/03/20 21:21:18 | 000,000,046 | ---- | C] () -- C:\windows\QTW.INI
[2012/03/09 09:15:19 | 000,524,288 | -HS- | C] () -- C:\Users\Robi\ntuser.dat{f3a25e61-69bf-11e1-903e-70f395cd17d6}.TMContainer00000000000000000002.regtrans-ms
[2012/03/09 09:15:19 | 000,524,288 | -HS- | C] () -- C:\Users\Robi\ntuser.dat{f3a25e61-69bf-11e1-903e-70f395cd17d6}.TMContainer00000000000000000001.regtrans-ms
[2012/03/09 09:15:19 | 000,065,536 | -HS- | C] () -- C:\Users\Robi\ntuser.dat{f3a25e61-69bf-11e1-903e-70f395cd17d6}.TM.blf
[2012/02/21 10:51:49 | 000,000,190 | ---- | C] () -- C:\windows\cncscore.ini
[2012/02/17 18:30:29 | 000,286,720 | ---- | C] () -- C:\windows\vsnpstd.exe
[2012/02/17 18:30:28 | 000,053,248 | ---- | C] () -- C:\windows\System32\dsnpstd.dll
[2012/02/17 18:30:19 | 000,061,440 | ---- | C] ( ) -- C:\windows\System32\rsnpstd.dll
[2012/01/29 21:29:47 | 000,000,109 | ---- | C] () -- C:\windows\disney.ini
[2011/11/17 19:11:31 | 000,000,236 | ---- | C] () -- C:\ProgramData\{5CAFA1B7-9EEF-4cc7-B9F7-9DDB3DAA679E}
[2011/10/26 16:04:43 | 000,139,152 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys
[2011/10/26 16:04:43 | 000,139,152 | ---- | C] () -- C:\Users\Robi\AppData\Roaming\PnkBstrK.sys
[2011/10/26 16:04:32 | 000,111,928 | ---- | C] () -- C:\windows\System32\PnkBstrB.exe
[2011/10/26 16:04:14 | 002,793,768 | ---- | C] () -- C:\windows\System32\pbsvc.exe
[2011/10/26 16:04:14 | 000,066,872 | ---- | C] () -- C:\windows\System32\PnkBstrA.exe
[2011/08/02 10:34:12 | 000,000,528 | R--- | C] () -- C:\Program Files\MediaID.bin
[2011/07/27 19:48:14 | 000,021,840 | ---- | C] () -- C:\windows\System32\SIntfNT.dll
[2011/07/27 19:48:14 | 000,017,212 | ---- | C] () -- C:\windows\System32\SIntf32.dll
[2011/07/27 19:48:14 | 000,012,067 | ---- | C] () -- C:\windows\System32\SIntf16.dll
[2011/07/27 19:46:30 | 000,000,228 | ---- | C] () -- C:\windows\SIERRA.INI
[2011/07/21 21:18:46 | 000,000,236 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51}
[2011/07/02 23:43:21 | 000,053,600 | ---- | C] () -- C:\windows\System32\dosx.exe
[2011/06/23 21:02:37 | 000,137,216 | ---- | C] () -- C:\windows\epuninstall.exe
[2011/04/24 17:21:37 | 000,000,032 | ---- | C] () -- C:\windows\Menu.INI
[2011/04/09 20:30:55 | 000,001,849 | ---- | C] () -- C:\Users\Robi\AppData\Roaming\GhostObjGAFix.xml
[2011/03/26 12:21:10 | 000,524,288 | -HS- | C] () -- C:\Users\Robi\NTUSER.DAT{0c0f6de5-579b-11e0-b54f-70f395cd17d6}.TMContainer00000000000000000002.regtrans-ms
[2011/03/26 12:21:09 | 000,524,288 | -HS- | C] () -- C:\Users\Robi\NTUSER.DAT{0c0f6de5-579b-11e0-b54f-70f395cd17d6}.TMContainer00000000000000000001.regtrans-ms
[2011/03/26 12:21:09 | 000,065,536 | -HS- | C] () -- C:\Users\Robi\NTUSER.DAT{0c0f6de5-579b-11e0-b54f-70f395cd17d6}.TM.blf
[2011/03/14 15:18:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/30 19:14:14 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2011/01/28 23:32:42 | 000,000,088 | RHS- | C] () -- C:\ProgramData\32C99DC932.sys
[2011/01/28 23:32:28 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/01/28 21:39:21 | 002,544,613 | -H-- | C] () -- C:\Users\Robi\AppData\Local\IconCache.db
[2011/01/28 20:11:47 | 000,076,784 | ---- | C] () -- C:\Users\Robi\AppData\Local\GDIPFONTCACHEV1.DAT
[2011/01/28 20:05:33 | 000,524,288 | -HS- | C] () -- C:\Users\Robi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2011/01/28 20:05:33 | 000,524,288 | -HS- | C] () -- C:\Users\Robi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2011/01/28 20:05:33 | 000,065,536 | -HS- | C] () -- C:\Users\Robi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2011/01/28 20:05:32 | 004,980,736 | -HS- | C] () -- C:\Users\Robi\ntuser.dat.bak
[2011/01/28 20:05:32 | 004,718,592 | ---- | C] () -- C:\Users\Robi\ntuser.dat
[2011/01/28 20:05:32 | 000,000,020 | -HS- | C] () -- C:\Users\Robi\ntuser.ini

========== ZeroAccess Check ==========

[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/08/17 20:21:18 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Ashampoo
[2012/02/28 18:20:46 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Babylon
[2012/11/20 22:27:52 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Bloson
[2012/04/30 23:09:02 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\DAEMON Tools Lite
[2011/11/17 19:11:18 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Degener
[2012/11/21 18:15:02 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\DesktopIconForAmazon
[2012/10/05 19:28:29 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\DVDVideoSoft
[2012/09/16 20:20:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/06/23 14:49:05 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\GetRightToGo
[2012/03/24 23:38:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Lazy 8 Studios
[2011/10/14 16:23:36 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Leadertech
[2012/03/15 21:07:58 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\loadtbs
[2012/11/20 12:31:51 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\OCS
[2012/10/20 18:24:51 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\OpenCandy
[2012/04/16 18:56:37 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\OpenOffice.org
[2012/11/20 12:32:01 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Opera
[2012/04/07 19:19:43 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Rovio
[2012/04/24 18:48:13 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SMART Technologies
[2012/04/24 10:50:20 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SMART Technologies Inc
[2012/09/17 13:56:22 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SoftGrid Client
[2011/10/01 14:10:46 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SpringLobby
[2011/10/01 14:10:22 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\springsettings
[2011/01/30 08:27:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\supertuxkart
[2012/10/13 12:08:44 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Systweak
[2011/10/24 17:13:10 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Teeworlds
[2012/10/14 14:02:11 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Tonido
[2012/02/11 16:50:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\toolplugin
[2011/01/28 23:08:32 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\TP
[2011/05/02 22:00:52 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Visan
[2011/10/01 11:23:10 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Windows Live Writer
[2012/03/25 22:34:27 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Windows SideBar

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2011/01/28 20:12:52 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010/09/09 20:25:48 | 000,000,000 | ---D | M] -- C:\6b4adc41778d39ee87afcdf02bbacb6c
[2010/09/09 19:47:22 | 000,000,000 | ---D | M] -- C:\amd64
[2010/04/25 09:41:22 | 000,000,000 | -HSD | M] -- C:\boot
[2012/11/21 11:45:08 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009/07/14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010/09/09 10:49:15 | 000,000,000 | ---D | M] -- C:\EFI
[2011/05/03 19:12:37 | 000,000,000 | ---D | M] -- C:\GTA Vice City User Files
[2010/09/09 20:56:48 | 000,000,000 | -H-D | M] -- C:\hp
[2011/02/12 22:50:39 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009/07/14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/11/21 18:15:10 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/11/21 16:48:53 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010/04/25 08:48:57 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012/07/26 02:12:21 | 000,000,000 | ---D | M] -- C:\Sierra
[2012/02/05 21:55:53 | 000,000,000 | ---D | M] -- C:\swsetup
[2012/11/23 15:21:02 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/01/28 21:33:17 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV
[2011/01/28 20:05:31 | 000,000,000 | R--D | M] -- C:\Users
[2012/11/21 16:32:56 | 000,000,000 | ---D | M] -- C:\Windows
[2010/09/09 19:47:22 | 000,000,000 | ---D | M] -- C:\x86

< %SYSTEMDRIVE%\*.* >
[2012/02/03 15:11:10 | 000,000,000 | ---- | M] () -- C:\AILog.txt
[2011/11/07 15:49:03 | 000,356,420 | ---- | M] () -- C:\AnalysisLog.sr0
[2009/07/14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2012/08/30 00:15:30 | 003,782,214 | ---- | M] () -- C:\chatzum_nt.exe
[1997/02/17 11:37:54 | 000,171,520 | ---- | M] (Europress Software) -- C:\CNCS32.dll
[2012/08/17 20:22:33 | 000,000,009 | ---- | M] () -- C:\END
[2012/11/23 14:49:58 | 801,697,792 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/19 15:30:55 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/02/18 00:05:09 | 000,000,601 | ---- | M] () -- C:\MFW0.xml
[2011/03/04 20:10:52 | 000,000,601 | ---- | M] () -- C:\MFW1.xml
[2011/03/06 18:39:32 | 000,000,601 | ---- | M] () -- C:\MFW2.xml
[2011/03/19 12:36:54 | 000,000,601 | ---- | M] () -- C:\MFW3.xml
[2011/03/23 23:00:18 | 000,000,601 | ---- | M] () -- C:\MFW4.xml
[2011/03/24 11:35:29 | 000,000,601 | ---- | M] () -- C:\MFW5.xml
[2011/03/27 21:55:58 | 000,000,601 | ---- | M] () -- C:\MFW6.xml
[2011/03/29 16:39:37 | 000,000,601 | ---- | M] () -- C:\MFW7.xml
[2011/05/19 15:30:55 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/11/23 15:04:07 | 1119,809,536 | -HS- | M] () -- C:\pagefile.sys
[2011/01/30 09:29:24 | 000,002,471 | ---- | M] () -- C:\pdfco.log
[2012/02/16 16:37:48 | 000,000,510 | ---- | M] () -- C:\settings.ini
[2009/10/19 23:43:50 | 000,047,104 | ---- | M] () -- C:\Thumbs.db
[2012/03/02 15:17:32 | 000,000,474 | ---- | M] () -- C:\user.js
[2011/12/29 15:33:31 | 000,000,979 | ---- | M] () -- C:\WinRAR.lnk

< %PROGRAMFILES%\*.exe >
[2011/01/30 18:36:13 | 008,417,616 | ---- | M] (Mozilla) -- C:\Program Files\Firefox.exe
[2011/02/04 17:17:44 | 060,458,664 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Program Files\FreeStudio.exe
Invalid Environment Variable: PROGRAMFILES(X86)

< %systemroot%\*. /mp /s >

< %windir%\installer\*. /10 >
[2012/11/20 12:03:48 | 000,000,000 | ---D | M] -- C:\windows\installer\MSIF4F2.tmp-
[2012/11/17 21:00:27 | 000,000,000 | ---D | M] -- C:\windows\installer\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}
[2012/11/17 21:00:28 | 000,000,000 | ---D | M] -- C:\windows\installer\{787D1A33-A97B-4245-87C0-7174609A540C}
[2012/11/17 22:24:14 | 000,000,000 | ---D | M] -- C:\windows\installer\{90140000-0018-0000-0000-0000000FF1CE}
[2012/11/17 22:24:36 | 000,000,000 | ---D | M] -- C:\windows\installer\{90140000-001B-0000-0000-0000000FF1CE}
[2012/11/17 22:24:45 | 000,000,000 | ---D | M] -- C:\windows\installer\{95140000-00AF-0407-0000-0000000FF1CE}

