tonproblem habe "unsichtbare ton werbung" seid 3tagen

werso111 · 09.11.2013, 16:38

Hallo,
seid ungefähr 3 tagen habe ich "unsichtbare werbung" oder sowas jedenfalls kommt manchmal einfach so ton über werbung laut Lautstärkemixer kommt der ton von mozilla firefox und wenn ich den auf stumm stelle ist es dann auch weg aber ich hab das nichtmal genutzt naja habs dann deinstalliert aber hat nicht geholfen... CCleaner und das schließen aller tabs im taskmanager hat nicht geholfen das wegzubekommen und auch net das deinstalieren der letzden sachen die ich installiert habe :/
und avira antivirus hat auch nichts festgestellt was damit zu tun hat...

könnt ihr mir helfen das ist ziemlich nervig wenn dann plötzlich so ein sch* werbung kommt

mfg

cosinus · 10.11.2013, 01:52

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

werso111 · 10.11.2013, 10:45

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by robin (administrator) on PC-R4KZ83901G on 10-11-2013 10:36:11
Running from C:\Users\robin\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\Rent\Update.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Windows\Rent\Rent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Valve Corporation) D:\Daten\Steam\Steam.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corp.) C:\Users\robin\Documents\MSDCSC\msdcsc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Dropbox, Inc.) C:\Users\robin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
(PortableApps.com) C:\Windows\SysWOW64\FF_BN_127119\FirefoxPortable.exe
(Mozilla Corporation) C:\Windows\SysWOW64\FF_BN_127119\App\firefox\firefox.exe
(Google Inc.) C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [Google Update] - C:\Users\robin\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-03] (Google Inc.)
HKCU\...\Run: [Steam] - D:\Daten\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)
HKCU\...\Run: [Akamai NetSession Interface] - "C:\Users\robin\AppData\Local\Akamai\netsession_win.exe"
HKCU\...\Run: [Messenger] - "C:\Users\robin\AppData\Roaming\msnmsgr.exe"
HKCU\...\Run: [MicroUpdate] - C:\Users\robin\Documents\MSDCSC\msdcsc.exe [938496 2012-08-03] (Microsoft Corp.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-08-25] (AMD)
HKCU\...\Run: [Remote Control Server] - C:\Program Files (x86)\Remote Control Server\Remote Control Server.exe
HKCU\...\Run: [Exetender_148] - "C:\Program Files (x86)\FreeRide Games\GPlayer.exe" /schedule 300000
MountPoints2: G - G:\pushinst.exe
MountPoints2: {ed96199a-ad88-11e1-9682-adb26ec2ae63} - G:\pushinst.exe
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
AppInit_DLLs:    [0 ] ()
Startup: C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\robin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x13ECD8049741CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=5A1B6470026EFB0A&affID=121565&tsp=5010
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {690CC4C4-C3B3-44DB-8BC3-39D146EA96F1} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {F7EE4016-0062-4D55-A6C7-9A1C0C6669E5} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=dfc1b000-f40b-4472-8536-068f56c45228&apn_sauid=90BF6226-AC28-4833-890B-811BEB4C88C5
SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - !{DFEFCDEE-CF1A-4FC8-88AD-129872198372} -  No File
Toolbar: HKLM - No Name - !{e36df325-3f4b-476f-8f89-123bc5d51a30} -  No File
Toolbar: HKLM-x32 - No Name - !{DFEFCDEE-CF1A-4FC8-88AD-129872198372} -  No File
Toolbar: HKLM-x32 - No Name - !{e36df325-3f4b-476f-8f89-123bc5d51a30} -  No File
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR HomePage: hxxp://start.icq.com/
CHR RestoreOnStartup: "hxxp://start.icq.com/", "hxxp://www.searchnu.com/406", "hxxp://search.babylon.com/?affID=109958&tt=120912_pcp_3812_1&babsrc=HP_ss&mntrId=5a1b86af000000000000bc0543027d7b", "hxxp://search.iminent.com/?appId=8A9725FF-166A-4A54-AA70-3C19BF792E8C", "hxxp://www.delta-search.com/?affID=119776&tt=120912_pcp_3812_1&babsrc=HP_ss&mntrId=5a1b86af00000000000000ff4fbcb0c0", "hxxp://isearch.babylon.com/?affID=120349&tt=120912_pcp_3812_1&babsrc=HP_ss&mntrId=5a1b86af0000000000006470026efb0a", "hxxp://www.delta-search.com/?affID=119396&tt=120912_pcp_3812_1&babsrc=HP_ss&mntrId=5a1b86af0000000000006470026efb0a", "hxxp://search.conduit.com/?ctid=CT3297265&SearchSource=48&CUI=UN16027366193223595&UM=2", "hxxp://www.google.com", "hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=5A1B6470026EFB0A&affID=121565&tsp=5010"
CHR Plugin: (Shockwave Flash) - C:\Users\robin\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\robin\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\robin\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (LoadTubes Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (MoneyMillionaire plugin) - C:\ProgramData\Rabatt-Finder\FFExtension20130203211738\plugins\npdf.dll No File
CHR Plugin: (Google Update) - C:\Users\robin\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Drive) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Battlefield Play4Free) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0
CHR Extension: (Gmail) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR Extension: (AdBlock) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pljaalgmajnlogcgiohkhdmgpomjcihk\2.6.10_0
CHR HKLM\...\Chrome\Extension: [kdmpheneajogfnlbplgmdbempjibfbok] - C:\Program Files\FBFlicker\source.crx
CHR HKLM-x32\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\robin\AppData\LocalLow\proxtube\CHROME\proxtube.crx
CHR HKLM-x32\...\Chrome\Extension: [flolnhkojafikhpkpidiphabnpgedplh] - C:\Users\robin\AppData\Local\CRE\flolnhkojafikhpkpidiphabnpgedplh.crx
CHR HKLM-x32\...\Chrome\Extension: [hkoahcaobjbihehldfimhblmhgalcipm] - C:\Users\robin\AppData\Local\CRE\hkoahcaobjbihehldfimhblmhgalcipm.crx
CHR HKLM-x32\...\Chrome\Extension: [kdmpheneajogfnlbplgmdbempjibfbok] - C:\Program Files\FBFlicker\source.crx
CHR HKLM-x32\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\robin\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx
CHR StartMenuInternet: Google Chrome - C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] ()
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-04-01] ()
S2 DiscountfinderService; "C:\ProgramData\Rabatt-Finder\DFService.exe" [x]
R2 Rent Update; C:/Windows/Rent/Update.exe [x]