< %appdata%\*. >
[2011/01/28 22:22:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Adobe
[2012/11/07 16:09:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Apple Computer
[2012/08/17 20:21:18 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Ashampoo
[2011/01/28 20:14:17 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\ATI
[2012/09/23 08:12:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Avira
[2012/02/28 18:20:46 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Babylon
[2012/11/20 22:27:52 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Bloson
[2011/01/28 23:32:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Corel
[2012/09/03 20:28:37 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\CorelHomeOffice
[2012/04/30 23:09:02 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\DAEMON Tools Lite
[2011/11/17 19:11:18 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Degener
[2012/11/21 18:15:02 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\DesktopIconForAmazon
[2011/12/25 19:24:36 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\DivX
[2011/06/15 21:08:17 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\dvdcss
[2012/10/05 19:28:29 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\DVDVideoSoft
[2012/09/16 20:20:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/06/23 14:49:05 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\GetRightToGo
[2011/07/09 16:06:39 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Hewlett-Packard
[2012/06/26 10:22:13 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\hpqLog
[2012/11/17 21:08:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\HpUpdate
[2011/01/28 20:12:54 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Identities
[2012/03/24 23:38:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Lazy 8 Studios
[2011/10/14 16:23:36 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Leadertech
[2012/03/15 21:07:58 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\loadtbs
[2011/01/28 22:22:51 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Macromedia
[2012/10/13 16:51:46 | 000,000,000 | --SD | M] -- C:\Users\Robi\AppData\Roaming\Microsoft
[2011/02/18 16:52:08 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Mozilla
[2012/11/20 12:31:51 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\OCS
[2012/10/20 18:24:51 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\OpenCandy
[2012/04/16 18:56:37 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\OpenOffice.org
[2012/11/20 12:32:01 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Opera
[2012/04/07 19:19:43 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Rovio
[2012/09/16 19:09:05 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Roxio Log Files
[2011/07/21 21:15:47 | 000,000,000 | RH-D | M] -- C:\Users\Robi\AppData\Roaming\SecuROM
[2011/04/07 22:28:56 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Skype
[2011/03/14 16:05:47 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\skypePM
[2012/04/24 18:48:13 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SMART Technologies
[2012/04/24 10:50:20 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SMART Technologies Inc
[2012/09/17 13:56:22 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SoftGrid Client
[2011/10/01 14:10:46 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\SpringLobby
[2011/10/01 14:10:22 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\springsettings
[2011/01/30 08:27:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\supertuxkart
[2012/10/13 12:08:44 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Systweak
[2011/10/24 17:13:10 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Teeworlds
[2012/10/14 14:02:11 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Tonido
[2012/02/11 16:50:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\toolplugin
[2011/01/28 23:08:32 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\TP
[2012/01/23 08:35:19 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\U3
[2012/08/07 17:07:16 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\UltraVNC
[2011/05/02 22:00:52 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Visan
[2012/10/14 11:22:36 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\vlc
[2011/10/01 11:23:10 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Windows Live Writer
[2012/03/25 22:34:27 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\Windows SideBar
[2011/12/29 15:33:56 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Roaming\WinRAR

< %appdata%\*.* >
[2011/05/28 14:35:34 | 000,001,849 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\GhostObjGAFix.xml
[2011/10/26 16:04:43 | 000,139,152 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\PnkBstrK.sys
[2012/04/27 17:19:28 | 000,027,969 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\UserTile.png

< %appdata%\*.exe /s >
[2012/11/20 12:32:10 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\Robi\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe
[2012/03/07 13:45:24 | 001,242,112 | ---- | M] (InfiniAd GmbH) -- C:\Users\Robi\AppData\Roaming\loadtbs\uninstall.exe
[2012/02/09 12:05:06 | 000,694,784 | ---- | M] (InfiniAd GmbH) -- C:\Users\Robi\AppData\Roaming\loadtbs\ytdl.exe
[2011/12/11 18:13:50 | 003,763,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Robi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2012/03/24 23:38:17 | 000,176,730 | R--- | M] () -- C:\Users\Robi\AppData\Roaming\Microsoft\Installer\{3B1329C8-C239-45F8-A4A7-E4477A9B0FED}\_8AED56ACCE516E2F8F20BE.exe
[2012/03/24 23:38:18 | 000,176,730 | R--- | M] () -- C:\Users\Robi\AppData\Roaming\Microsoft\Installer\{3B1329C8-C239-45F8-A4A7-E4477A9B0FED}\_D1620478A9711C91595E58.exe
[2012/11/20 12:31:51 | 000,106,496 | ---- | M] (OCS) -- C:\Users\Robi\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2012/11/20 12:31:51 | 000,040,960 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
[2012/09/24 20:17:24 | 027,448,224 | ---- | M] (TuneUp Software) -- C:\Users\Robi\AppData\Roaming\OpenCandy\769CCBC6B0AD43259C4F3CAF6474461D\TuneUpUtilities2013_2200218_de-DE.exe
[2012/02/06 23:49:12 | 052,016,336 | ---- | M] (Rovio) -- C:\Users\Robi\AppData\Roaming\Rovio\Angry Birds Rio\updates\Update\AngryBirdsRioInstaller_1.4.2.exe
[2012/08/09 14:46:44 | 034,269,024 | ---- | M] (Rovio) -- C:\Users\Robi\AppData\Roaming\Rovio\Angry Birds Space\updates\Update\AngryBirdsSpaceInstaller_1.2.2.exe
[2011/08/04 17:04:56 | 046,370,928 | ---- | M] (Rovio) -- C:\Users\Robi\AppData\Roaming\Rovio\Angry Birds\updates\Update\AngryBirdsInstaller_1.6.2.exe
[2011/11/01 17:34:20 | 046,678,912 | ---- | M] (Rovio) -- C:\Users\Robi\AppData\Roaming\Rovio\Angry Birds\updates\Update\AngryBirdsInstaller_1.6.3.1.exe
[2012/02/11 18:26:14 | 041,044,728 | ---- | M] (Rovio) -- C:\Users\Robi\AppData\Roaming\Rovio\Angry Birds\updates\Update\AngryBirdsInstaller_2.0.2-1.exe
[2007/10/23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Robi\AppData\Roaming\U3\temp\cleanup.exe
[2008/05/02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\Robi\AppData\Roaming\U3\temp\Launchpad Removal.exe

< %localappdata%\*. >
[2011/01/28 20:05:33 | 000,000,000 | -HSD | M] -- C:\Users\Robi\AppData\Local\Anwendungsdaten
[2012/04/27 12:14:10 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Apple
[2012/11/07 16:09:44 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Apple Computer
[2012/08/17 20:21:10 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\ashampoo
[2011/01/28 20:14:17 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\ATI
[2011/01/28 20:13:27 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Broadcom
[2012/08/24 15:56:00 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Conduit
[2011/02/16 20:12:06 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\ConduitEngine
[2012/08/17 20:21:44 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\CRE
[2012/11/08 20:42:59 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Diagnostics
[2011/10/14 16:23:58 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Downloaded Installations
[2012/10/02 08:22:36 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\ElevatedDiagnostics
[2012/10/20 18:28:06 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Freetec
[2011/02/16 20:12:06 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Funload.de
[2012/10/13 12:04:43 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Google
[2012/03/25 00:02:14 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Halfbrick
[2011/02/20 18:53:23 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Hewlett-Packard
[2011/05/02 21:12:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\HP
[2012/03/25 00:00:17 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Intel
[2012/09/16 20:33:18 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Macromedia
[2012/11/07 17:09:11 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Microsoft
[2011/09/08 17:33:02 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Microsoft Games
[2012/10/13 13:41:27 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Microsoft Help
[2011/07/24 01:44:33 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\MicroVision Applications
[2011/01/30 09:50:36 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\MigWiz
[2011/01/30 17:53:22 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Mozilla
[2012/04/14 12:29:27 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\NFS Underground 2
[2011/01/28 20:13:12 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\PDFC
[2011/01/28 22:51:24 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Roxio
[2012/04/24 10:57:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\SMART Technologies
[2012/04/24 10:50:20 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\SMART Technologies Inc
[2011/01/28 23:08:04 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\SoftGrid Client
[2012/11/23 15:17:35 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Temp
[2011/01/28 20:05:33 | 000,000,000 | -HSD | M] -- C:\Users\Robi\AppData\Local\Temporary Internet Files
[2012/10/20 18:35:44 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\TubeBox
[2011/01/28 20:05:33 | 000,000,000 | -HSD | M] -- C:\Users\Robi\AppData\Local\Verlauf
[2012/09/16 20:03:05 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\VirtualStore
[2012/11/20 11:57:53 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Wajam
[2012/08/14 12:34:06 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Windows Live
[2011/06/09 22:29:48 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\Windows Live Writer
[2011/01/30 14:46:51 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\WinZip
[2011/12/31 14:04:52 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{015FAEAB-4E38-4C7C-A023-3B8D2BC8EFA1}
[2011/11/25 08:38:49 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{019BD3E5-0135-4A6F-B55E-7E628D678B4E}
[2012/05/11 12:40:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{026C27B0-F8AD-4D08-BCD0-9C5D40DCF3A0}
[2011/10/28 11:58:04 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{037A8D08-A32C-4E5B-9A9F-85BE5E0292EE}
[2012/07/15 16:42:56 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{03C9BE97-91F7-4817-A050-50CBE50717C2}
[2011/10/10 18:14:16 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{04B3D14E-C9BD-4E4F-9775-82AE9247AE07}
[2011/06/23 09:50:39 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{067ACE15-4291-4035-8882-D114A9EC20F1}
[2011/10/12 13:03:25 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{06ADD07A-BA19-4D65-A0E9-CEB699CFC352}
[2011/08/12 10:20:47 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{07155021-628E-4E61-8388-2E7E8B9F36CC}
[2011/06/30 13:30:18 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{07730E8A-ADC8-4545-BD8D-DECC0BB66517}
[2011/10/20 15:49:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{0837252E-7BCE-4635-BDE7-56CF9FB9CD80}
[2011/07/04 22:16:10 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{0B5D2CB1-9755-4199-8468-36D40E0289D7}
[2012/01/02 15:01:44 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{0B6BA510-2F40-477D-BC70-E37D3850C002}
[2012/01/01 12:38:25 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{0BB50477-762E-4D8C-B53D-99E75F6E9A60}
[2011/11/13 17:51:31 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{0C899784-31F4-447B-83E7-CBD8D8CD5EF1}
[2011/11/15 08:24:59 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{0C92F768-0EBC-4C5F-9D29-C24D23317A75}
[2012/02/09 09:00:58 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{0D1C2B12-A264-414F-ACE6-101085FBFDF4}
[2011/11/30 17:27:20 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{0DDBAAC6-D40A-4C09-85A8-A7C495AD549F}
[2011/08/29 17:35:04 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{0E919348-B08B-4FD2-855C-BE88B87F4103}
[2011/10/21 15:13:29 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{0F41F39F-A506-465C-9A5D-431BEF8F801B}
[2011/12/29 13:20:13 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{0F5E16E9-AA65-4DC7-AB74-74E8AD4ABBE3}
[2012/05/08 15:44:29 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{0F9B8568-8400-402B-885E-6E361FC27614}
[2011/07/18 21:06:31 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{119646BE-0952-4B13-979A-2ABABD03F14C}
[2011/06/17 12:39:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{121E92F7-8A26-42BB-B996-4F7C1B4444D8}
[2011/08/04 09:50:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{12FE8392-EDDB-46C2-A04A-0029195D3D3E}
[2011/06/19 21:25:01 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{137842CE-5A49-46B5-A1FA-D5AB7051B51A}
[2011/06/21 16:24:27 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{148905D9-8163-4E08-A5F8-045E14C51E68}
[2011/08/30 10:48:31 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{15F10852-F498-4C3B-BBEB-FE716DD9E072}
[2011/07/03 10:24:27 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{167DF774-2E7F-40D2-B52B-0675482BB10B}
[2011/12/09 19:55:34 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{1909D481-1047-4DC4-9AA1-DD1E0C56154D}
[2011/06/09 22:30:00 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{1AEB67FB-FF95-451C-B622-A0A34EF4E042}
[2011/12/31 12:07:27 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{1BF16BA0-2834-4528-B15F-886E22DC2560}
[2011/09/28 14:16:49 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{1C402B48-BEBC-4EA2-B00A-29BC41EAE4F5}
[2011/10/17 20:07:27 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{1CF47066-840C-47AF-90C1-FAFE2AA11CA8}
[2012/01/02 02:13:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{1FDC9066-A154-4071-BDE8-1F663F818906}
[2011/12/10 17:51:06 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{1FE036A9-B056-4C80-8198-1BFB8461C5BC}
[2011/08/16 20:02:59 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{200BF3D1-B878-47A3-B336-DE12BCA9AC94}
[2011/06/12 11:37:20 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{202D7CEC-067D-4B42-A7FA-917836CEBDA2}
[2011/07/08 19:25:57 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{2041C2F9-88AE-45FE-A458-7A775725CF1E}
[2011/12/17 13:18:38 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{21B18087-AAE8-4975-8306-AAE0C4BB467D}
[2011/06/18 19:41:47 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{21D93EEB-FD02-4861-9A73-734BB7230781}
[2011/12/14 15:23:25 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{22DBF7B2-0F44-465E-B3C9-2D8531323AA6}
[2012/11/09 06:36:31 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{23ABBB6E-6153-4E10-9C0F-8A4C7CFA2B33}
[2011/07/05 15:19:33 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{24E16B02-F532-4D6E-968A-D6FDE6C698B7}
[2011/08/02 21:14:40 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{2864306D-A8AD-4AA7-9991-B4FDA8638541}
[2012/05/10 20:33:57 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{29740ACA-4407-4E29-A560-B69BA2D4F08D}
[2011/07/24 04:30:15 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{29E7336B-DEB6-4BA8-A4F0-06898CA062AB}
[2011/07/06 18:54:35 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{2BA77D5E-0AD4-422D-8152-19431BCE7078}
[2011/08/10 09:46:37 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{2DC84C56-899A-4645-BC60-088FB7888AD2}
[2011/12/22 20:44:14 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{2EC305F2-2CAA-4E26-9F03-A7164CE8FA38}
[2011/06/09 22:28:47 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local

Kevinator941 · 23.11.2012, 15:54

\{2F41C724-B8E1-43E8-8DF7-5F41DC041518}
[2011/11/04 07:44:11 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{2F7FFBD6-CE33-4152-9D15-131D171B9E89}
[2012/07/15 04:34:32 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{2F99B4F4-A03E-4242-8171-1E585E627DE8}
[2011/09/06 21:39:23 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{2FEC2D11-3FA6-4CB1-B4D3-6B82FAB5A6F2}
[2012/01/12 17:45:24 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{2FF8227D-0D66-4C74-9147-145D2A7C1342}
[2011/09/06 23:09:19 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{306BC674-D282-4B05-BDCA-9B443492F7DF}
[2011/08/31 19:36:56 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{306F4ADD-DE9E-4208-95C1-8F485059333A}
[2011/08/26 13:16:10 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{31E67955-5FAC-4F83-83FB-1DE8BB7A96AA}
[2011/12/16 15:40:24 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{320965F6-D07F-40E6-A242-687EB96DF737}
[2011/12/12 14:59:15 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{3314E5FB-CD48-46E7-9934-F25E6701D609}
[2012/01/06 17:56:28 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{34BC12E1-8103-4E6A-8A1D-2A943F80AEE1}
[2011/06/21 06:25:38 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{34D2F057-D6D5-4C9A-9AD5-C9356D234E16}
[2011/06/26 18:12:45 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{3501E97D-1F9A-486A-8905-96BD23BAA368}
[2012/06/04 11:36:23 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{36618F64-4264-4CE8-A3C8-2EE8229E9B33}
[2011/12/13 19:26:46 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{368562E9-CA00-4B01-9B7A-73A02622A581}
[2011/09/11 17:44:59 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{376D705A-2B29-4ED4-A2A0-2E92CA619E72}
[2011/06/11 08:26:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{37F27321-F794-4388-A9A3-D6C234201F2C}
[2011/11/25 14:06:12 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{383E68B0-A3C9-4780-9E16-B6FD6A86BB6A}
[2011/10/06 21:27:22 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{3BE2129A-DCAD-4C79-8745-90964CB72C64}
[2011/06/07 17:18:08 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{3D32B278-7105-4DAF-8263-96B66EE29062}
[2011/12/18 18:43:28 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{3DCCBF37-F4C4-4E60-B056-ED2914A70BBC}
[2011/11/28 12:37:59 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{3E5D122D-7044-4685-A7A2-E7F78092A74A}
[2012/01/15 19:52:11 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{3FA97D25-A448-4EED-A1E1-BF329DF1EB31}
[2011/06/24 12:44:13 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{42FCAF6B-DBFD-4A5F-AAE3-322913670F05}
[2011/06/20 15:04:17 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{43B9CE92-5D0A-4792-BBF0-7FF49E1EC880}
[2011/11/12 15:38:54 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{446F402A-C989-47D2-B921-18EFF8785F00}
[2012/11/08 08:04:59 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{449D7202-ACCA-46FD-A049-6FA5561DDDE6}
[2011/06/27 08:55:01 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{450F6B32-8D77-46E9-8ED3-204928CF242E}
[2011/06/18 08:46:19 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{4596B161-5A47-45CD-BB05-BB787A7B90C0}
[2011/07/03 18:37:05 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{48CFA207-500B-49F3-9630-DCA89EE2A957}
[2011/07/06 12:39:21 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{4960DEDA-D7B6-47DE-B1F4-3F9240B2F6BF}
[2011/08/24 12:39:54 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{49F64394-3D11-4E46-8BD3-6050558F8056}
[2011/06/22 20:55:46 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{4B252EE8-357A-405C-B95D-D62A378C0448}
[2011/11/20 10:17:58 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{4B9E6E9D-EC3C-4BDD-B50E-13D84D3E00B3}
[2011/06/09 22:30:36 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{4D122C6F-EB99-4C19-BBA7-6923DF27645C}
[2011/09/05 13:20:25 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{4FBD5660-7D27-4724-BF16-7D0EA93AF4AA}
[2012/01/02 02:13:54 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{508868FD-993F-4088-9F71-5AAA9FFC4F56}
[2012/07/14 13:30:55 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{51413F1D-2723-476A-B655-CF039EDC2AEC}
[2011/07/12 21:08:53 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{52F67413-47FA-436E-8168-193BD653AE47}
[2011/09/27 08:50:20 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{53302264-98DE-43E9-A406-4F4109133B43}
[2011/10/01 09:16:04 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{535CC33D-8827-4913-9233-A017EFE9705A}
[2011/08/13 13:18:44 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{54A84A22-FAB6-4D29-82AE-9686DE8BD266}
[2011/08/13 15:10:35 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{557E7436-26B7-43DB-8715-D4DF6EC86DA4}
[2011/10/27 09:49:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{55942962-9F69-4F72-B521-B7FC308245A6}
[2012/01/18 18:41:21 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{55A13A06-3071-4484-98C8-3507CB81A08C}
[2012/07/15 04:41:13 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{55CFDF42-B527-4904-A525-53C8165BD2EB}
[2011/10/16 19:53:48 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{562A7E80-451D-4C2C-8C86-25B261805938}
[2011/08/19 11:22:27 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{56ED1E51-0F5E-4F81-8B85-4099BBEE5749}
[2012/01/14 12:25:04 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{56EE69BC-A2DC-4E8F-B516-A321097BA4F5}
[2012/11/22 12:16:43 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{56F4D31D-2F68-4B81-8FE6-4F6101085ECD}
[2011/11/24 08:17:28 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{57454150-AAE3-4741-A218-2EE21464E0C3}
[2011/08/28 11:22:06 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{57A06C74-0AD9-4449-B749-A43623AA96E5}
[2011/10/04 12:59:29 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{57CF4DE4-839D-4D59-813A-66195B4D1736}
[2011/11/16 08:30:21 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{5866F91A-63E2-4408-9F1E-633190C8C05F}
[2011/10/15 07:59:06 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{58CF7DA2-B0B4-4A20-BB2B-0DEB3ABF8565}
[2011/07/24 21:26:21 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{59AB2185-1CB5-4F73-8F27-6DE0F8D0D513}
[2011/06/14 13:53:17 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{5AAE44DB-50F8-4834-B253-E2625EB83909}
[2011/12/20 18:39:11 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{5AF0A886-D44F-4848-BBCF-5E278DD2F99B}
[2011/07/26 10:16:00 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{5B8E9C3E-BE4E-44BF-821A-8F947A32C9A8}
[2011/07/02 08:57:14 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{5B9B48B7-183A-49E5-B560-7B0CB9404C33}
[2011/12/01 16:02:18 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{5D1AABF0-698E-44DE-A37C-276788B5D7C9}
[2011/11/16 19:21:55 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{5D268991-3BF2-4620-9FF5-A0A1BC9FE977}
[2011/06/28 16:28:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{5D750822-8319-45DD-9C36-90A371898DE1}
[2011/12/27 15:19:09 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{5DE3D709-6499-43F0-8307-7565C56FF239}
[2011/12/07 15:37:23 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{5E0A34BE-EA35-46CD-B687-616CC3980184}
[2011/09/11 08:27:03 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{5E280111-B6DC-4E31-8CB8-DA3C348AF40C}
[2011/12/29 18:46:11 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{605E1A96-DE80-4A2E-9E59-983D91B9A041}
[2011/07/04 14:56:17 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{61C5E91F-4EA4-4469-A164-57253DD57CC4}
[2011/06/27 14:09:11 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{62D1FD99-A0B9-40E1-9A13-A725E5EE3C6E}
[2011/06/22 16:33:44 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{62F8D573-1FBC-41B8-B9C5-77F62EFE185D}
[2012/01/13 18:12:48 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{63104BED-5417-421F-974D-7490254A4DD3}
[2011/11/23 17:26:09 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{6380CF74-5B6B-415E-BEE7-658C525CD568}
[2012/02/10 07:20:08 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{6407CD81-670A-4E26-A30C-BD718A50C32A}
[2011/10/16 08:46:25 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{6444E09D-A0F2-47FA-A949-9089DBCD9951}
[2011/06/10 16:07:32 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{652203F0-CFEB-4492-93FF-C3E855EB2596}
[2011/07/09 15:00:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{6533D139-954F-4F83-BFA1-03EE19EFB4BE}
[2011/06/12 23:37:50 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{65B9AEBD-852F-4F8B-94D2-A63B873033D7}
[2011/11/17 13:12:09 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{661A9288-665E-4481-B7AF-73B9925E65F3}
[2012/11/22 11:55:12 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{66E052C8-5437-413C-8AC1-0CB48B0DB0BA}
[2011/12/15 17:27:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{696C418F-CE78-42F0-BE38-A0B52AAB9873}
[2012/05/11 12:39:17 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{6A835A9E-4777-4694-9CF8-C208587A5F48}
[2011/11/02 11:30:40 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{6B453144-9CD4-41C6-BA46-4D8FC6A2B7A7}
[2011/10/11 13:14:03 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{6B5B6CF5-DCB9-4280-88F8-353F714D4450}
[2011/07/20 21:23:28 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{6C1598CB-BBC5-4006-9A8E-DC7563BDEFAC}
[2012/01/07 21:11:04 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{6C15F4FF-0680-4F40-A3FA-45D03B9EDF33}
[2011/07/25 09:33:04 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{6D3044F5-EFAB-45D0-B6D5-713A91A69C95}
[2011/08/31 16:50:58 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{6E05B69E-8880-420A-A39E-50099CA22405}
[2012/01/24 16:45:28 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{6E7C9D89-4496-47D9-B567-31DF60B231AA}
[2011/12/23 19:25:08 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{6EBDBF3A-02F5-4CEE-9C16-698B0607C453}
[2011/06/19 09:23:49 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{6FDC4231-CBD1-4C16-9BAB-64C292488026}
[2011/12/06 17:06:25 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{70A99224-C4A6-4412-A21D-AAAB99599FD6}
[2011/10/16 07:41:21 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{711C6700-D325-49B0-BE70-FCF18C81EF53}
[2011/10/01 04:45:52 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{716A8027-CB17-497E-A752-60BFF056F09D}
[2011/07/27 09:50:47 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{71E85588-EFFC-4D4B-B19C-BEB065F0C186}
[2011/06/09 22:30:43 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{72BC01E2-AD1F-4237-A5B0-13E142FB20AD}
[2011/07/17 21:05:37 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{7383C85B-09F2-43D5-8422-F91B69B66605}
[2011/12/28 14:05:26 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{738EE5C6-2A60-453D-8DF3-B0F5FD6F6AC4}
[2011/11/04 14:38:34 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{739757AC-66B4-4CE8-B9B1-A81A60EE8B7E}
[2011/11/09 17:07:56 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{73DEA71B-A9AC-4087-B2A9-94F474ABBA86}
[2011/11/11 11:32:07 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{73DF16B1-DF32-4FDB-B535-485D0472B88B}
[2011/10/02 09:28:12 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{744A69B4-86B8-4540-BBA5-6ED15DD3660A}
[2011/06/16 13:59:13 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{74DF1748-85D6-49AF-8219-19E9AA867603}
[2011/12/22 20:43:59 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{75225A39-5DFA-455C-9ED4-7978A9D68C53}
[2011/08/25 12:31:43 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{77F0F236-0D58-40DC-9415-C99B71E9221E}
[2011/10/05 13:57:16 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{7822489D-8ED3-4C66-9EA8-72DD74CEFA56}
[2011/12/01 14:43:17 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{7828F840-D2A5-446B-BC99-AE5458502FAB}
[2012/01/02 03:42:52 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{785736F0-9C0C-4AE8-8D75-55848CC04F20}
[2011/08/17 22:34:04 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{7BB6E811-F0DB-4430-B849-E87B8F2CB268}
[2011/09/04 21:32:15 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{7E2AAB18-1D54-40FB-A8E6-480D2E66C119}
[2012/07/15 04:41:24 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{7E917084-67D8-4728-B925-079AC94AA397}
[2012/05/10 20:57:09 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{7EBD6B07-5393-462C-9BC5-B5B028DB18F4}
[2011/10/18 13:37:08 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{7F8271EC-AC87-44EE-9272-0BEFD22EFD80}
[2011/10/01 11:21:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{7F92378F-5FB4-49F6-8729-197B1E16ECB7}
[2011/08/10 19:36:07 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{808621B9-704D-4F6E-BD1D-4F7B31EA314C}
[2011/06/30 16:57:47 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{8130DE6E-CB5F-4D5C-93C2-0BF57B734E22}
[2011/06/13 18:02:43 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{82DC4858-7B5F-4553-BE35-0C33AA1CD879}
[2011/08/17 10:26:10 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{82FBFA07-3280-48ED-B360-CE0841F4845E}
[2012/07/15 04:33:04 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{83B383F9-F63C-4E43-A5E9-3789DF512AF9}
[2011/07/15 12:21:02 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{83F57F88-3710-4300-A4A7-1F3D4A7FB768}
[2011/08/28 21:27:58 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{85290049-B90A-4150-8F85-1A95857C6B90}
[2011/10/01 11:21:29 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{853FCA2B-8C36-485C-93C7-FA32C2D52B7B}
[2012/08/14 12:33:59 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{867C2644-A569-4BDB-8680-4201F0BBBCC4}
[2011/10/24 13:14:08 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{87D7FA12-9F72-4312-8469-D6C917FA3861}
[2011/09/19 15:02:58 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{87DB7C43-F973-4953-8F22-E6DD47CACFD5}
[2011/07/07 14:14:26 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{881E4076-D1C8-4FBF-B161-7F1BC3EB40B4}
[2011/11/07 15:29:11 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{882442F1-49D5-481D-987E-9914BDF12C23}
[2011/10/30 17:12:34 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{8914DD2A-08B9-4EF0-A2FC-B3A42C1E5676}