==================== Drivers (Whitelisted) ====================

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-30] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2009-03-20] (AVM Berlin)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2009-03-20] (AVM GmbH)
R3 hcw88rc5; C:\Windows\System32\Drivers\hcw88rc5.sys [15872 2010-08-16] (Hauppauge Computer Works, Inc.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-17] (Anchorfree Inc.)
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-10 10:35 - 2013-11-10 10:35 - 01957098 _____ (Farbar) C:\Users\robin\Downloads\FRST64.exe
2013-11-10 10:35 - 2013-11-10 10:35 - 00000000 ____D C:\FRST
2013-11-10 10:31 - 2013-11-10 10:32 - 00000000 ___HD C:\Windows\SysWOW64\FF_BN_127119
2013-11-10 10:26 - 2013-11-10 10:26 - 00000542 _____ C:\Windows\PFRO.log
2013-11-09 23:15 - 2013-11-10 10:27 - 00000280 _____ C:\Windows\setupact.log
2013-11-09 23:15 - 2013-11-09 23:15 - 00000000 _____ C:\Windows\setuperr.log
2013-10-29 18:25 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-29 18:25 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-29 18:25 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-29 18:25 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-29 18:25 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-29 18:25 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-29 18:25 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-27 21:11 - 2013-10-27 21:11 - 16604432 _____ (Philipp Schmieder Medien                                    ) C:\Users\robin\Downloads\clipgrab-3.3.0.1.exe
2013-10-26 11:45 - 2013-10-27 02:05 - 00000000 ____D C:\Users\robin\Documents\Rockstar Games
2013-10-26 11:42 - 2013-10-26 11:42 - 00000000 ____D C:\Users\robin\Documents\Games for Windows - LIVE Demos
2013-10-25 21:26 - 2013-10-25 21:26 - 00000000 ____D C:\Users\robin\AppData\Local\photoOptimizeHistoryDataBase
2013-10-25 21:26 - 2013-10-25 21:26 - 00000000 ____D C:\Users\robin\AppData\Local\Ashampoo Photo Optimizer 4
2013-10-25 17:42 - 2013-10-25 17:42 - 01468293 _____ C:\Users\robin\Downloads\88x_2_126_28225_WHQL (2).zip
2013-10-24 19:13 - 2013-11-08 17:55 - 00000041 _____ C:\Users\robin\Desktop\Neues Textdokument.txt
2013-10-24 18:14 - 2013-10-24 18:14 - 07720728 _____ C:\Users\robin\Downloads\HSS-3.17-install-hss-600-conduit.exe
2013-10-23 20:53 - 2013-10-23 20:53 - 00096872 _____ (Spotify Ltd) C:\Users\robin\Downloads\SpotifySetup.exe
2013-10-22 21:31 - 2013-10-26 11:37 - 00000000 ____D C:\Users\robin\AppData\Local\RadioSure
2013-10-22 21:31 - 2013-10-22 21:31 - 02224589 _____ (TheBestWare Studio) C:\Users\robin\Downloads\RadioSure-2.0.886-setup.exe
2013-10-22 21:15 - 2013-10-22 21:29 - 00000000 ____D C:\Program Files (x86)\Chilirec
2013-10-22 21:15 - 2013-10-22 21:22 - 00000000 ____D C:\Users\robin\AppData\Roaming\Chilirec
2013-10-22 21:11 - 2013-10-22 21:16 - 33607680 _____ (Ashampoo GmbH & Co. KG                                      ) C:\Users\robin\Downloads\ashampoo_photo_optimizer_4_4.0.3_12123.exe
2013-10-22 21:08 - 2013-10-22 21:15 - 39573966 _____ C:\Users\robin\Downloads\ChilirecSetup.exe
2013-10-22 18:16 - 2013-10-22 18:16 - 08531968 _____ C:\Users\robin\Downloads\SteamInstall_German.msi
2013-10-19 20:16 - 2013-10-19 20:16 - 02364793 _____ (Steppschuh) C:\Users\robin\Downloads\RemoteControlServerSetup.exe
2013-10-19 16:05 - 2013-10-19 16:05 - 00000000 ____D C:\ProgramData\Oracle
2013-10-19 16:05 - 2013-10-19 16:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-19 16:05 - 2013-10-19 16:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-19 16:05 - 2013-10-19 16:04 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-19 16:05 - 2013-10-19 16:04 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-19 16:04 - 2013-10-19 16:04 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-11 22:50 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 22:50 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 22:50 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 22:50 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 22:50 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 22:50 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 22:50 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 22:50 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 22:50 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 22:50 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-11 22:50 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-11 22:50 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 22:50 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-11 22:50 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 22:50 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 22:50 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 22:50 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 22:50 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 22:50 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 22:50 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 22:50 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 22:50 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 22:50 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 22:50 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 22:50 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 22:50 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 22:50 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-11 22:50 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 22:50 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 22:50 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-11 22:50 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-11 16:25 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-11 16:25 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-11 16:25 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-11 16:25 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-11 16:25 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-11 16:25 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-11 16:25 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-11 16:25 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-11 16:25 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-11 16:25 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-11 16:25 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-11 16:25 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-11 16:25 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-11 16:25 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-11 16:25 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-11 16:25 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-11 16:25 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-11 16:25 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-11 16:25 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-11 16:25 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-11 16:25 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-11 16:25 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-11 16:25 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 16:25 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 16:25 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-11 16:25 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-11 16:25 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-11 16:25 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-11 16:25 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-11 16:25 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-11 16:25 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-11 16:25 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-11 16:25 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-11 16:25 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-11 16:25 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-11 16:25 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-11 16:25 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-11 16:25 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-11 16:25 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-11 16:25 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-11 16:25 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-11 16:25 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-11 16:25 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-11 16:25 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-11 16:25 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

==================== One Month Modified Files and Folders =======

2013-11-10 10:35 - 2013-11-10 10:35 - 01957098 _____ (Farbar) C:\Users\robin\Downloads\FRST64.exe
2013-11-10 10:35 - 2013-11-10 10:35 - 00000000 ____D C:\FRST
2013-11-10 10:35 - 2012-06-03 16:02 - 00000000 ____D C:\Users\robin\AppData\Roaming\Skype
2013-11-10 10:34 - 2013-09-19 19:34 - 00000290 _____ C:\Windows\Tasks\Dealply.job
2013-11-10 10:34 - 2009-07-14 05:45 - 00014928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-10 10:34 - 2009-07-14 05:45 - 00014928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-10 10:33 - 2012-06-03 15:30 - 01888704 _____ C:\Windows\WindowsUpdate.log
2013-11-10 10:32 - 2013-11-10 10:31 - 00000000 ___HD C:\Windows\SysWOW64\FF_BN_127119
2013-11-10 10:32 - 2009-07-14 18:58 - 00699416 _____ C:\Windows\system32\perfh007.dat
2013-11-10 10:32 - 2009-07-14 18:58 - 00149556 _____ C:\Windows\system32\perfc007.dat
2013-11-10 10:32 - 2009-07-14 06:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-10 10:30 - 2013-01-08 22:04 - 00000000 ___RD C:\Users\robin\Dropbox
2013-11-10 10:30 - 2013-01-08 22:01 - 00000000 ____D C:\Users\robin\AppData\Roaming\Dropbox
2013-11-10 10:27 - 2013-11-09 23:15 - 00000280 _____ C:\Windows\setupact.log
2013-11-10 10:27 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-10 10:26 - 2013-11-10 10:26 - 00000542 _____ C:\Windows\PFRO.log
2013-11-09 23:24 - 2012-10-18 19:04 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-09 23:24 - 2012-06-03 15:42 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2099103694-3175837312-4042448093-1000UA.job
2013-11-09 23:18 - 2012-09-30 18:19 - 00000000 ____D C:\Users\robin\AppData\Local\CrashDumps
2013-11-09 23:17 - 2013-10-05 14:41 - 00000000 ____D C:\Program Files (x86)\WinTV
2013-11-09 23:15 - 2013-11-09 23:15 - 00000000 _____ C:\Windows\setuperr.log
2013-11-09 22:24 - 2012-06-03 15:42 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2099103694-3175837312-4042448093-1000Core.job
2013-11-09 03:21 - 2012-08-19 20:57 - 00000000 ____D C:\Users\robin\AppData\Roaming\TS3Client
2013-11-09 03:20 - 2012-06-03 16:27 - 00000000 ____D C:\Windows\Panther
2013-11-08 18:44 - 2012-06-05 14:12 - 00000000 ____D C:\Users\robin\AppData\Local\Windows Live
2013-11-08 17:55 - 2013-10-24 19:13 - 00000041 _____ C:\Users\robin\Desktop\Neues Textdokument.txt
2013-11-08 17:46 - 2013-09-14 17:12 - 00000000 _____ C:\END
2013-11-08 14:48 - 2012-06-03 15:51 - 00000000 ____D C:\ProgramData\Skype
2013-11-08 14:47 - 2013-01-26 16:36 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-06 18:59 - 2012-06-12 12:21 - 00000000 ____D C:\Users\robin\AppData\Roaming\Mozilla
2013-11-04 22:38 - 2013-09-25 21:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-29 21:31 - 2012-06-07 20:40 - 00000000 ____D C:\Program Files (x86)\Origin
2013-10-27 21:11 - 2013-10-27 21:11 - 16604432 _____ (Philipp Schmieder Medien                                    ) C:\Users\robin\Downloads\clipgrab-3.3.0.1.exe
2013-10-27 02:05 - 2013-10-26 11:45 - 00000000 ____D C:\Users\robin\Documents\Rockstar Games
2013-10-26 11:43 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-26 11:42 - 2013-10-26 11:42 - 00000000 ____D C:\Users\robin\Documents\Games for Windows - LIVE Demos
2013-10-26 11:37 - 2013-10-22 21:31 - 00000000 ____D C:\Users\robin\AppData\Local\RadioSure
2013-10-25 21:26 - 2013-10-25 21:26 - 00000000 ____D C:\Users\robin\AppData\Local\photoOptimizeHistoryDataBase
2013-10-25 21:26 - 2013-10-25 21:26 - 00000000 ____D C:\Users\robin\AppData\Local\Ashampoo Photo Optimizer 4
2013-10-25 17:43 - 2013-10-05 14:26 - 00083574 _____ C:\hcwDriverInstall.txt
2013-10-25 17:42 - 2013-10-25 17:42 - 01468293 _____ C:\Users\robin\Downloads\88x_2_126_28225_WHQL (2).zip
2013-10-24 18:14 - 2013-10-24 18:14 - 07720728 _____ C:\Users\robin\Downloads\HSS-3.17-install-hss-600-conduit.exe
2013-10-23 20:53 - 2013-10-23 20:53 - 00096872 _____ (Spotify Ltd) C:\Users\robin\Downloads\SpotifySetup.exe
2013-10-22 21:31 - 2013-10-22 21:31 - 02224589 _____ (TheBestWare Studio) C:\Users\robin\Downloads\RadioSure-2.0.886-setup.exe
2013-10-22 21:29 - 2013-10-22 21:15 - 00000000 ____D C:\Program Files (x86)\Chilirec
2013-10-22 21:22 - 2013-10-22 21:15 - 00000000 ____D C:\Users\robin\AppData\Roaming\Chilirec
2013-10-22 21:16 - 2013-10-22 21:11 - 33607680 _____ (Ashampoo GmbH & Co. KG                                      ) C:\Users\robin\Downloads\ashampoo_photo_optimizer_4_4.0.3_12123.exe
2013-10-22 21:15 - 2013-10-22 21:08 - 39573966 _____ C:\Users\robin\Downloads\ChilirecSetup.exe
2013-10-22 18:17 - 2012-06-03 15:35 - 00000000 ____D C:\Users\robin
2013-10-22 18:16 - 2013-10-22 18:16 - 08531968 _____ C:\Users\robin\Downloads\SteamInstall_German.msi
2013-10-22 15:44 - 2012-07-12 19:55 - 00000000 ____D C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-10-19 20:16 - 2013-10-19 20:16 - 02364793 _____ (Steppschuh) C:\Users\robin\Downloads\RemoteControlServerSetup.exe
2013-10-19 20:16 - 2013-02-09 23:48 - 00000000 ____D C:\Users\robin\AppData\Local\Downloaded Installations
2013-10-19 16:05 - 2013-10-19 16:05 - 00000000 ____D C:\ProgramData\Oracle
2013-10-19 16:04 - 2013-10-19 16:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-19 16:04 - 2013-10-19 16:05 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-19 16:04 - 2013-10-19 16:05 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-19 16:04 - 2013-10-19 16:05 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-19 16:04 - 2013-10-19 16:04 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-19 11:26 - 2013-07-31 17:27 - 00002373 _____ C:\Users\robin\Desktop\Google Chrome.lnk
2013-10-16 21:19 - 2012-06-03 15:42 - 00004090 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2099103694-3175837312-4042448093-1000UA
2013-10-16 21:19 - 2012-06-03 15:42 - 00003694 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2099103694-3175837312-4042448093-1000Core
2013-10-12 16:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-10-12 11:44 - 2009-07-14 05:45 - 00321112 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 22:52 - 2013-01-04 00:09 - 01593956 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-11 22:51 - 2012-06-23 13:13 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-11 22:49 - 2012-06-26 12:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 22:49 - 2012-06-26 12:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 22:48 - 2013-07-17 20:25 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 22:47 - 2012-06-04 21:37 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-11 16:52 - 2012-08-05 15:44 - 00000000 ____D C:\Users\robin\Desktop\mappe
2013-10-11 16:14 - 2012-11-20 17:57 - 00000000 ___HD C:\Windows\SysWOW64\FF
2013-10-11 16:11 - 2012-11-20 17:55 - 00139264 _____ C:\Windows\SysWOW64\r_unzip.exe

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2099103694-3175837312-4042448093-1000\$81109d3c53d86959cb958bcea805a9e8

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$81109d3c53d86959cb958bcea805a9e8

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-31 16:21

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013
Ran by robin at 2013-11-10 10:36:48
Running from C:\Users\robin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
Adobe AIR (x32 Version: 3.6.0.5970)
Adobe Download Assistant (x32 Version: 1.2.5)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
ATI AVIVO64 Codecs (Version: 11.6.0.50825)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
Battlefield Heroes (x32)
Battlefield Play4Free (x32)
CamStudio (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485)
CCC Help Czech (x32 Version: 2012.1219.1520.27485)
CCC Help Danish (x32 Version: 2012.1219.1520.27485)
CCC Help Dutch (x32 Version: 2012.1219.1520.27485)
CCC Help English (x32 Version: 2012.1219.1520.27485)
CCC Help Finnish (x32 Version: 2012.1219.1520.27485)
CCC Help French (x32 Version: 2012.1219.1520.27485)
CCC Help German (x32 Version: 2012.1219.1520.27485)
CCC Help Greek (x32 Version: 2012.1219.1520.27485)
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485)
CCC Help Italian (x32 Version: 2012.1219.1520.27485)
CCC Help Japanese (x32 Version: 2012.1219.1520.27485)
CCC Help Korean (x32 Version: 2012.1219.1520.27485)
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485)
CCC Help Polish (x32 Version: 2012.1219.1520.27485)
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485)
CCC Help Russian (x32 Version: 2012.1219.1520.27485)
CCC Help Spanish (x32 Version: 2012.1219.1520.27485)
CCC Help Swedish (x32 Version: 2012.1219.1520.27485)
CCC Help Thai (x32 Version: 2012.1219.1520.27485)
CCC Help Turkish (x32 Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
CCleaner (Version: 3.27)
D3DX10 (x32 Version: 15.4.2368.0902)
DivX-Setup (x32 Version: 2.6.1.84)
Dropbox (HKCU Version: 2.0.22)
Flatcast Viewer Plugin 5.3.0.784 (x32)
Fotogalerie (x32 Version: 16.4.3505.0912)
Google Chrome (HKCU Version: 30.0.1599.101)
Google Update Helper (x32 Version: 1.3.23.0)
Grand Theft Auto IV (x32)
Grand Theft Auto: Episodes from Liberty City (x32)
Hauppauge German Help Files and Resources (x32)
Hauppauge WinTV (x32)
Hauppauge WinTV Scheduler (x32)
Hauppauge WinTV Soft PVR (x32)
HydraVision (x32 Version: 4.2.180.0)
HyperCam 2 (Version: 2.27.00)
InterVideo FilterSDK for Hauppauge (x32)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
JavaFX 2.1.1 (x32 Version: 2.1.1)
Junk Mail filter update (x32 Version: 16.4.3505.0912)
League of Legends (x32 Version: 1.3)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Movie Maker (x32 Version: 16.4.3505.0912)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
NVIDIA PhysX (x32 Version: 9.10.0129)
OpenVPN 2.2.2 (x32 Version: 2.2.2)
Origin (x32 Version: 9.0.15.65)
PDF-Viewer (Version: 2.5.211.0)
Photo Gallery (x32 Version: 16.4.3505.0912)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0)
Skype™ 6.10 (x32 Version: 6.10.104)
Steam (x32 Version: 1.0.0.0)
Stronghold (x32 Version: 1.20.0000)
Stronghold Crusader Extreme (x32 Version: 1.20.0000)
swMSM (x32 Version: 12.0.0.1)
TeamSpeak 3 Client (Version: 3.0.10.1)
TeamViewer 8 (x32 Version: 8.0.22298)
TL-WN881ND Driver (x32 Version: 1.0.0)
TP-LINK Wireless Configuration Utility (x32 Version: 1.0.0)
Unity Web Player (HKCU Version: )
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
Uplay (x32 Version: 2.0)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
VTPlus32 für WinTV (German) (x32)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live Family Safety (Version: 16.4.3505.0912)
Windows Live Family Safety (x32 Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Mail (x32 Version: 16.4.3505.0912)
Windows Live Messenger (x32 Version: 16.4.3505.0912)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
Windows Live Writer (x32 Version: 16.4.3505.0912)
Windows Live Writer Resources (x32 Version: 16.4.3505.0912)
WinRAR 4.20 (64-bit) (Version: 4.20.0)