[2011/08/01 18:40:44 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{8A1FC62F-14E2-4697-A7C5-FBA3FE56AD6D}
[2011/07/14 14:03:53 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{8A289378-6024-401B-8867-00527AB5875D}
[2011/08/29 13:56:23 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{8E037A85-A20D-4DE1-93EA-E987EFF87CDF}
[2012/07/15 16:42:35 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{8EF00F16-5F50-4FDE-8B57-643EAE354997}
[2011/12/12 10:21:44 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{8F3D85D4-4625-4BE5-8A3F-2309535F433C}
[2012/06/04 11:42:56 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{902065DB-9A91-4982-B2D3-8505BAD21C1F}
[2011/12/18 18:43:07 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{903EE55F-C9B2-4307-B9F0-F6B9A9B94221}
[2012/05/08 15:45:34 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{9078866F-9045-4472-8766-5071BB5A4E90}
[2011/07/29 17:51:03 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{90C8153F-32C9-4952-93B9-3F0DB1E7F190}
[2011/11/05 19:29:43 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{91B54AEA-2DEF-4DC3-B77F-2D0CC333B6F9}
[2011/12/18 11:03:49 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{924A48CF-8985-4F3E-ACF6-44C5A5437AE4}
[2011/07/04 19:14:08 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{92698A47-23EB-42DF-A4BE-9F052CE507F1}
[2011/11/21 18:30:53 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{93673367-DA97-4E2C-B666-74936A5FEF77}
[2011/07/19 20:23:49 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{93B98EC8-1BA6-418C-9EFD-234E255A6059}
[2011/07/05 19:44:29 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{93BC14E8-9F98-4A19-B7D0-554315D46715}
[2011/06/09 22:28:05 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{942D06E6-E6B4-4867-9F0E-69F507BF561D}
[2011/12/22 17:07:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{95B6DE0F-FD41-4E16-9084-AE5C62A55188}
[2011/11/06 19:10:33 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{96A193AD-8197-42CD-9F8C-D558B06734CC}
[2012/01/08 20:03:44 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{98226C24-B267-4F0D-BA1D-E8AE1509E6D3}
[2011/10/28 08:40:39 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{9AD4C0B2-E6EE-4726-8193-9B8E2C70D38E}
[2011/06/17 20:19:39 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{9B9D74CA-2C46-433B-BA69-D027A390BD13}
[2011/08/03 07:08:30 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{9C7B3364-55A0-43F8-884E-1C62AA1AA835}
[2011/06/29 21:35:02 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{9E806F7E-359F-4B51-BF31-86DCFE645A43}
[2011/12/17 16:27:35 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{9E87CD04-A11A-4ED6-810C-BDECDF3FFEB0}
[2011/09/19 18:53:12 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{9F0A1472-D750-4118-91ED-1A6E9403586E}
[2011/11/23 19:00:23 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{A1F5BCCE-036C-4814-9E5E-21FFE0CCBA74}
[2011/11/03 11:19:26 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{A202E1B7-B325-4B53-8EB8-68EA076AF8D3}
[2011/07/20 20:28:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{A2993A4E-FAC6-42F8-A87A-6162591CBC76}
[2012/01/24 00:01:35 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{A2E211E3-31E5-4654-9C37-1E234EFEF28C}
[2011/09/08 15:00:40 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{A4AF41A3-D63C-4D78-A75F-A80F1B2D1DC6}
[2012/02/10 07:19:55 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{A4BABBC5-8584-4384-B8CF-4C6B40672AFB}
[2012/07/15 04:32:52 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{A54F689B-E652-48C2-BD14-CCC57C8EDD9E}
[2011/09/05 11:45:30 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{A62930E5-44C7-4557-AF45-ED0F8F7F21EA}
[2011/10/16 08:46:08 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{A72816B2-D80B-45B3-B083-264BBD9BEFBF}
[2011/12/11 20:36:52 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{A7B8CF63-E05E-4F28-9514-B5A7354A9086}
[2012/05/07 20:05:01 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{A7DF5C3D-CB9D-4C1F-933B-080B632BE6A5}
[2011/11/20 17:57:25 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{A990F812-96AE-4B02-952E-B9F9CF30B0D8}
[2011/06/26 20:08:45 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{AA68F806-31B1-4EB0-8A73-68692B1A5F41}
[2011/07/22 10:25:26 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{AAC1E2E7-AE62-49F5-80F0-6714210DF6DD}
[2011/11/23 12:59:59 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{AB1C91A5-6BB3-41C2-9C18-A5B4F5A61362}
[2011/10/14 13:08:15 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{ABF2A2EC-66DC-4409-8E2E-27B99A7DD845}
[2011/06/10 16:10:05 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{AC1928A3-A55E-4144-B701-35CAA1649F2F}
[2012/01/03 17:35:01 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{AE502122-5F14-485D-BDC4-1A945EC840A3}
[2011/06/15 13:27:04 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{AFFE6B76-384C-4D38-83AD-1956A4FED323}
[2011/11/24 13:46:31 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{B0688F78-A44E-43D1-BA6F-3AF19890EA0E}
[2011/11/18 13:34:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{B0F05897-D180-4721-A738-4E1647B25ED1}
[2011/08/09 09:48:55 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{B121859A-4D47-43A9-B1D8-7946A0FA356D}
[2011/08/07 17:52:25 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{B2568680-427C-4F00-BF61-0431BF015B75}
[2012/05/07 20:06:29 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{B2638002-69CE-471D-A309-E1814B056777}
[2012/05/10 20:36:48 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{B30E9F28-C098-4472-AD89-C50CFE96EDE9}
[2011/06/09 19:55:51 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{B388EE1B-3894-4AE1-ABCC-73F6DA6C17E0}
[2011/08/01 15:17:49 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{B5D68C06-1EB2-47F2-9D74-6B0B966F746E}
[2011/11/02 16:16:47 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{B6C1E066-9983-4525-9D0D-F9C76F068521}
[2011/06/21 17:44:36 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{B6C955DF-908B-490D-9DA1-29112568A0F8}
[2012/05/10 20:57:44 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{B8224A9A-FB0F-4F89-9474-0DD6FBF20989}
[2011/07/27 13:49:18 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{B8D3DF2A-FA5A-4898-ACC3-526E7279830E}
[2012/08/14 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{B96039F5-B71E-4C77-BC79-C0955F5AD72D}
[2012/02/09 09:01:10 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{B9CF8245-81FC-4384-99FA-A7D9922E0464}
[2012/02/06 07:44:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{BA26709E-C1F4-43A2-A9A9-5E0D0198B668}
[2011/11/30 08:13:39 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{BAB0B185-0716-4A74-A7C9-F80D69365C44}
[2011/10/15 23:45:26 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{BB21B69F-75C2-49BC-8573-01DD093AB138}
[2011/12/01 09:48:14 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{BC6A57DD-C4F5-4EE2-9847-00C7CFD99034}
[2011/06/08 12:46:02 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{BCDFAE04-1359-4F1B-B0F7-5E508B324FE3}
[2011/11/23 08:16:26 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{BD760273-8CD0-4972-BA9D-E6BB782A63FE}
[2011/07/21 21:05:53 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{BEA4E3FF-8A5F-4471-BFFA-5B57B03809D9}
[2011/08/03 14:11:07 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{BFD7C650-0AD8-48E5-BC9D-713960345D7D}
[2011/09/05 20:46:20 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{C065DD39-40E5-4E79-A867-906A7CB7211C}
[2011/10/15 23:18:53 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{C0EAD9D0-D5EE-481E-A680-3D0D6DE16834}
[2011/12/29 14:28:18 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{C1DDC10E-9E03-446E-B2BE-F31264FF88D9}
[2011/12/21 18:51:56 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{C328E7F0-98BF-4FB5-B6F7-5D832C4E22A2}
[2011/06/27 13:06:02 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{C36F7163-3648-475A-9D00-2669515DA472}
[2012/01/19 13:00:30 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{C3A497A7-C363-4DA0-B09B-6A3A1C9E0955}
[2012/01/25 16:23:40 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{C4211F9C-18ED-410E-B227-5255195729CA}
[2011/09/09 13:27:12 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{C49CCCD0-D48B-4497-8D7B-4D02C011A625}
[2012/03/15 21:20:56 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{C6B30BFE-0E4D-4447-A6D4-4A5333F4F912}
[2011/07/19 11:28:58 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{C82C51BD-1DF9-4252-BEC7-AD49CC1B19DA}
[2011/08/23 20:04:22 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{C8AAA216-83EF-491F-81D2-79EBE7969005}
[2011/12/06 20:57:00 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{C8E65EE0-46FE-4E87-87B4-3C5C6ED656E3}
[2011/07/28 13:39:03 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{CACDC570-20E8-4A40-8B35-56C058EB51BA}
[2011/08/18 21:24:41 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{CAF4B6CA-AAF0-4723-AE0C-EE47A493A315}
[2011/07/15 19:13:19 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{CCD49806-4B4D-486A-955B-702F610D7265}
[2011/11/13 10:48:32 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{CD6401E8-69FF-4386-8037-61842F1B3FC4}
[2012/01/02 03:43:00 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{CD8ADF45-8665-4AB4-8509-C23D371406B7}
[2011/10/26 15:54:04 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{CEED595C-3ACE-42EE-B1E4-55AA46857CB9}
[2011/07/24 23:33:08 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{CFC3EB63-860E-429D-A2DF-0ABA494C0DC8}
[2011/08/09 21:13:32 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{D1406AD6-09E4-4DE5-A9D1-316FBDF17CCF}
[2012/07/15 04:33:54 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{D1567B91-6831-49BF-B9EF-896BCD58C977}
[2012/01/10 18:24:47 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{D1747A60-1748-423D-BAF1-0646B660663B}
[2011/11/10 17:06:24 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{D3D81E27-D8B2-4428-B1D7-6B5AE71E5744}
[2011/06/25 08:01:31 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{D43BA313-1F5A-48D1-B5C8-80E30E5C66A6}
[2011/08/11 18:53:16 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{D508D7E7-AE25-451C-827F-CCE974249A50}
[2011/07/29 15:25:53 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{D5F91A60-C599-44EE-A7C0-BB2C44152B5A}
[2011/07/29 09:10:31 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{D851CBE9-ADD7-472D-A268-9250D930FCCD}
[2011/07/10 09:21:24 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{D94D69BE-5B1D-4B01-AAE3-FD03FC2300F9}
[2011/09/06 12:40:47 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{D94EC047-C0A8-4AA2-9B43-82B07A56EF23}
[2011/07/01 18:05:37 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{DEF5AA20-ABA3-4F33-A9BA-E652A29D023B}
[2012/02/06 07:44:53 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{DFABEE08-3990-4292-90FD-988D366A3143}
[2012/07/15 04:34:05 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{E2A496BF-D4F2-4511-B6C9-20F6C1F0D00F}
[2011/12/03 09:53:45 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{E2E6B485-2EA5-46DE-8309-11C363770690}
[2011/09/11 08:27:18 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{E3181281-899F-4778-B303-DB8148DD18A6}
[2011/11/14 20:59:44 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{E3305830-1B0B-49E4-ABC5-970016916B2D}
[2012/01/24 16:58:28 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{E361EC5C-94BD-4D63-8FE4-D79BC6A5A4DD}
[2012/05/11 12:40:53 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{E3680B68-F986-4D14-BF19-E224DD7A250C}
[2011/12/15 09:47:39 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{E725DA20-46CB-42C3-A941-76BAA83E2F58}
[2011/06/16 22:44:44 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{E8315317-B59D-4E4D-8985-C08177942268}
[2011/09/22 06:38:20 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{E83B3A99-D262-4426-8DAD-B36A8ED9FBE9}
[2011/07/25 21:57:17 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{E867DE44-8010-43FE-8808-DB34D18D64EC}
[2011/08/23 12:06:45 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{E924B061-00F0-43B7-8B3F-0C236480B8A2}
[2012/01/24 00:01:49 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{E9D9D2E2-E22A-4C86-AE59-8E2442898E08}
[2012/02/07 07:40:00 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{EA55884F-46C8-4C49-BA8A-97455B70A4FD}
[2011/06/15 18:49:10 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{EB932E82-F0BD-480B-B7E4-5AA919C6068E}
[2011/11/27 19:52:34 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{EBF28265-1B96-4B59-9049-681E31AA9692}
[2011/07/27 19:35:36 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{ED6360A7-44D6-4D43-8E13-7FBE95B96800}
[2011/11/15 16:01:09 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{ED784853-9AB8-4DF5-9D6A-5E9181CF45EF}
[2012/02/07 07:40:12 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{EDED76D1-0374-4242-85ED-0A61BC528366}
[2011/09/27 06:43:31 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{EE133310-E6D1-4A85-8E2A-7FBC0DA503BA}
[2011/10/03 19:36:23 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{EE6273CE-858A-42A9-B67D-9880DDD9CA56}
[2011/12/31 18:02:01 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{EEDD88FB-636C-43CF-B8E6-BFD9F0A60B89}
[2012/05/08 15:44:31 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{EF5E2CEF-81A7-4845-A1C2-102E1F947D3F}
[2011/08/22 09:53:28 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{F1494E28-43B7-4618-A403-0A6EA3F45B11}
[2011/07/17 16:07:36 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{F23C6CB2-34E5-43FF-B4E8-4D99C549310C}
[2011/07/23 12:26:12 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{F276223C-7773-4035-BA33-4537C3940826}
[2012/06/04 11:33:38 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{F60E382A-56BD-498A-ADDE-1246DCC25421}
[2011/08/04 20:07:58 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{F71B717B-AE0A-4D2C-B1F9-E24583AFB7B4}
[2011/10/03 11:27:01 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{F7A469AF-6B54-4A4E-A2CE-BB39EF40B8F6}
[2011/08/03 18:17:13 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{FDD31FC8-9040-4D7B-99D6-DBC489A518E6}
[2011/10/31 16:38:02 | 000,000,000 | ---D | M] -- C:\Users\Robi\AppData\Local\{FEF461D3-64D5-4D25-A8BA-FFD3A22F65C4}