==================== Restore Points  =========================

05-11-2013 16:20:30 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-02-13 22:57 - 00000822 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {001CF8EE-436D-4671-954C-C2DCAD3F7252} - System32\Tasks\Dealply => C:\Users\robin\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe [2013-04-12] ()
Task: {03E80305-96DF-4F08-BE1C-B04DFBB69B5A} - System32\Tasks\RunOW => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe
Task: {12E74466-AD65-4F2A-953D-D87DAD3F86DB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {267B7AE5-23D9-45BA-A290-91164A908F16} - System32\Tasks\{66F09167-DD8B-4ED0-9645-B2E1839541CC} => Chrome.exe hxxp://ui.skype.com/ui/0/5.9.0.115/de/go/help.faq.installer?source=lightinstaller&amp;LastError=1618
Task: {379F0430-1976-4213-B555-E5C60688A224} - \Software Updater Ui No Task File
Task: {3FACA250-2BDF-4833-8830-080273F65653} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
Task: {51B370EC-539C-4B3A-8BEE-097EDDBB9750} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\SymErr.exe
Task: {5A31A74A-D890-4FD7-9151-BE0A450B61F6} - System32\Tasks\{60393617-B1D0-4279-96E1-C87D99777B4F} => D:\Daten\Steam\Steam.exe [2013-10-30] (Valve Corporation)
Task: {722FDAE8-273E-4391-B756-38C87D4E31AE} - System32\Tasks\{E5AC5EC5-1B63-43BD-A8AB-8A262ED9FADD} => D:\Daten\Steam\Steam.exe [2013-10-30] (Valve Corporation)
Task: {8AFE29C5-E3CD-4D24-A85E-24DF042FBE75} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2099103694-3175837312-4042448093-1000UA => C:\Users\robin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-03] (Google Inc.)
Task: {97448DA1-0544-43D8-8218-066935BF1509} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\SymErr.exe
Task: {BA5513B6-1981-41D3-9120-A25CBC3B3BCE} - System32\Tasks\Freemium1ClickMaint => C:\Users\robin\Downloads\1Click.exe
Task: {C5291478-3D22-4180-8911-7DB450DDBBC9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {D08CE648-B2D9-4FBE-9DFF-4668AB5EAB4E} - System32\Tasks\Test TimeTrigger => C:\Users\robin\AppData\Local\Temp\Runner.exe
Task: {DB2F8482-7A82-4C79-B3B8-AFE85E1EAC20} - \Software Updater No Task File
Task: {F8DEC1AC-5DC2-45B0-9B02-7A9CD68CEB0C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2099103694-3175837312-4042448093-1000Core => C:\Users\robin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-03] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\robin\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2099103694-3175837312-4042448093-1000Core.job => C:\Users\robin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2099103694-3175837312-4042448093-1000UA.job => C:\Users\robin\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-02-23 13:32 - 2013-02-23 00:20 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-03-12 17:10 - 2013-10-24 18:45 - 00691200 _____ () D:\Daten\Steam\SDL2.dll
2013-10-22 18:18 - 2013-10-30 20:25 - 01123240 _____ () D:\Daten\Steam\bin\chromehtml.DLL
2013-10-22 18:18 - 2013-10-23 21:07 - 20625832 _____ () D:\Daten\Steam\bin\libcef.dll
2013-10-22 18:18 - 2013-06-15 00:49 - 01100800 _____ () D:\Daten\Steam\bin\avcodec-53.dll
2013-10-22 18:18 - 2013-06-15 00:49 - 00124416 _____ () D:\Daten\Steam\bin\avutil-51.dll
2013-10-22 18:18 - 2013-06-15 00:49 - 00192000 _____ () D:\Daten\Steam\bin\avformat-53.dll
2013-03-13 21:48 - 2013-03-13 21:48 - 24978944 _____ () C:\Users\robin\AppData\Roaming\Dropbox\bin\libcef.dll
2013-08-29 01:25 - 2013-08-29 01:25 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2013-10-19 11:26 - 2013-10-09 01:01 - 00698832 _____ () C:\Users\robin\AppData\Local\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
2013-10-19 11:26 - 2013-10-09 01:01 - 00099792 _____ () C:\Users\robin\AppData\Local\Google\Chrome\Application\30.0.1599.101\libegl.dll
2013-10-19 11:26 - 2013-10-09 01:02 - 04055504 _____ () C:\Users\robin\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
2013-10-19 11:26 - 2013-10-09 01:02 - 00415184 _____ () C:\Users\robin\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
2013-10-19 11:26 - 2013-10-09 01:01 - 01604560 _____ () C:\Users\robin\AppData\Local\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
2013-11-10 10:32 - 2013-11-10 10:32 - 00029696 _____ () C:\Windows\TEMP\nsc5B6A.tmp\registry.dll
2013-11-10 10:32 - 2013-11-10 10:32 - 00008704 _____ () C:\Windows\TEMP\nsc5B6A.tmp\newadvsplash.dll
2013-11-10 10:32 - 2013-11-10 10:32 - 00011264 _____ () C:\Windows\TEMP\nsc5B6A.tmp\System.dll
2013-11-10 10:32 - 2013-09-25 14:30 - 03279768 _____ () C:\Windows\SysWOW64\FF_BN_127119\App\firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\robin\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\robin\AppData\Roaming:NT

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/10/2013 10:28:48 AM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/10/2013 10:28:48 AM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/10/2013 10:28:48 AM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/10/2013 10:28:48 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (11/10/2013 10:28:47 AM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/10/2013 10:28:47 AM) (Source: Windows Search Service) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (11/10/2013 10:28:47 AM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/10/2013 10:28:47 AM) (Source: Windows Search Service) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/10/2013 10:28:47 AM) (Source: Windows Search Service) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.


Details:
	0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))

Error: (11/10/2013 10:28:47 AM) (Source: ESENT) (User: )
Description: Windows (2876) Windows: Fehler -1811 beim Öffnen von Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00138.log.


System errors:
=============
Error: (11/10/2013 10:29:18 AM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (11/10/2013 10:28:48 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/10/2013 10:28:48 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.

Error: (11/10/2013 10:27:04 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DiscountfinderService" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/08/2013 02:47:05 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.

Error: (11/08/2013 02:46:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/08/2013 02:46:34 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Player-Netzwerkfreigabedienst erreicht.

Error: (11/08/2013 02:45:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/08/2013 02:45:49 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.

Error: (11/08/2013 02:45:49 PM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 34%
Total physical RAM: 8183.42 MB
Available physical RAM: 5340.58 MB
Total Pagefile: 16365.02 MB
Available Pagefile: 13142.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:99.93 GB) (Free:31.41 GB) NTFS
Drive d: () (Fixed) (Total:831.48 GB) (Free:129.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: A5DA3881)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=831 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus · 10.11.2013, 16:38

Zitat:

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2099103694-3175837312-4042448093-1000\$81109d3c53d86959cb958bcea805a9e8

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$81109d3c53d86959cb958bcea805a9e8

Lesestoff:
Rootkit-Warnung
Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?

Entscheide bitte ganz bewußt, ob du mit der Bereinigung fortfahren möchtest. Ein einmal derartig kompromittiertes System kann man niemals mit 100%iger Sicherheit wieder absichern. Auch wenn wir gute Chancen haben, deinen Computer zu bereinigen, kann es dennoch möglich sein, dass uns am Ende nur die Neuinstallation bleibt.
Wenn du mit diesem Computer beispielsweise Onlinebanking machst, dann solltest du zumindest dein Passwort von deiner Bank ändern lassen, wenn du ein ansonsten sicheres Verfahren wie beispielsweise "chip-TAN-comfort" nutzt. Hast du noch alte TAN-Bögen auf Papierbasis? Dann ist es höchste Zeit dich bei deiner Bank zu melden und notfalls das Konto temporär sperren zu lassen. Der Sperrnotruf 116 116 von www.sperr-notruf.de kann Tag und Nacht dafür benutzt werden.
Hast du ansonsten sensible Daten auf deinem Computer, dann solltest du auch darüber nachdenken, wie du damit umgehst, dass sie sich praktisch "jeder" ansehen konnte.

Teile mir also mit, wie du dich entschieden hast.

werso111 · 10.11.2013, 17:55

ne ist eigl. nix wichtiges drauf hab aber trotzdem kein lust alles neu zu installieren ich hab vor nem monat oder so mal nen backup gemacht geht das damit weg ?
und wie mache ich dass dann richtig?

cosinus · 11.11.2013, 00:41

Zitat:

und wie mache ich dass dann richtig?

Was genau?

Bereinigen oder neu installieren?

werso111 · 11.11.2013, 05:41

bereinigen

cosinus · 11.11.2013, 08:31

Ok

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

werso111 · 11.11.2013, 18:16

Code:

ATTFilter

ComboFix 13-11-10.02 - robin 11.11.2013  17:56:41.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8183.6390 [GMT 1:00]
ausgeführt von:: c:\users\robin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\uninst.exe
c:\users\robin\AppData\Roaming\convert\convert.exe
c:\users\robin\AppData\Roaming\dclogs
c:\users\robin\AppData\Roaming\dclogs\2012-11-13-3.dc
c:\users\robin\AppData\Roaming\dclogs\2012-11-14-4.dc
c:\users\robin\AppData\Roaming\dclogs\2012-11-15-5.dc
c:\users\robin\AppData\Roaming\dclogs\2012-11-16-6.dc
c:\users\robin\AppData\Roaming\dclogs\2012-11-17-7.dc
c:\users\robin\AppData\Roaming\dclogs\2012-11-18-1.dc
c:\users\robin\AppData\Roaming\dclogs\2012-11-19-2.dc
c:\users\robin\AppData\Roaming\dclogs\2012-11-20-3.dc
c:\users\robin\AppData\Roaming\dclogs\2012-11-21-4.dc
c:\users\robin\AppData\Roaming\dclogs\2012-11-22-5.dc
c:\users\robin\AppData\Roaming\dclogs\2012-11-23-6.dc
c:\users\robin\AppData\Roaming\dclogs\2012-11-24-7.dc
c:\users\robin\AppData\Roaming\dclogs\2012-11-25-1.dc
c:\users\robin\AppData\Roaming\dclogs\2012-11-26-2.dc
c:\users\robin\AppData\Roaming\dclogs\2012-11-27-3.dc
c:\users\robin\AppData\Roaming\dclogs\2012-11-28-4.dc
c:\users\robin\AppData\Roaming\dclogs\2012-11-29-5.dc
c:\users\robin\AppData\Roaming\dclogs\2012-11-30-6.dc
c:\users\robin\AppData\Roaming\dclogs\2012-12-01-7.dc
c:\users\robin\AppData\Roaming\dclogs\2012-12-02-1.dc
c:\users\robin\AppData\Roaming\dclogs\2012-12-03-2.dc
c:\users\robin\AppData\Roaming\dclogs\2012-12-04-3.dc
c:\users\robin\AppData\Roaming\dclogs\2012-12-05-4.dc
c:\users\robin\AppData\Roaming\dclogs\2012-12-06-5.dc
c:\users\robin\AppData\Roaming\dclogs\2012-12-07-6.dc
c:\users\robin\AppData\Roaming\dclogs\2012-12-08-7.dc
c:\users\robin\AppData\Roaming\dclogs\2012-12-09-1.dc
c:\users\robin\AppData\Roaming\dclogs\2012-12-10-2.dc
c:\users\robin\AppData\Roaming\dclogs\2012-12-11-3.dc
c:\users\robin\AppData\Roaming\dclogs\2012-12-12-4.dc
c:\users\robin\AppData\Roaming\dclogs\2012-12-13-5.dc
c:\users\robin\AppData\Roaming\dclogs\2012-12-14-6.dc
c:\users\robin\AppData\Roaming\dclogs\2012-12-15-7.dc
c:\users\robin\AppData\Roaming\dclogs\2012-12-16-1.dc
c:\users\robin\AppData\Roaming\dclogs\2012-12-17-2.dc
c:\users\robin\AppData\Roaming\dclogs\2012-12-18-3.dc
c:\users\robin\AppData\Roaming\dclogs\2012-12-19-4.dc
c:\users\robin\AppData\Roaming\dclogs\2012-12-20-5.dc
c:\users\robin\AppData\Roaming\dclogs\2012-12-21-6.dc
c:\users\robin\AppData\Roaming\dclogs\2012-12-22-7.dc
c:\users\robin\AppData\Roaming\dclogs\2012-12-23-1.dc
c:\users\robin\AppData\Roaming\dclogs\2012-12-24-2.dc
c:\users\robin\AppData\Roaming\dclogs\2012-12-25-3.dc
c:\users\robin\AppData\Roaming\dclogs\2012-12-26-4.dc
c:\users\robin\AppData\Roaming\dclogs\2012-12-27-5.dc
c:\users\robin\AppData\Roaming\dclogs\2012-12-28-6.dc
c:\users\robin\AppData\Roaming\dclogs\2012-12-29-7.dc
c:\users\robin\AppData\Roaming\dclogs\2012-12-30-1.dc
c:\users\robin\AppData\Roaming\dclogs\2012-12-31-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-01-01-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-01-02-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-01-03-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-01-04-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-01-05-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-01-06-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-01-07-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-01-08-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-01-09-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-01-10-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-01-11-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-01-12-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-01-13-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-01-14-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-01-15-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-01-16-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-01-17-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-01-18-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-01-19-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-01-20-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-01-21-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-01-22-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-01-23-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-01-24-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-01-25-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-01-26-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-01-27-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-01-28-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-01-29-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-01-30-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-01-31-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-02-01-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-02-02-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-02-03-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-02-04-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-02-05-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-02-06-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-02-07-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-02-08-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-02-09-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-02-10-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-02-11-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-02-12-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-02-13-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-02-14-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-02-15-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-02-16-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-02-17-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-02-18-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-02-19-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-02-20-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-02-21-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-02-22-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-02-23-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-02-24-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-02-25-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-02-26-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-02-27-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-02-28-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-03-01-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-03-02-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-03-03-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-03-04-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-03-05-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-03-06-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-03-07-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-03-08-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-03-09-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-03-10-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-03-11-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-03-12-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-03-13-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-03-14-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-03-15-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-03-16-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-03-17-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-03-18-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-03-19-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-03-20-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-03-21-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-03-22-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-03-23-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-03-24-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-03-25-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-03-26-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-03-27-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-03-28-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-03-29-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-03-30-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-03-31-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-04-01-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-04-02-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-04-03-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-04-04-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-04-05-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-04-06-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-04-07-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-04-13-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-04-14-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-04-15-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-04-16-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-04-17-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-04-18-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-04-19-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-04-20-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-04-21-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-04-22-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-04-23-