< %localappdata%\*.* >
[2012/11/18 19:25:53 | 000,076,784 | ---- | M] () -- C:\Users\Robi\AppData\Local\GDIPFONTCACHEV1.DAT
[2012/11/22 13:46:00 | 002,544,613 | -H-- | M] () -- C:\Users\Robi\AppData\Local\IconCache.db

< %localappdata%\*.exe /s >
[2012/05/07 20:05:30 | 001,287,528 | ---- | M] (Microsoft Corporation) -- C:\Users\Robi\AppData\Local\Microsoft\Windows Live\Installer\Catalog\wlsetup.exe
[2012/03/26 15:16:31 | 000,020,480 | ---- | M] (Microsoft) -- C:\Users\Robi\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GermanyRain.gadget\RegisterHost.exe
[2011/01/30 18:09:47 | 000,003,475 | ---- | M] () -- C:\Users\Robi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4KRAUZKB\Firefox_Setup_3.6.13[1].exe
[2011/02/18 16:49:22 | 000,003,475 | ---- | M] () -- C:\Users\Robi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4KRAUZKB\Firefox_Setup_3.6.13[2].exe
[2011/01/30 19:04:13 | 000,030,083 | ---- | M] () -- C:\Users\Robi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\71NZKN5I\Firefox_Setup_3.6.13[1].exe
[2011/02/17 19:45:47 | 000,032,843 | ---- | M] () -- C:\Users\Robi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\71NZKN5I\Firefox_Setup_3.6.13[2].exe
[2011/01/30 18:08:42 | 000,002,483 | ---- | M] () -- C:\Users\Robi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ENHH61XT\Firefox_Setup_3.6.13[1].exe
[2011/01/30 18:56:57 | 000,004,522 | ---- | M] () -- C:\Users\Robi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ENHH61XT\Firefox_Setup_3.6.13[2].exe
[2011/01/30 19:03:32 | 000,003,475 | ---- | M] () -- C:\Users\Robi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ENHH61XT\Firefox_Setup_3.6.13[3].exe
[2011/02/17 19:41:13 | 000,003,475 | ---- | M] () -- C:\Users\Robi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ENHH61XT\Firefox_Setup_3.6.13[4].exe
[2011/02/18 16:49:43 | 000,032,843 | ---- | M] () -- C:\Users\Robi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ENHH61XT\Firefox_Setup_3.6.13[5].exe
[2010/03/18 21:56:18 | 000,079,648 | ---- | M] (Microsoft Corporation) -- C:\Users\Robi\AppData\Local\Microsoft\XLive\Updates\5454083b\Content\setup.exe
[2005/11/01 04:09:50 | 000,729,088 | ---- | M] (Electronic Arts Inc.) -- C:\Users\Robi\AppData\Local\Temp\AutoRun.exe
[2012/09/17 17:02:17 | 003,778,052 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\chatzum_aff50_nt_s.exe
[2008/04/24 00:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Robi\AppData\Local\Temp\DataCard_Setup.exe
[2011/10/16 08:48:21 | 048,014,496 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Robi\AppData\Local\Temp\EAD5DC8.exe
[2011/10/16 07:44:10 | 048,014,496 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Robi\AppData\Local\Temp\EAD66DC.exe
[2005/11/01 04:09:50 | 000,344,064 | ---- | M] (Electronic Arts Inc.) -- C:\Users\Robi\AppData\Local\Temp\eauninstall.exe
[2008/10/15 11:42:52 | 000,050,432 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\Extract.exe
[2010/02/08 14:50:24 | 000,167,936 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\ffunzip.exe
[2008/10/04 19:16:40 | 001,882,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Robi\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
[2011/01/31 21:53:13 | 002,790,864 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Robi\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
[2010/10/27 14:36:04 | 002,487,120 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\Funload.de.exe
[2012/07/01 23:01:00 | 007,742,384 | ---- | M] (Oracle Corporation) -- C:\Users\Robi\AppData\Local\Temp\fx-runtime.exe
[2010/10/18 12:27:46 | 000,157,536 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\GLF4312.tmp.ConduitEngineSetup.exe
[2010/10/18 12:27:46 | 000,157,536 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\GLF4FA0.tmp.ConduitEngineSetup.exe
[2010/10/18 12:27:46 | 000,157,536 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\GLF6F7F.tmp.ConduitEngineSetup.exe
[2010/10/18 12:27:46 | 000,157,536 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\GLFB7D3.tmp.ConduitEngineSetup.exe
[2010/10/18 12:27:46 | 000,157,536 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\GLFC8F4.tmp.ConduitEngineSetup.exe
[2010/10/18 12:27:46 | 000,157,536 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\GLFE866.tmp.ConduitEngineSetup.exe
[2010/10/18 12:27:46 | 000,157,536 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\GLFF31F.tmp.ConduitEngineSetup.exe
[2012/06/05 23:57:00 | 000,746,336 | ---- | M] (Google Inc.) -- C:\Users\Robi\AppData\Local\Temp\GoogleUpdateSetup.exe1bc300
[2012/01/23 23:32:49 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Users\Robi\AppData\Local\Temp\GoogleUpdate.exec6566
[2010/05/25 17:13:02 | 000,172,600 | ---- | M] (Hewlett-Packard Company) -- C:\Users\Robi\AppData\Local\Temp\HPHASUtil.exe
[2008/01/14 23:28:12 | 000,069,632 | ---- | M] (Hewlett-Packard Company) -- C:\Users\Robi\AppData\Local\Temp\HPQSi.exe
[2012/07/01 23:00:19 | 000,893,936 | ---- | M] (Oracle Corporation) -- C:\Users\Robi\AppData\Local\Temp\JREInstall160_22.exe
[2012/11/20 12:33:34 | 000,163,896 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\MachineIdCreator.exe
[2005/10/03 23:26:23 | 000,073,728 | ---- | M] (Electronic Arts Inc.) -- C:\Users\Robi\AppData\Local\Temp\Need for Speed Most Wanted_uninst.exe
[2012/11/20 12:33:53 | 002,985,568 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\oi_{E3E87DEF-EB13-4111-99C4-9E2544002164}.exe
[2010/03/15 18:06:00 | 000,149,352 | R--- | M] (Microsoft Corporation) -- C:\Users\Robi\AppData\Local\Temp\ose00000.exe
[2002/11/11 15:16:30 | 000,024,576 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\Play.exe
[2012/11/20 11:56:52 | 000,714,640 | ---- | M] (PriceGong) -- C:\Users\Robi\AppData\Local\Temp\pricegong_268.exe
[2008/02/19 23:16:48 | 000,007,168 | R--- | M] () -- C:\Users\Robi\AppData\Local\Temp\ResetDevice.exe
[2011/02/04 18:20:12 | 000,088,120 | ---- | M] (Hewlett-Packard Company) -- C:\Users\Robi\AppData\Local\Temp\Resource.exe
[2011/02/20 18:42:17 | 035,845,112 | ---- | M] (Hewlett-Packard ) -- C:\Users\Robi\AppData\Local\Temp\sp50843.exe.exe
[2011/06/26 19:50:11 | 037,043,344 | ---- | M] (Hewlett-Packard ) -- C:\Users\Robi\AppData\Local\Temp\sp52110.exe.exe
[2011/07/07 16:12:59 | 001,592,176 | ---- | M] (Hewlett-Packard ) -- C:\Users\Robi\AppData\Local\Temp\SP52407.exe
[2011/10/16 08:08:02 | 048,461,176 | ---- | M] (Hewlett-Packard ) -- C:\Users\Robi\AppData\Local\Temp\sp54373.exe
[2012/02/05 21:55:40 | 048,868,760 | ---- | M] (Hewlett-Packard ) -- C:\Users\Robi\AppData\Local\Temp\sp54620.exe
[2012/09/27 07:25:36 | 015,204,344 | ---- | M] (Freetec) -- C:\Users\Robi\AppData\Local\Temp\TubeBoxSetup.exe
[2011/10/26 18:14:31 | 008,634,358 | ---- | M] (Macrovision Corporation) -- C:\Users\Robi\AppData\Local\Temp\ubiBC9D.tmp.exe
[2012/10/17 16:37:08 | 000,340,632 | ---- | M] (Babylon Ltd.) -- C:\Users\Robi\AppData\Local\Temp\uninst1.exe
[2012/11/21 12:30:37 | 000,961,480 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\UNINSTALL.EXE
[2012/09/16 16:37:45 | 001,091,024 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\Uninstaller.exe
[2011/09/09 17:07:56 | 000,449,592 | ---- | M] (Hewlett-Packard Company) -- C:\Users\Robi\AppData\Local\Temp\UninstallHPSA.exe
[2011/06/21 14:55:12 | 000,449,592 | ---- | M] (Hewlett-Packard Company) -- C:\Users\Robi\AppData\Local\Temp\UninstallHPTCA.exe
[2011/12/29 14:37:37 | 000,103,888 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\Verbindungsassistent.exe
[2012/11/20 11:57:46 | 000,417,088 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\wajam_install.exe
[2007/01/20 03:46:42 | 000,455,600 | R--- | M] (Macrovision Corporation) -- C:\Users\Robi\AppData\Local\Temp\_is82B6.exe
[2007/01/20 03:46:42 | 000,455,600 | R--- | M] (Macrovision Corporation) -- C:\Users\Robi\AppData\Local\Temp\_isBA3.exe
[313 C:\Users\Robi\AppData\Local\Temp\*.tmp files -> C:\Users\Robi\AppData\Local\Temp\*.tmp -> ]
[2012/11/21 11:41:37 | 002,792,336 | ---- | M] (AVAST Software) -- C:\Users\Robi\AppData\Local\Temp\_av_sfx.tm~a03944\aswOfferTool.exe
[2011/03/22 14:38:42 | 001,092,920 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\{3194A6FD-5474-4560-92B6-F84A2C1194EE}\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}\ICQToolbarSetup.exe
[2012/09/16 16:40:34 | 000,398,728 | ---- | M] (Acresso Software Inc.) -- C:\Users\Robi\AppData\Local\Temp\{67FEB7D7-1A5A-46C6-8BB9-F5DD6E7EEFD0}\setup.exe
[2012/04/05 16:46:45 | 000,398,728 | ---- | M] (Acresso Software Inc.) -- C:\Users\Robi\AppData\Local\Temp\{A364277F-1CAA-40E6-ABE8-7BCE1505DD48}\setup.exe
[2012/10/13 13:01:23 | 000,655,032 | ---- | M] (Sony) -- C:\Users\Robi\AppData\Local\Temp\{E895AA35-8E24-40D8-8267-45BD76A89A3F}\setup.exe
[2011/10/26 15:56:08 | 000,377,480 | ---- | M] (Macrovision Corporation) -- C:\Users\Robi\AppData\Local\Temp\{EA56A2F8-FBA7-4258-A250-5DFE3FCEBE1A}\setup.exe
[2012/10/17 20:29:20 | 010,220,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Robi\AppData\Local\Temp\{EADE20B2-B2E8-4642-A796-7524846F3641}\InstallFlashPlayer.exe
[2012/11/20 22:28:04 | 000,655,032 | ---- | M] (Sony) -- C:\Users\Robi\AppData\Local\Temp\{FB14D2C5-584C-421E-8542-56FC9BDD223E}\setup.exe
[2011/11/27 13:49:44 | 001,362,728 | ---- | M] (BabylonToolbar) -- C:\Users\Robi\AppData\Local\Temp\36FBF359-BAB0-7891-8F36-663A7D06408B\MyBabylonTB.exe
[2012/01/03 10:18:58 | 001,789,040 | ---- | M] (Babylon Ltd.) -- C:\Users\Robi\AppData\Local\Temp\36FBF359-BAB0-7891-8F36-663A7D06408B\Setup.exe
[2011/11/27 13:49:44 | 001,362,728 | ---- | M] (BabylonToolbar) -- C:\Users\Robi\AppData\Local\Temp\4DF5AF6A-BAB0-7891-9125-DF8CF7ADF15F\MyBabylonTB.exe
[2012/01/03 10:18:58 | 001,789,040 | ---- | M] (Babylon Ltd.) -- C:\Users\Robi\AppData\Local\Temp\4DF5AF6A-BAB0-7891-9125-DF8CF7ADF15F\Setup.exe
[2011/05/04 13:11:17 | 002,832,544 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Robi\AppData\Local\Temp\6C1B.dir\InstallFlashPlayer.exe
[2011/05/21 08:13:47 | 003,081,376 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Robi\AppData\Local\Temp\9C10.dir\InstallFlashPlayer.exe
[2012/03/02 15:17:13 | 000,920,176 | ---- | M] (Babylon Ltd.) -- C:\Users\Robi\AppData\Local\Temp\Addons\2431C6F0\babylon.exe
[2012/11/20 12:33:56 | 001,087,944 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\avg_a05752\avg-secure-search-installer.exe
[2012/11/20 12:33:56 | 000,600,008 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\avg_a05752\CommonFiles\AVG Secure Search\DriverInstaller.exe
[2012/11/20 12:33:56 | 000,146,376 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\avg_a05752\CommonFiles\AVG Secure Search\DriverInstaller_64.exe
[2012/11/20 12:33:56 | 000,970,696 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\avg_a05752\CommonFiles\AVG Secure Search\ScriptHelper.exe
[2012/11/20 12:33:56 | 000,711,112 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\avg_a05752\CommonFiles\AVG Secure Search\ToolbarUpdater.exe
[2012/11/20 12:33:56 | 000,155,592 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\avg_a05752\ConfigFiles\MachineIdCreator.exe
[2012/11/20 12:33:56 | 000,612,296 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\avg_a05752\ProgFiles\AVG Secure Search\lip.exe
[2012/11/20 12:33:56 | 000,504,264 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\avg_a05752\ProgFiles\AVG Secure Search\PostInstall.exe
[2012/11/20 12:33:56 | 001,020,512 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\avg_a05752\ProgFiles\AVG Secure Search\ROC_ssl.exe
[2012/11/20 12:33:56 | 000,961,480 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\avg_a05752\ProgFiles\AVG Secure Search\Uninstall.exe
[2012/11/20 12:33:56 | 000,997,320 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\avg_a05752\ProgFiles\AVG Secure Search\vprot.exe
[2012/06/27 14:45:38 | 000,155,648 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\CCIS\ccsqlh.exe
[2012/08/17 20:21:42 | 002,310,424 | ---- | M] (Conduit) -- C:\Users\Robi\AppData\Local\Temp\ct2481020\chLogic.exe
[2012/08/17 20:21:21 | 001,418,464 | ---- | M] (Conduit) -- C:\Users\Robi\AppData\Local\Temp\ct2481020\ffLogic.exe
[2012/08/17 20:20:51 | 002,155,560 | ---- | M] (Conduit) -- C:\Users\Robi\AppData\Local\Temp\ct2481020\ieLogic.exe
[2012/08/17 20:22:21 | 000,203,656 | ---- | M] (Conduit) -- C:\Users\Robi\AppData\Local\Temp\ct2481020\statisticsStub.exe
[2012/09/02 14:08:55 | 010,217,672 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Robi\AppData\Local\Temp\E0EC.dir\InstallFlashPlayer.exe
[2012/06/27 16:40:33 | 001,816,216 | ---- | M] (Babylon Ltd.) -- C:\Users\Robi\AppData\Local\Temp\E264640D-BAB0-7891-B174-E47D4D4BF88A\Setup.exe
[2012/10/11 12:18:48 | 001,283,128 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\E264640D-BAB0-7891-B174-E47D4D4BF88A\Latest\BrowserManagerSetup.exe
[2012/10/17 16:37:08 | 000,340,632 | ---- | M] (Babylon Ltd.) -- C:\Users\Robi\AppData\Local\Temp\E264640D-BAB0-7891-B174-E47D4D4BF88A\Latest\GUninstaller.exe
[2012/10/14 21:08:47 | 001,735,084 | ---- | M] (BabylonToolbar) -- C:\Users\Robi\AppData\Local\Temp\E264640D-BAB0-7891-B174-E47D4D4BF88A\Latest\MyBabylonTB.exe
[2012/10/15 19:32:43 | 001,837,720 | ---- | M] (Babylon Ltd.) -- C:\Users\Robi\AppData\Local\Temp\E264640D-BAB0-7891-B174-E47D4D4BF88A\Latest\Setup.exe
[2011/11/10 00:43:11 | 003,102,920 | ---- | M] (Hewlett-Packard ) -- C:\Users\Robi\AppData\Local\Temp\HpUpdate\25545\hpusetup.exe
[2012/10/25 19:51:08 | 000,484,656 | ---- | M] (DealPly) -- C:\Users\Robi\AppData\Local\Temp\is398349909\dp.exe
[2012/08/15 14:41:36 | 000,899,224 | ---- | M] (Babylon Ltd.) -- C:\Users\Robi\AppData\Local\Temp\is398349909\MyBabylonTB.exe
[2012/10/25 17:47:14 | 015,177,320 | ---- | M] (Freetec) -- C:\Users\Robi\AppData\Local\Temp\is398349909\Tubebox_BrotherSoft_Setup.exe
[2012/06/13 18:34:06 | 000,056,232 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\is398349909\wajam_download.exe
[2012/10/28 13:20:42 | 001,210,432 | ---- | M] (Web Deals Interactive LLC) -- C:\Users\Robi\AppData\Local\Temp\is398349909\Yontoo-C4.exe
[2011/11/08 12:50:52 | 000,073,080 | ---- | M] (Conduit) -- C:\Users\Robi\AppData\Local\Temp\is-G126P.tmp\ConduitInstaller.exe
[2011/01/30 13:43:11 | 000,001,380 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CAU2P8GB\PuzzleCollectionPortable_1.0.paf[1].exe
[2012/08/29 20:14:44 | 000,270,304 | ---- | M] (Mozilla Foundation) -- C:\Users\Robi\AppData\Local\Temp\MozUpdater\updater.exe
[2012/09/08 20:19:22 | 000,270,304 | ---- | M] (Mozilla Foundation) -- C:\Users\Robi\AppData\Local\Temp\MozUpdater-1\updater.exe
[2012/10/20 15:01:26 | 000,270,816 | ---- | M] (Mozilla Foundation) -- C:\Users\Robi\AppData\Local\Temp\MozUpdater-2\updater.exe
[2010/03/23 00:18:03 | 015,474,420 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\mtka_tmp\EFLC.exe
[2010/01/27 20:22:16 | 005,317,976 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\mtka_tmp\LaunchEFLC_activation.exe
[2010/01/27 20:22:34 | 000,101,520 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\mtka_tmp\secupacker_launcher.exe
[1 C:\Users\Robi\AppData\Local\Temp\mtka_tmp\*.tmp files -> C:\Users\Robi\AppData\Local\Temp\mtka_tmp\*.tmp -> ]
[2012/11/20 12:29:58 | 000,294,912 | ---- | M] (OCS) -- C:\Users\Robi\AppData\Local\Temp\OCS\ocs_v6q.exe
[2012/11/20 12:32:31 | 002,377,384 | ---- | M] (FireJump.net ) -- C:\Users\Robi\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\818016712e786dfc9e740090dbadc34a\FireJump_Setup.exe
[2012/11/20 12:32:48 | 001,191,596 | ---- | M] (Preispilot ) -- C:\Users\Robi\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\965421448e2ae6935357883e4db13ff5\preispilot-firefox-installer.exe
[2012/11/20 12:32:10 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\Robi\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\9c01e5d71e442bf564f271e62b1d5357\AmazonIconInstaller.exe
[2012/11/20 12:31:50 | 000,249,856 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\a3c2caa9cc4cdb568568c06b47f7fb36\SearchAnonymizerStarter.exe
[2012/11/20 12:33:31 | 010,224,184 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\a5f109cad706f70230e98e4424126475\avg-secure-setup.exe
[2012/11/20 12:32:07 | 001,088,872 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\ee1f7b4c6726cb98d08df809b1f7c2ac\TubeBox_Setup.exe
[2011/06/18 19:58:28 | 000,452,923 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\Temp1_Doodle.zip\Doodle.exe
[2011/02/17 22:23:24 | 005,298,620 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\Temp1_gp_win_rc6.1.zip\greenpois0n.exe
[2007/10/19 11:36:44 | 001,774,432 | ---- | M] (McAfee, Inc.) -- C:\Users\Robi\AppData\Local\Temp\Temp1_McafeeRootkitDetective_1.1.zip\Rootkit_Detective.exe
[2009/09/11 23:00:06 | 003,801,901 | ---- | M] (Netdisaster ) -- C:\Users\Robi\AppData\Local\Temp\Temp1_Netdisaster-1.1.zip\Go.exe
[2011/02/21 10:17:14 | 001,401,344 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\Temp1_Visual_Pinball.zip\VPinball911.exe
[2012/04/15 23:01:24 | 004,719,408 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Users\Robi\AppData\Local\Temp\Temp2_clickmusicalkeys.zip\BundleSweetIMSetup.exe
[2012/07/20 04:16:50 | 000,501,248 | ---- | M] () -- C:\Users\Robi\AppData\Local\Temp\VSDE997.tmp\setup.exe
[2012/10/01 20:16:01 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Users\Robi\AppData\Local\Temp\VSDE997.tmp\DotNetFX\dotnetchk.exe
[2009/07/18 10:13:30 | 001,843,544 | ---- | M] (Microsoft Corporation) -- C:\Users\Robi\AppData\Local\Temp\VSDE997.tmp\vcredist_x86\vcredist_x86.exe

< %allusersprofile%\*. >
[2012/09/17 13:51:00 | 000,000,000 | ---D | M] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/09/16 20:30:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2012/04/27 12:13:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple
[2012/04/27 12:14:25 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer
[2009/07/14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/08/17 20:20:15 | 000,000,000 | ---D | M] -- C:\ProgramData\ashampoo
[2011/01/28 20:14:17 | 000,000,000 | ---D | M] -- C:\ProgramData\ATI
[2012/11/21 16:42:46 | 000,000,000 | ---D | M] -- C:\ProgramData\AVAST Software
[2012/09/23 08:03:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Avira
[2012/02/28 18:20:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2012/10/20 18:27:24 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2010/09/09 20:11:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Corel
[2012/04/30 18:41:42 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2011/11/17 19:11:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Degener
[2009/07/14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2011/12/25 19:33:00 | 000,000,000 | ---D | M] -- C:\ProgramData\DivX
[2009/07/14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2012/04/24 10:52:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Downloaded Installations
[2011/10/14 16:24:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2009/07/14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/04/24 10:49:19 | 000,000,000 | ---D | M] -- C:\ProgramData\FLEXnet
[2012/10/13 12:58:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Hewlett-Packard
[2011/06/12 21:06:10 | 000,000,000 | ---D | M] -- C:\ProgramData\HP
[2011/08/18 10:26:20 | 000,000,000 | ---D | M] -- C:\ProgramData\HP Photo Creations
[2011/06/06 21:25:57 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2012/03/02 15:17:22 | 000,000,000 | ---D | M] -- C:\ProgramData\InstallMate
[2012/09/16 16:32:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Intel
[2012/04/05 19:34:20 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
[2012/11/17 22:24:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help
[2012/06/04 10:39:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla
[2011/02/13 10:57:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Norton
[2012/11/21 10:31:45 | 000,000,000 | ---D | M] -- C:\ProgramData\PDFC
[2012/03/02 15:17:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Premium
[2012/04/05 17:38:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\SecuROM
[2011/03/14 16:25:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype
[2012/04/25 14:29:22 | 000,000,000 | ---D | M] -- C:\ProgramData\SMART Technologies
[2011/01/30 09:33:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Sonic
[2009/07/14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2012/04/16 18:52:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun
[2012/04/23 21:08:57 | 000,000,000 | ---D | M] -- C:\ProgramData\SystemExplorer
[2012/11/20 11:57:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Tarma Installer
[2012/11/21 16:18:49 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2009/07/14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012/10/14 15:02:49 | 000,000,000 | ---D | M] -- C:\ProgramData\TheBflix
[2012/04/26 11:12:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Trymedia
[2012/09/16 22:31:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Uninstall
[2011/03/13 13:19:59 | 000,000,000 | ---D | M] -- C:\ProgramData\VirtualizedApplications
[2011/05/02 22:00:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Visan
[2012/08/24 16:05:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Vokabel Trainer
[2011/01/28 20:06:23 | 000,000,000 | ---D | M] -- C:\ProgramData\WinZip
[2011/02/20 18:44:51 | 000,000,000 | ---D | M] -- C:\ProgramData\{23D58E70-3B83-4B83-A227-68770F84F5EC}
[2012/04/27 12:15:31 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/09 20:12:17 | 000,000,000 | ---D | M] -- C:\ProgramData\{8D274659-3D84-4410-A197-C170D180BC76}
[2012/02/05 21:57:51 | 000,000,000 | ---D | M] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
[2012/10/20 18:27:24 | 000,000,000 | -HSD | M] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2011/10/16 08:15:16 | 000,000,000 | ---D | M] -- C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
[2011/06/26 19:52:08 | 000,000,000 | ---D | M] -- C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}