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-04-24-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-04-25-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-04-26-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-04-27-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-04-28-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-04-29-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-04-30-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-05-02-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-05-03-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-05-04-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-05-05-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-05-06-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-05-07-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-05-08-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-05-09-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-05-10-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-05-11-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-05-12-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-05-13-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-05-14-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-05-15-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-05-16-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-05-17-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-05-18-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-05-19-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-05-20-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-05-21-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-05-22-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-05-23-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-05-24-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-05-25-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-05-26-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-05-27-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-05-28-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-05-29-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-05-30-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-05-31-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-06-01-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-06-02-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-06-03-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-06-04-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-06-05-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-06-06-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-06-07-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-06-08-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-06-09-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-06-12-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-06-13-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-06-14-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-06-15-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-06-16-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-06-17-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-06-18-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-06-19-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-06-20-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-06-21-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-06-22-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-06-23-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-06-24-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-06-25-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-06-26-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-06-27-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-06-28-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-06-29-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-06-30-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-07-01-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-07-02-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-07-03-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-07-04-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-07-05-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-07-06-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-07-07-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-07-08-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-07-09-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-07-10-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-07-11-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-07-12-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-07-13-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-07-14-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-07-15-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-07-16-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-07-17-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-07-18-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-07-19-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-07-20-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-07-21-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-07-22-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-07-23-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-07-24-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-07-25-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-07-26-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-07-27-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-07-28-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-07-29-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-07-30-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-07-31-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-08-01-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-08-02-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-08-03-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-08-04-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-08-05-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-08-06-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-08-07-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-08-08-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-08-09-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-08-10-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-08-11-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-08-12-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-08-13-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-08-14-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-08-15-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-08-16-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-08-17-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-08-18-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-08-19-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-08-20-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-08-21-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-08-22-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-08-23-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-08-24-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-08-25-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-08-26-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-08-27-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-08-28-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-08-29-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-08-30-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-08-31-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-09-01-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-09-02-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-09-03-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-09-04-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-09-05-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-09-06-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-09-07-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-09-08-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-09-09-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-09-10-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-09-11-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-09-12-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-09-13-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-09-14-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-09-15-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-09-16-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-09-17-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-09-18-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-09-19-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-09-20-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-09-21-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-09-22-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-09-23-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-09-24-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-09-25-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-09-26-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-09-27-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-09-28-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-09-29-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-09-30-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-10-01-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-10-02-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-10-03-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