< %allusersprofile%\*.* >
[2012/11/23 15:01:38 | 000,000,088 | RHS- | M] () -- C:\ProgramData\32C99DC932.sys
[2011/03/14 15:18:14 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2012/11/23 15:01:39 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/12/15 12:23:30 | 000,000,236 | ---- | M] () -- C:\ProgramData\{5CAFA1B7-9EEF-4cc7-B9F7-9DDB3DAA679E}
[2011/12/15 12:58:48 | 000,000,236 | ---- | M] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51}

< %allusersprofile%\*.exe /s >
[2012/08/21 12:01:28 | 001,977,816 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\GEARDIFx.exe
[2012/08/21 12:01:22 | 000,115,672 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DifXInst32.exe
[2012/09/17 13:36:45 | 000,073,624 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple Computer\Installer Cache\iTunes 10.7.0.21\SetupAdmin.exe
[2012/04/25 11:24:06 | 000,073,584 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple Computer\Installer Cache\Safari 5.34.57.2\SetupAdmin.exe
[2012/09/17 13:33:13 | 000,073,576 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple\Installer Cache\iCloud Control Panel 1.1.0.40\SetupAdmin.exe
[2012/11/14 15:23:15 | 000,612,640 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\update.exe
[2012/09/07 19:26:02 | 000,047,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\updrgui.exe
[2011/08/11 01:57:44 | 001,248,312 | ---- | M] (Hewlett-Packard) -- C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe
[2011/08/18 10:26:01 | 000,161,960 | ---- | M] () -- C:\ProgramData\HP Photo Creations\MessageCheck.exe
[2011/08/18 10:26:01 | 000,301,224 | ---- | M] (Visan / RocketLife) -- C:\ProgramData\HP Photo Creations\PhotoProductCore.exe
[2011/08/18 10:26:01 | 000,162,208 | ---- | M] () -- C:\ProgramData\HP Photo Creations\PhotoProductReg.exe
[2010/05/20 16:12:48 | 004,238,264 | ---- | M] (Adobe Systems, Inc.) -- C:\ProgramData\HP\HP Deskjet 3050 J610 series\Help\flash\FlashPla.exe
[2012/02/21 01:45:08 | 000,015,496 | R-S- | M] (Tarma Software Research Pty Ltd) -- C:\ProgramData\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\Setup.exe
[2010/03/31 18:11:10 | 001,100,664 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\Office14\setup.exe
[2010/03/24 15:57:08 | 000,838,536 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\Office14\Office.de-de\DW20.EXE
[2010/03/24 15:57:14 | 000,519,584 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\Office14\Office.de-de\dwtrig20.exe
[2010/03/31 18:11:26 | 000,149,352 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\Office14\SingleImage.WW\ose.exe
[2010/03/01 00:38:28 | 005,336,456 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\de-de\Office.exe
[2010/03/31 16:25:30 | 001,629,584 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\de-de\SetupConsumerC2R.exe
[2010/03/31 16:25:30 | 001,629,584 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\de-de\SetupConsumerC2ROLW.exe
[2011/03/11 04:29:11 | 000,225,936 | R-S- | M] (Tarma Software Research Pty Ltd) -- C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe
[2010/04/15 20:17:42 | 003,276,784 | R--- | M] (Sonic Solutions) -- C:\ProgramData\Uninstall\{1D61E881-43CD-447B-9E6B-D2C6138B2862}\setup.exe

< >
[2009/07/14 05:53:46 | 000,032,640 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2009/07/14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2011/12/10 17:55:38 | 000,000,316 | ---- | C] () -- C:\windows\Tasks\HPCeeScheduleForRobi.job
[2012/04/24 10:12:03 | 000,000,314 | ---- | C] () -- C:\windows\Tasks\asilfsat.job

========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >

hoffe es ist richtig so?:/

hey..
ich habe gar keine ahnung von pc oder laptop

wenn es falsch ist dann mache ich es gerne nochmal neu.
Danke lg Kevinator

ryder · 23.11.2012, 16:06

Zitat:

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile und kopiere es in die Zwischenablage mit STRG+C.

Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].

Setze den Curser zwischen die CODE-Tags und drücke STRG+V.

Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Das ist ganz schön zugemüllt, da müssen wir erst anders ran:

Schritt 1:
Adware entfernen mit JRT

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.

Bitte lade Junkware Removal Tool auf Deinen Desktop.

Starte das Tool mit Doppelklick. Vista und 7 Nutzer bitte mit Rechtsklick "als Administrator ausführen" starten.
Das Tool wird sich öffnen und mit dem Scan beginnen.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 2:
Scan mit Combofix

Zitat:

WARNUNG:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Schritt 3:
Liste der installierten Programme (Combofix)

Bitte suche und poste mir die folgende Datei:
c:\Qoobox\Add-Remove Programs.txt

Kevinator941 · 23.11.2012, 17:00

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner.

Wie mache ich das?

hxxp://thisisudax.org/downloads/JRT.exe
und den habe ich heruntergeladen, und geöffnet aber der scannt automatisch, ohne dass ich was auswählen kann?!

ryder · 23.11.2012, 17:06

Genau der arbeitet alleine.

AVira deaktivieren: Rechtsklick auf das Regenschirmsymbol und deaktivieren

Kevinator941 · 23.11.2012, 17:18

ComboFix sagt mir, das antivirus: AntiVir Desktop
und antispyware : AntiVir Desktop aktiv sind und ich sie abschalten muss.. wie mache ich das??

ryder · 23.11.2012, 17:22

Wenn du es deaktiviert hast, dann ist das Okay und du kannst weiter machen. Avira ist ein dümmliches Programm und meldet sich oft nicht korrekt ab.

Zitat:

AVira deaktivieren: Rechtsklick auf das Regenschirmsymbol und deaktivieren

Kevinator941 · 23.11.2012, 17:47

Code:

ATTFilter

ComboFix 12-11-23.02 - Robi 23.11.2012  17:26:01.1.1 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.765.212 [GMT 1:00]
ausgeführt von:: c:\users\Robi\Downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\32C99DC932.sys
c:\programdata\TheBflix
c:\programdata\TheBflix\background.html
c:\programdata\TheBflix\bccldkoinakjmmgebambiaggjobhikfg.crx
c:\programdata\TheBflix\content.js
c:\programdata\TheBflix\settings.ini
C:\Thumbs.db
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-23 bis 2012-11-23  ))))))))))))))))))))))))))))))
.
.
2012-11-23 16:37 . 2012-11-23 16:38	--------	d-----w-	c:\users\Robi\AppData\Local\temp
2012-11-23 16:37 . 2012-11-23 16:37	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-23 15:49 . 2012-11-23 15:49	--------	d-----w-	c:\windows\ERUNT
2012-11-23 15:49 . 2012-11-23 15:49	--------	d-----w-	C:\JRT
2012-11-21 17:14 . 2012-11-21 17:14	--------	d-----w-	c:\windows\system32\IO
2012-11-21 10:43 . 2012-11-21 15:42	--------	d-----w-	c:\programdata\AVAST Software
2012-11-21 10:43 . 2012-11-21 10:43	--------	d-----w-	c:\program files\AVAST Software
2012-11-20 11:32 . 2011-05-13 12:16	493056	----a-w-	c:\windows\system32\dhRichClient3.dll
2012-11-20 11:32 . 2011-03-25 20:42	338432	----a-w-	c:\windows\system32\sqlite36_engine.dll
2012-11-20 11:32 . 2012-11-21 17:15	--------	d-----w-	c:\users\Robi\AppData\Roaming\DesktopIconForAmazon
2012-11-20 11:31 . 2012-11-20 11:31	--------	d-----w-	c:\users\Robi\AppData\Roaming\OCS
2012-11-20 11:04 . 2012-11-20 21:30	--------	d-----w-	c:\program files\SelfUpdater
2012-11-20 10:58 . 2012-11-20 21:27	--------	d-----w-	c:\users\Robi\AppData\Roaming\Bloson
2012-11-17 21:23 . 2012-07-26 03:39	526952	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-11-17 21:23 . 2012-07-26 03:39	47720	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-11-17 21:23 . 2012-07-26 02:46	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-11-17 21:22 . 2012-07-26 03:20	73216	----a-w-	c:\windows\system32\WUDFSvc.dll
2012-11-17 21:22 . 2012-07-26 03:20	172032	----a-w-	c:\windows\system32\WUDFPlatform.dll
2012-11-17 21:22 . 2012-07-26 02:33	66560	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2012-11-17 21:22 . 2012-07-26 02:32	155136	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2012-11-17 21:22 . 2012-07-26 03:21	196608	----a-w-	c:\windows\system32\WUDFHost.exe
2012-11-17 21:22 . 2012-07-26 03:20	613888	----a-w-	c:\windows\system32\WUDFx.dll
2012-11-17 21:22 . 2012-07-26 03:20	38912	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2012-11-17 19:48 . 2012-10-03 16:58	1293680	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-11-17 19:48 . 2012-10-03 16:42	52224	----a-w-	c:\windows\system32\nlaapi.dll
2012-11-17 19:48 . 2012-10-03 16:42	242176	----a-w-	c:\windows\system32\nlasvc.dll
2012-11-17 19:48 . 2012-10-03 16:42	18944	----a-w-	c:\windows\system32\netevent.dll
2012-11-17 19:48 . 2012-10-03 16:42	175104	----a-w-	c:\windows\system32\netcorehc.dll
2012-11-17 19:48 . 2012-10-03 16:42	156672	----a-w-	c:\windows\system32\ncsi.dll
2012-11-17 19:48 . 2012-10-03 16:40	499712	----a-w-	c:\windows\system32\iphlpsvc.dll
2012-11-17 19:48 . 2012-10-03 15:21	35328	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2012-11-17 19:48 . 2012-09-25 22:47	78336	----a-w-	c:\windows\system32\synceng.dll
2012-11-17 19:48 . 2012-10-18 17:59	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-11-17 19:48 . 2012-10-09 17:40	44032	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-11-17 19:48 . 2012-10-09 17:40	193536	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-11-07 15:06 . 2012-11-07 15:07	--------	d-----w-	c:\program files\Safari
2012-10-29 20:03 . 2012-10-29 20:03	32832	----a-w-	c:\program files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)\install.res.1028.dll
2012-10-29 20:03 . 2012-10-29 20:03	48192	----a-w-	c:\program files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)\install.res.1033.dll
2012-10-29 20:03 . 2012-10-29 20:03	32320	----a-w-	c:\program files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)\install.res.2052.dll
2012-10-29 20:03 . 2012-10-29 20:03	597040	----a-w-	c:\program files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)\install.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-23 14:01 . 2011-01-28 22:32	2828	--sha-w-	c:\programdata\KGyGaAvL.sys
2012-09-16 19:29 . 2012-09-16 19:29	696520	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-09-16 19:29 . 2011-08-17 11:15	73416	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-14 18:28 . 2012-10-10 20:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-09-07 18:26 . 2012-09-23 07:04	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-09-07 18:26 . 2012-09-23 07:04	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-09-07 18:26 . 2012-09-23 07:04	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-08-31 17:18 . 2012-10-10 20:45	1211760	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-08-30 17:12 . 2012-10-10 20:44	3968880	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 20:44	3914096	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-08-29 23:15 . 2012-08-29 23:15	3782214	----a-w-	C:\chatzum_nt.exe
2011-08-02 09:34 . 2011-08-02 09:34	528	----a-r-	c:\program files\MediaID.bin
2011-02-04 16:17 . 2011-02-07 16:25	60458664	----a-w-	c:\program files\FreeStudio.exe
2011-01-30 17:36 . 2011-01-30 17:36	8417616	----a-w-	c:\program files\Firefox.exe
2012-10-28 17:46 . 2012-10-28 17:46	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.4.8 (11.22.2012)
OS: Windows 7 Home Premium x86
Ran by Robi on 23.11.2012 at 16:49:51,55
Blog: hxxp://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\bProtectorDefaultScope 
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{30f9b915-b755-4826-820b-08fba6bd249d} 
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{30f9b915-b755-4826-820b-08fba6bd249d} 
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\urlsearchhooks\\{855f3b16-6d32-4fe6-8a56-bbb695989046} 
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} 
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} 
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2944064596-2206248867-496890886-1001\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2944064596-2206248867-496890886-1001\software\microsoft\internet explorer\searchscopes\\DefaultScope