-10-04-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-10-05-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-10-06-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-10-07-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-10-08-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-10-09-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-10-10-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-10-11-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-10-12-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-10-13-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-10-14-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-10-15-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-10-16-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-10-17-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-10-18-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-10-19-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-10-20-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-10-21-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-10-22-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-10-23-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-10-24-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-10-25-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-10-26-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-10-27-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-10-28-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-10-29-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-10-30-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-10-31-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-11-01-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-11-02-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-11-03-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-11-04-2.dc
c:\users\robin\AppData\Roaming\dclogs\2013-11-05-3.dc
c:\users\robin\AppData\Roaming\dclogs\2013-11-06-4.dc
c:\users\robin\AppData\Roaming\dclogs\2013-11-07-5.dc
c:\users\robin\AppData\Roaming\dclogs\2013-11-08-6.dc
c:\users\robin\AppData\Roaming\dclogs\2013-11-09-7.dc
c:\users\robin\AppData\Roaming\dclogs\2013-11-10-1.dc
c:\users\robin\AppData\Roaming\dclogs\2013-11-11-2.dc
c:\users\robin\AppData\Roaming\msnmsgr
c:\users\robin\AppData\Roaming\SQLite3.dll
c:\users\robin\Desktop\Search.lnk
c:\users\robin\Documents\MSDCSC\msdcsc.exe
c:\windows\SysWow64\ff
c:\windows\SysWow64\ff\App\AppInfo\appicon.ico
c:\windows\SysWow64\ff\App\AppInfo\appicon_128.png
c:\windows\SysWow64\ff\App\AppInfo\appicon_16.png
c:\windows\SysWow64\ff\App\AppInfo\appicon_32.png
c:\windows\SysWow64\ff\App\AppInfo\appinfo.ini
c:\windows\SysWow64\ff\App\AppInfo\installer.ini
c:\windows\SysWow64\ff\App\Bin\sqlite3.exe
c:\windows\SysWow64\ff\App\DefaultData\plugins\plugins_readme.txt
c:\windows\SysWow64\ff\App\DefaultData\profile\bookmarks.html
c:\windows\SysWow64\ff\App\DefaultData\profile\prefs.js
c:\windows\SysWow64\ff\App\DefaultData\settings\FirefoxPortableSettings.ini
c:\windows\SysWow64\ff\App\Firefox\AccessibleMarshal.dll
c:\windows\SysWow64\ff\App\Firefox\active-update.xml
c:\windows\SysWow64\ff\App\Firefox\application.ini
c:\windows\SysWow64\ff\App\Firefox\blocklist.xml
c:\windows\SysWow64\ff\App\Firefox\breakpadinjector.dll
c:\windows\SysWow64\ff\App\Firefox\browser\blocklist.xml
c:\windows\SysWow64\ff\App\Firefox\browser\chrome.manifest
c:\windows\SysWow64\ff\App\Firefox\browser\components\browsercomps.dll
c:\windows\SysWow64\ff\App\Firefox\browser\components\components.manifest
c:\windows\SysWow64\ff\App\Firefox\browser\crashreporter-override.ini
c:\windows\SysWow64\ff\App\Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\icon.png
c:\windows\SysWow64\ff\App\Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf
c:\windows\SysWow64\ff\App\Firefox\browser\omni.ja
c:\windows\SysWow64\ff\App\Firefox\browser\searchplugins\amazondotcom-de.xml
c:\windows\SysWow64\ff\App\Firefox\browser\searchplugins\bing.xml
c:\windows\SysWow64\ff\App\Firefox\browser\searchplugins\eBay-de.xml
c:\windows\SysWow64\ff\App\Firefox\browser\searchplugins\google.xml
c:\windows\SysWow64\ff\App\Firefox\browser\searchplugins\leo_ende_de.xml
c:\windows\SysWow64\ff\App\Firefox\browser\searchplugins\wikipedia-de.xml
c:\windows\SysWow64\ff\App\Firefox\browser\searchplugins\yahoo-de.xml
c:\windows\SysWow64\ff\App\Firefox\chrome.manifest
c:\windows\SysWow64\ff\App\Firefox\components\binary.manifest
c:\windows\SysWow64\ff\App\Firefox\components\browsercomps.dll
c:\windows\SysWow64\ff\App\Firefox\crashreporter-override.ini
c:\windows\SysWow64\ff\App\Firefox\crashreporter.exe
c:\windows\SysWow64\ff\App\Firefox\crashreporter.ini
c:\windows\SysWow64\ff\App\Firefox\D3DCompiler_43.dll
c:\windows\SysWow64\ff\App\Firefox\d3dx9_43.dll
c:\windows\SysWow64\ff\App\Firefox\defaults\pref\channel-prefs.js
c:\windows\SysWow64\ff\App\Firefox\dependentlibs.list
c:\windows\SysWow64\ff\App\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\icon.png
c:\windows\SysWow64\ff\App\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf
c:\windows\SysWow64\ff\App\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\preview.png
c:\windows\SysWow64\ff\App\Firefox\firefox.exe
c:\windows\SysWow64\ff\App\Firefox\freebl3.chk
c:\windows\SysWow64\ff\App\Firefox\freebl3.dll
c:\windows\SysWow64\ff\App\Firefox\gkmedias.dll
c:\windows\SysWow64\ff\App\Firefox\libEGL.dll
c:\windows\SysWow64\ff\App\Firefox\libGLESv2.dll
c:\windows\SysWow64\ff\App\Firefox\maintenanceservice.exe
c:\windows\SysWow64\ff\App\Firefox\maintenanceservice_installer.exe
c:\windows\SysWow64\ff\App\Firefox\mozalloc.dll
c:\windows\SysWow64\ff\App\Firefox\mozglue.dll
c:\windows\SysWow64\ff\App\Firefox\mozjs.dll
c:\windows\SysWow64\ff\App\Firefox\mozsqlite3.dll
c:\windows\SysWow64\ff\App\Firefox\msvcp100.dll
c:\windows\SysWow64\ff\App\Firefox\msvcr100.dll
c:\windows\SysWow64\ff\App\Firefox\nspr4.dll
c:\windows\SysWow64\ff\App\Firefox\nss3.dll
c:\windows\SysWow64\ff\App\Firefox\nssckbi.dll
c:\windows\SysWow64\ff\App\Firefox\nssdbm3.chk
c:\windows\SysWow64\ff\App\Firefox\nssdbm3.dll
c:\windows\SysWow64\ff\App\Firefox\nssutil3.dll
c:\windows\SysWow64\ff\App\Firefox\omni.ja
c:\windows\SysWow64\ff\App\Firefox\platform.ini
c:\windows\SysWow64\ff\App\Firefox\plc4.dll
c:\windows\SysWow64\ff\App\Firefox\plds4.dll
c:\windows\SysWow64\ff\App\Firefox\plugin-container.exe
c:\windows\SysWow64\ff\App\Firefox\plugin-hang-ui.exe
c:\windows\SysWow64\ff\App\Firefox\precomplete
c:\windows\SysWow64\ff\App\Firefox\removed-files
c:\windows\SysWow64\ff\App\Firefox\searchplugins\amazondotcom-de.xml
c:\windows\SysWow64\ff\App\Firefox\searchplugins\bing.xml
c:\windows\SysWow64\ff\App\Firefox\searchplugins\eBay-de.xml
c:\windows\SysWow64\ff\App\Firefox\searchplugins\google.xml
c:\windows\SysWow64\ff\App\Firefox\searchplugins\leo_ende_de.xml
c:\windows\SysWow64\ff\App\Firefox\searchplugins\wikipedia-de.xml
c:\windows\SysWow64\ff\App\Firefox\searchplugins\yahoo-de.xml
c:\windows\SysWow64\ff\App\Firefox\smime3.dll
c:\windows\SysWow64\ff\App\Firefox\softokn3.chk
c:\windows\SysWow64\ff\App\Firefox\softokn3.dll
c:\windows\SysWow64\ff\App\Firefox\ssl3.dll
c:\windows\SysWow64\ff\App\Firefox\uninstall\helper.exe
c:\windows\SysWow64\ff\App\Firefox\uninstall\uninstall.update
c:\windows\SysWow64\ff\App\Firefox\update-settings.ini
c:\windows\SysWow64\ff\App\Firefox\updater.exe
c:\windows\SysWow64\ff\App\Firefox\updater.ini
c:\windows\SysWow64\ff\App\Firefox\updates.xml
c:\windows\SysWow64\ff\App\Firefox\updates\0\update.log
c:\windows\SysWow64\ff\App\Firefox\updates\0\update.manifest
c:\windows\SysWow64\ff\App\Firefox\updates\0\update.mar
c:\windows\SysWow64\ff\App\Firefox\updates\0\update.status
c:\windows\SysWow64\ff\App\Firefox\updates\0\update.version
c:\windows\SysWow64\ff\App\Firefox\updates\0\updater.exe
c:\windows\SysWow64\ff\App\Firefox\updates\0\updater.ini
c:\windows\SysWow64\ff\App\Firefox\updates\last-update.log
c:\windows\SysWow64\ff\App\Firefox\webapp-uninstaller.exe
c:\windows\SysWow64\ff\App\Firefox\webapprt-stub.exe
c:\windows\SysWow64\ff\App\Firefox\webapprt\omni.ja
c:\windows\SysWow64\ff\App\Firefox\webapprt\webapprt.ini
c:\windows\SysWow64\ff\App\Firefox\xpcom.dll
c:\windows\SysWow64\ff\App\Firefox\xul.dll
c:\windows\SysWow64\ff\App\readme.txt
c:\windows\SysWow64\ff\Data\make.txt
c:\windows\SysWow64\ff\Data\open.txt
c:\windows\SysWow64\ff\Data\plugins\npdsplay.dll
c:\windows\SysWow64\ff\Data\plugins\npNxGameeu.dll
c:\windows\SysWow64\ff\Data\plugins\nppl3260.dll
c:\windows\SysWow64\ff\Data\plugins\nprpplugin.dll
c:\windows\SysWow64\ff\Data\plugins\npzylomgamesplayer.dll
c:\windows\SysWow64\ff\Data\plugins\plugins_readme.txt
c:\windows\SysWow64\ff\Data\plugins_choice\list.txt
c:\windows\SysWow64\ff\Data\plugins_choice\np-mswmp.dll
c:\windows\SysWow64\ff\Data\plugins_choice\np32dsw.dll
c:\windows\SysWow64\ff\Data\plugins_choice\npauthz.dll
c:\windows\SysWow64\ff\Data\plugins_choice\npAviraCallingID.dll
c:\windows\SysWow64\ff\Data\plugins_choice\npctrl.dll
c:\windows\SysWow64\ff\Data\plugins_choice\npdeploytk.dll
c:\windows\SysWow64\ff\Data\plugins_choice\npdivx32.dll
c:\windows\SysWow64\ff\Data\plugins_choice\npdrmv2.dll
c:\windows\SysWow64\ff\Data\plugins_choice\npdsplay.dll
c:\windows\SysWow64\ff\Data\plugins_choice\npgeplugin.dll
c:\windows\SysWow64\ff\Data\plugins_choice\npgoogleupdate3.dll
c:\windows\SysWow64\ff\Data\plugins_choice\npitunes.dll
c:\windows\SysWow64\ff\Data\plugins_choice\npjp2.dll
c:\windows\SysWow64\ff\Data\plugins_choice\npnul32.dll
c:\windows\SysWow64\ff\Data\plugins_choice\npNxGameeu.dll
c:\windows\SysWow64\ff\Data\plugins_choice\npovshelper.dll