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\conduit"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\conduitengine"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\conduitsearchscopes"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\crossrider"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\pricegong"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\smartbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\toolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\conduit"
Successfully deleted: [Registry Key] "hkey_current_user\software\cr_installer"
Failed to delete: [Registry Key]"hkey_current_user\software\datamngr"
Failed to delete: [Registry Key]"hkey_current_user\software\datamngr_toolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\windows\currentversion\ext\bprotectsettings"
Successfully deleted: [Registry Key] "hkey_current_user\software\softonic"
Successfully deleted: [Registry Key] "hkey_current_user\software\sweetim"
Successfully deleted: [Registry Key] "hkey_current_user\software\systweak"
Successfully deleted: [Registry Key] "hkey_local_machine\software\browserchoice"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\conduit.engine"
Successfully deleted: [Registry Key] "hkey_local_machine\software\conduit"
Failed to delete: [Registry Key]"hkey_local_machine\software\datamngr"
Successfully deleted: [Registry Key] "hkey_local_machine\software\systweak"
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{30f9b915-b755-4826-820b-08fba6bd249d}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{e46c8196-b634-44a1-af6e-957c64278ab1}



~~~ Files

Successfully deleted: [File] "C:\windows\system32\roboot.exe"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\installmate"
Successfully deleted: [Folder] "C:\ProgramData\premium"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Failed to delete: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\Users\Robi\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Robi\AppData\Roaming\dvdvideosoft"
Successfully deleted: [Folder] "C:\Users\Robi\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Robi\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Robi\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Program Files\Common Files\dvdvideosoft"
Successfully deleted: [Folder] "C:\Users\Robi\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Robi\appdata\local\conduitengine"
Successfully deleted: [Folder] "C:\Users\Robi\appdata\local\wajam"
Successfully deleted: [Folder] "C:\Users\Robi\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Robi\appdata\locallow\conduitengine"
Successfully deleted: [Folder] "C:\Users\Robi\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\conduitengine"
Failed to delete: [Folder] "C:\Program Files\dvdvideosoft"
Successfully deleted: [Folder] "C:\Program Files\trymedia"



~~~ FireFox

Successfully deleted: [File] C:\Users\Robi\AppData\Roaming\Mozilla\Firefox\Profiles\e7qdcxpt.default\user.js
Successfully deleted: [File] C:\user.js
Failed to delete: [Folder] C:\Users\Robi\AppData\Roaming\Mozilla\Firefox\Profiles\e7qdcxpt.default\extensions\{acaa314b-eeba-48e4-ad47-84e31c44796c}
Failed to delete: [Folder] C:\Users\Robi\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
Successfully deleted: [File] C:\Users\Robi\AppData\Roaming\Mozilla\Firefox\Profiles\e7qdcxpt.default\searchplugins\browsemngr.xml
Successfully deleted: [File] "C:\Program Files\mozilla firefox\searchplugins"\babylon.xml



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.11.2012 at 16:54:32,64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

wie mache ich schritt drei?

ryder · 23.11.2012, 17:50

Das Combofixlog ist nicht vollständig.

Kevinator941 · 23.11.2012, 18:24

überprüfst du grade die daten?
und wird der laptop dadurch auch wieder etwas schneller?

ryder · 23.11.2012, 18:26

Natürlich prüfe ich das ... ich brauche jedes Logfile komplett und das von Combofix ist es nicht - Schritt 3 fehlt.

Kevinator941 · 23.11.2012, 18:27

Code:

ATTFilter

ComboFix 12-11-23.02 - Robi 23.11.2012  17:26:01.1.1 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.765.212 [GMT 1:00]
ausgeführt von:: c:\users\Robi\Downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\32C99DC932.sys
c:\programdata\TheBflix
c:\programdata\TheBflix\background.html
c:\programdata\TheBflix\bccldkoinakjmmgebambiaggjobhikfg.crx
c:\programdata\TheBflix\content.js
c:\programdata\TheBflix\settings.ini
C:\Thumbs.db
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-23 bis 2012-11-23  ))))))))))))))))))))))))))))))
.
.
2012-11-23 16:37 . 2012-11-23 16:38	--------	d-----w-	c:\users\Robi\AppData\Local\temp
2012-11-23 16:37 . 2012-11-23 16:37	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-23 15:49 . 2012-11-23 15:49	--------	d-----w-	c:\windows\ERUNT
2012-11-23 15:49 . 2012-11-23 15:49	--------	d-----w-	C:\JRT
2012-11-21 17:14 . 2012-11-21 17:14	--------	d-----w-	c:\windows\system32\IO
2012-11-21 10:43 . 2012-11-21 15:42	--------	d-----w-	c:\programdata\AVAST Software
2012-11-21 10:43 . 2012-11-21 10:43	--------	d-----w-	c:\program files\AVAST Software
2012-11-20 11:32 . 2011-05-13 12:16	493056	----a-w-	c:\windows\system32\dhRichClient3.dll
2012-11-20 11:32 . 2011-03-25 20:42	338432	----a-w-	c:\windows\system32\sqlite36_engine.dll
2012-11-20 11:32 . 2012-11-21 17:15	--------	d-----w-	c:\users\Robi\AppData\Roaming\DesktopIconForAmazon
2012-11-20 11:31 . 2012-11-20 11:31	--------	d-----w-	c:\users\Robi\AppData\Roaming\OCS
2012-11-20 11:04 . 2012-11-20 21:30	--------	d-----w-	c:\program files\SelfUpdater
2012-11-20 10:58 . 2012-11-20 21:27	--------	d-----w-	c:\users\Robi\AppData\Roaming\Bloson
2012-11-17 21:23 . 2012-07-26 03:39	526952	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-11-17 21:23 . 2012-07-26 03:39	47720	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-11-17 21:23 . 2012-07-26 02:46	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-11-17 21:22 . 2012-07-26 03:20	73216	----a-w-	c:\windows\system32\WUDFSvc.dll
2012-11-17 21:22 . 2012-07-26 03:20	172032	----a-w-	c:\windows\system32\WUDFPlatform.dll
2012-11-17 21:22 . 2012-07-26 02:33	66560	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2012-11-17 21:22 . 2012-07-26 02:32	155136	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2012-11-17 21:22 . 2012-07-26 03:21	196608	----a-w-	c:\windows\system32\WUDFHost.exe
2012-11-17 21:22 . 2012-07-26 03:20	613888	----a-w-	c:\windows\system32\WUDFx.dll
2012-11-17 21:22 . 2012-07-26 03:20	38912	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2012-11-17 19:48 . 2012-10-03 16:58	1293680	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-11-17 19:48 . 2012-10-03 16:42	52224	----a-w-	c:\windows\system32\nlaapi.dll
2012-11-17 19:48 . 2012-10-03 16:42	242176	----a-w-	c:\windows\system32\nlasvc.dll
2012-11-17 19:48 . 2012-10-03 16:42	18944	----a-w-	c:\windows\system32\netevent.dll
2012-11-17 19:48 . 2012-10-03 16:42	175104	----a-w-	c:\windows\system32\netcorehc.dll
2012-11-17 19:48 . 2012-10-03 16:42	156672	----a-w-	c:\windows\system32\ncsi.dll
2012-11-17 19:48 . 2012-10-03 16:40	499712	----a-w-	c:\windows\system32\iphlpsvc.dll
2012-11-17 19:48 . 2012-10-03 15:21	35328	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2012-11-17 19:48 . 2012-09-25 22:47	78336	----a-w-	c:\windows\system32\synceng.dll
2012-11-17 19:48 . 2012-10-18 17:59	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-11-17 19:48 . 2012-10-09 17:40	44032	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-11-17 19:48 . 2012-10-09 17:40	193536	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-11-07 15:06 . 2012-11-07 15:07	--------	d-----w-	c:\program files\Safari
2012-10-29 20:03 . 2012-10-29 20:03	32832	----a-w-	c:\program files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)\install.res.1028.dll
2012-10-29 20:03 . 2012-10-29 20:03	48192	----a-w-	c:\program files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)\install.res.1033.dll
2012-10-29 20:03 . 2012-10-29 20:03	32320	----a-w-	c:\program files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)\install.res.2052.dll
2012-10-29 20:03 . 2012-10-29 20:03	597040	----a-w-	c:\program files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)\install.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-23 14:01 . 2011-01-28 22:32	2828	--sha-w-	c:\programdata\KGyGaAvL.sys
2012-09-16 19:29 . 2012-09-16 19:29	696520	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-09-16 19:29 . 2011-08-17 11:15	73416	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-14 18:28 . 2012-10-10 20:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-09-07 18:26 . 2012-09-23 07:04	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-09-07 18:26 . 2012-09-23 07:04	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-09-07 18:26 . 2012-09-23 07:04	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-08-31 17:18 . 2012-10-10 20:45	1211760	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-08-30 17:12 . 2012-10-10 20:44	3968880	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 20:44	3914096	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-08-29 23:15 . 2012-08-29 23:15	3782214	----a-w-	C:\chatzum_nt.exe
2011-08-02 09:34 . 2011-08-02 09:34	528	----a-r-	c:\program files\MediaID.bin
2011-02-04 16:17 . 2011-02-07 16:25	60458664	----a-w-	c:\program files\FreeStudio.exe
2011-01-30 17:36 . 2011-01-30 17:36	8417616	----a-w-	c:\program files\Firefox.exe
2012-10-28 17:46 . 2012-10-28 17:46	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Remote Mouse"="c:\program files\Remote Mouse\RemoteMouse.exe" [2012-03-19 1020416]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
"com.apple.dav.bookmarks.daemon"="c:\program files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 256056]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-26 1713448]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-05 98304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-17 495708]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-07 348664]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-12-31 91520]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-30 836896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Robi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Robi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-27 19:32	59280	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 21:30	421776	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2010-03-06 13:39	563736	----a-w-	c:\program files\PDF Complete\pdfsty.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
2007-09-02 12:58	495616	----a-w-	c:\program files\RocketDock\RocketDock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-06-17 11:44	85160	----a-w-	c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 SystemStoreService;System Store Service;c:\program files\Freetec\SystemStore\SystemStore.exe  -displayname System Store Service -servicename:SystemStoreService [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 mv2;mv2;c:\windows\system32\DRIVERS\mv2.sys [x]
R3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [x]
R3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [x]
R3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\aestsrv.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 18:38	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-23 c:\windows\Tasks\asilfsat.job
- c:\windows\system32\usbceipi.dll [2012-04-24 09:12]
.
2012-11-09 c:\windows\Tasks\HPCeeScheduleForRobi.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\Robi\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Robi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Robi\AppData\Roaming\Mozilla\Firefox\Profiles\e7qdcxpt.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{0f369707-379f-46df-a5c5-d04390f3459b} - (no file)
URLSearchHooks-{5786d022-540e-4699-b350-b4be0ae94b79} - (no file)
Toolbar-{0f369707-379f-46df-a5c5-d04390f3459b} - (no file)
Toolbar-{DFEFCDEE-CF1A-4FC8-88AD-129872198372} - (no file)
WebBrowser-{0F369707-379F-46DF-A5C5-D04390F3459B} - (no file)
HKCU-Run-SystemExplorerAutoStart - c:\program files\System Explorer\SystemExplorer.exe
HKCU-Run-Tonido - c:\users\Robi\AppData\Roaming\Tonido\launcher.exe
HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe
MSConfigStartUp-Google Update - c:\users\Robi\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
AddRemove-conduitEngine - c:\progra~1\CONDUI~1\ConduitEngineUninstall.exe
AddRemove-Free Audio CD Burner_is1 - c:\program files\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-Free Studio_is1 - c:\program files\Common Files\DVDVideoSoft\Uninstall.exe
AddRemove-Free YouTube Download_is1 - c:\program files\DVDVideoSoft\Free YouTube Download\unins000.exe
AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SystemStoreService]
"ImagePath"="\"c:\program files\Freetec\SystemStore\SystemStore.exe\"  -displayname \"System Store Service\" -servicename:SystemStoreService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-2944064596-2206248867-496890886-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-2944064596-2206248867-496890886-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-2944064596-2206248867-496890886-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-2944064596-2206248867-496890886-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-2944064596-2206248867-496890886-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2944064596-2206248867-496890886-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2944064596-2206248867-496890886-1001\Software\SecuROM\License information*]
"datasecu"=hex:1a,b9,4f,10,02,56,2e,94,cf,c4,ce,c4,5a,3b,1b,57,6a,23,b1,b1,30,
   ee,34,11,97,a1,a5,e2,ed,0d,c0,0b,9c,12,bf,1e,bf,4b,e7,ff,d4,69,10,1c,4f,35,\
"rkeysecu"=hex:59,f6,46,8f,fa,19,09,00,b5,fa,6c,08,4d,63,de,e7
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-23  17:41:54
ComboFix-quarantined-files.txt  2012-11-23 16:41
.
Vor Suchlauf: 13 Verzeichnis(se), 87.422.029.824 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 89.342.414.848 Bytes frei
.
- - End Of File - - AEA976FE2484B4F9868BE2CA71B2AAA8

das ist alles was da steht?

ryder · 23.11.2012, 18:28

jetzt ist es komplett, Schritt 3 noch

23.11.2012, 17:06	#7
ryder /// TB-Ausbilder	Internetseiten-Fehler Genau der arbeitet alleine. AVira deaktivieren: Rechtsklick auf das Regenschirmsymbol und deaktivieren __________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM!

23.11.2012, 17:50	#11
ryder /// TB-Ausbilder	Internetseiten-Fehler Das Combofixlog ist nicht vollständig. __________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM!

23.11.2012, 18:26	#13
ryder /// TB-Ausbilder	Internetseiten-Fehler Natürlich prüfe ich das ... ich brauche jedes Logfile komplett und das von Combofix ist es nicht - Schritt 3 fehlt. __________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM!

23.11.2012, 18:28	#15
ryder /// TB-Ausbilder	Internetseiten-Fehler jetzt ist es komplett, Schritt 3 noch __________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM!

Internetseiten-Fehler

Plagegeister aller Art und deren Bekämpfung: Internetseiten-Fehler