c:\windows\SysWow64\ff\Data\plugins_choice\npPandoWebPlugin.dll
c:\windows\SysWow64\ff\Data\plugins_choice\nppdf32.dll
c:\windows\SysWow64\ff\Data\plugins_choice\nppl3260.dll
c:\windows\SysWow64\ff\Data\plugins_choice\npqtplugin.dll
c:\windows\SysWow64\ff\Data\plugins_choice\nprpplugin.dll
c:\windows\SysWow64\ff\Data\plugins_choice\npspwrap.dll
c:\windows\SysWow64\ff\Data\plugins_choice\NPSWF32_11_7_700_169.dll
c:\windows\SysWow64\ff\Data\plugins_choice\npunity3d32.dll
c:\windows\SysWow64\ff\Data\plugins_choice\npvlc.dll
c:\windows\SysWow64\ff\Data\plugins_choice\npwinext.dll
c:\windows\SysWow64\ff\Data\plugins_choice\NPWLPG.dll
c:\windows\SysWow64\ff\Data\plugins_choice\npwmsdrm.dll
c:\windows\SysWow64\ff\Data\plugins_choice\npwpf.dll
c:\windows\SysWow64\ff\Data\plugins_choice\npzylomgamesplayer.dll
c:\windows\SysWow64\ff\Data\profile\blocklist.xml
c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-08.json
c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-09.json
c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-10.json
c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-11.json
c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-16.json
c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-22.json
c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-23.json
c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-24.json
c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-25.json
c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-28.json
c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-29.json
c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-09-30.json
c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-10-01.json
c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-10-02.json
c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-10-03.json
c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-10-04.json
c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-10-05.json
c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-10-06.json
c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-10-07.json
c:\windows\SysWow64\ff\Data\profile\bookmarkbackups\bookmarks-2013-10-08.json
c:\windows\SysWow64\ff\Data\profile\bookmarks.html
c:\windows\SysWow64\ff\Data\profile\cert8.db
c:\windows\SysWow64\ff\Data\profile\chromeappsstore.sqlite
c:\windows\SysWow64\ff\Data\profile\compatibility.ini
c:\windows\SysWow64\ff\Data\profile\content-prefs.sqlite
c:\windows\SysWow64\ff\Data\profile\cookies.sqlite
c:\windows\SysWow64\ff\Data\profile\cookies.sqlite.bak
c:\windows\SysWow64\ff\Data\profile\downloads.sqlite
c:\windows\SysWow64\ff\Data\profile\extensions.ini
c:\windows\SysWow64\ff\Data\profile\extensions.log
c:\windows\SysWow64\ff\Data\profile\extensions.sqlite
c:\windows\SysWow64\ff\Data\profile\extensions\firebug@software.joehewitt.com.xpi
c:\windows\SysWow64\ff\Data\profile\extensions\remote-control@morch.com.xpi
c:\windows\SysWow64\ff\Data\profile\firebug\annotations.json
c:\windows\SysWow64\ff\Data\profile\firebug\breakpoints.json
c:\windows\SysWow64\ff\Data\profile\formhistory.sqlite
c:\windows\SysWow64\ff\Data\profile\healthreport.sqlite
c:\windows\SysWow64\ff\Data\profile\indexedDB\chrome\.metadata
c:\windows\SysWow64\ff\Data\profile\indexedDB\chrome\idb\2588645841ssegtnti.sqlite
c:\windows\SysWow64\ff\Data\profile\key3.db
c:\windows\SysWow64\ff\Data\profile\localstore-safe.rdf
c:\windows\SysWow64\ff\Data\profile\localstore.rdf
c:\windows\SysWow64\ff\Data\profile\marionette.log
c:\windows\SysWow64\ff\Data\profile\mimeTypes.rdf
c:\windows\SysWow64\ff\Data\profile\minidumps\1897f0a1-fbe0-4bb8-88a5-73050418ab62.dmp
c:\windows\SysWow64\ff\Data\profile\minidumps\654e509e-9152-403f-8c22-90ec1642993a.dmp
c:\windows\SysWow64\ff\Data\profile\minidumps\654e509e-9152-403f-8c22-90ec1642993a.extra
c:\windows\SysWow64\ff\Data\profile\minidumps\a98c2742-fa9f-4fe8-a65d-009c3107488f.dmp
c:\windows\SysWow64\ff\Data\profile\OfflineCache\index.sqlite
c:\windows\SysWow64\ff\Data\profile\parent.lock
c:\windows\SysWow64\ff\Data\profile\permissions.sqlite
c:\windows\SysWow64\ff\Data\profile\places.sqlite
c:\windows\SysWow64\ff\Data\profile\pluginreg.dat
c:\windows\SysWow64\ff\Data\profile\prefs.js
c:\windows\SysWow64\ff\Data\profile\safebrowsing\goog-malware-shavar.cache
c:\windows\SysWow64\ff\Data\profile\safebrowsing\goog-malware-shavar.pset
c:\windows\SysWow64\ff\Data\profile\safebrowsing\goog-malware-shavar.sbstore
c:\windows\SysWow64\ff\Data\profile\safebrowsing\test-malware-simple.cache
c:\windows\SysWow64\ff\Data\profile\safebrowsing\test-malware-simple.pset
c:\windows\SysWow64\ff\Data\profile\safebrowsing\test-malware-simple.sbstore
c:\windows\SysWow64\ff\Data\profile\safebrowsing\test-phish-simple.cache
c:\windows\SysWow64\ff\Data\profile\safebrowsing\test-phish-simple.pset
c:\windows\SysWow64\ff\Data\profile\safebrowsing\test-phish-simple.sbstore
c:\windows\SysWow64\ff\Data\profile\search-metadata.json
c:\windows\SysWow64\ff\Data\profile\search.json
c:\windows\SysWow64\ff\Data\profile\search.sqlite
c:\windows\SysWow64\ff\Data\profile\secmod.db
c:\windows\SysWow64\ff\Data\profile\signons.sqlite
c:\windows\SysWow64\ff\Data\profile\start.txt
c:\windows\SysWow64\ff\Data\profile\startupCache\startupCache.4.little
c:\windows\SysWow64\ff\Data\profile\Telemetry.FailedProfileLocks.txt
c:\windows\SysWow64\ff\Data\profile\times.json
c:\windows\SysWow64\ff\Data\profile\urlclassifier.pset
c:\windows\SysWow64\ff\Data\profile\urlclassifier3.sqlite
c:\windows\SysWow64\ff\Data\profile\webapps\webapps.json
c:\windows\SysWow64\ff\Data\profile\webappsstore.sqlite
c:\windows\SysWow64\ff\Data\settings\FirefoxPortableSettings.ini
c:\windows\SysWow64\ff\FirefoxPortable.exe
c:\windows\SysWow64\ff\Fonts\aaaiight.ttf
c:\windows\SysWow64\ff\Fonts\abusive pencil.ttf
c:\windows\SysWow64\ff\Fonts\Acens.ttf
c:\windows\SysWow64\ff\Fonts\Acidic.TTF
c:\windows\SysWow64\ff\Fonts\adam.ttf
c:\windows\SysWow64\ff\Fonts\adamb.ttf
c:\windows\SysWow64\ff\Fonts\adambital.ttf
c:\windows\SysWow64\ff\Fonts\Aerosol.ttf
c:\windows\SysWow64\ff\Fonts\aggstock.ttf
c:\windows\SysWow64\ff\Fonts\AIFRAGME.TTF
c:\windows\SysWow64\ff\Fonts\AIRSTREA.TTF
c:\windows\SysWow64\ff\Fonts\airstrip.ttf
c:\windows\SysWow64\ff\Fonts\aladdin.ttf
c:\windows\SysWow64\ff\Fonts\Alias.ttf
c:\windows\SysWow64\ff\Fonts\All Star Resort.ttf
c:\windows\SysWow64\ff\Fonts\AlteHaasGroteskBold.ttf
c:\windows\SysWow64\ff\Fonts\Amerdcon.ttf
c:\windows\SysWow64\ff\Fonts\Android Nation.ttf
c:\windows\SysWow64\ff\Fonts\Anime Ace.ttf
c:\windows\SysWow64\ff\Fonts\beaswfte.ttf
c:\windows\SysWow64\ff\Fonts\Blambot Custom.ttf
c:\windows\SysWow64\ff\Fonts\Blambot Pro.ttf
c:\windows\SysWow64\ff\Fonts\city_burn.ttf
c:\windows\SysWow64\ff\Fonts\CNN.ttf
c:\windows\SysWow64\ff\Fonts\Colcothar.ttf
c:\windows\SysWow64\ff\Fonts\Damn Noisy Kids.ttf
c:\windows\SysWow64\ff\Fonts\Daredevil.ttf
c:\windows\SysWow64\ff\Fonts\DENSMORE.TTF
c:\windows\SysWow64\ff\Fonts\desperado.ttf
c:\windows\SysWow64\ff\Fonts\Detectives Inc.ttf
c:\windows\SysWow64\ff\Fonts\detroitghetto.ttf
c:\windows\SysWow64\ff\Fonts\devotion.ttf
c:\windows\SysWow64\ff\Fonts\dirtyheadline.ttf
c:\windows\SysWow64\ff\Fonts\Diskoboll.ttf
c:\windows\SysWow64\ff\Fonts\EARWIGFA.TTF
c:\windows\SysWow64\ff\Fonts\EDITION_.TTF
c:\windows\SysWow64\ff\Fonts\Ellianarelle s Path.ttf
c:\windows\SysWow64\ff\Fonts\EMPIREST.TTF
c:\windows\SysWow64\ff\Fonts\EpoXY_histoRy.ttf
c:\windows\SysWow64\ff\Fonts\ERTHQAKE.TTF
c:\windows\SysWow64\ff\Fonts\esp.ttf
c:\windows\SysWow64\ff\Fonts\EUROSWH.TTF
c:\windows\SysWow64\ff\Fonts\EVITA.TTF
c:\windows\SysWow64\ff\Fonts\FAREAST.TTF
c:\windows\SysWow64\ff\Fonts\fbsbltc.ttf
c:\windows\SysWow64\ff\Fonts\FerroRosso.ttf
c:\windows\SysWow64\ff\Fonts\Fiesta.ttf
c:\windows\SysWow64\ff\Fonts\fight.TTF
c:\windows\SysWow64\ff\Fonts\Findet Nemo.ttf
c:\windows\SysWow64\ff\Fonts\Flat Earth Scribe.ttf
c:\windows\SysWow64\ff\Fonts\friends good.ttf
c:\windows\SysWow64\ff\Fonts\GameCube.ttf
c:\windows\SysWow64\ff\Fonts\Ginga.ttf
c:\windows\SysWow64\ff\Fonts\Godzilla.ttf
c:\windows\SysWow64\ff\Fonts\GothicFlames.ttf
c:\windows\SysWow64\ff\Fonts\gothikka.ttf
c:\windows\SysWow64\ff\Fonts\Graffogie.ttf
c:\windows\SysWow64\ff\Fonts\groening.ttf
c:\windows\SysWow64\ff\Fonts\gyparody.ttf
c:\windows\SysWow64\ff\Fonts\halflife.ttf
c:\windows\SysWow64\ff\Fonts\Halo.ttf
c:\windows\SysWow64\ff\Fonts\HandSean.ttf
c:\windows\SysWow64\ff\Fonts\HARD_ROCK.ttf
c:\windows\SysWow64\ff\Fonts\Hellraiser SC.ttf
c:\windows\SysWow64\ff\Fonts\Hursheys.ttf
c:\windows\SysWow64\ff\Fonts\idiot.ttf
c:\windows\SysWow64\ff\Fonts\Impossible.ttf
c:\windows\SysWow64\ff\Fonts\in_my_head.ttf
c:\windows\SysWow64\ff\Fonts\Indianhotel.ttf
c:\windows\SysWow64\ff\Fonts\jandles.ttf
c:\windows\SysWow64\ff\Fonts\JaneAust.ttf
c:\windows\SysWow64\ff\Fonts\JerseyLetters.ttf
c:\windows\SysWow64\ff\Fonts\JungleRuff.ttf
c:\windows\SysWow64\ff\Fonts\kaileenw.ttf
c:\windows\SysWow64\ff\Fonts\karabine.ttf
c:\windows\SysWow64\ff\Fonts\Karate.ttf
c:\windows\SysWow64\ff\Fonts\Kitten Meat.ttf
c:\windows\SysWow64\ff\Fonts\Kittkat.ttf
c:\windows\SysWow64\ff\Fonts\Laine.TTF
c:\windows\SysWow64\ff\Fonts\Lazy.ttf
c:\windows\SysWow64\ff\Fonts\LEDLIGHT.ttf
c:\windows\SysWow64\ff\Fonts\Legothick.ttf
c:\windows\SysWow64\ff\Fonts\linkin.ttf
c:\windows\SysWow64\ff\Fonts\LinkinPark.ttf
c:\windows\SysWow64\ff\Fonts\lottepaperfang.ttf
c:\windows\SysWow64\ff\Fonts\maksukehoitus.ttf
c:\windows\SysWow64\ff\Fonts\manga_speak.ttf
c:\windows\SysWow64\ff\Fonts\MARK.TTF
c:\windows\SysWow64\ff\Fonts\Marlboc.ttf
c:\windows\SysWow64\ff\Fonts\Marlbow.ttf
c:\windows\SysWow64\ff\Fonts\Megadeth.ttf
c:\windows\SysWow64\ff\Fonts\meresre.ttf
c:\windows\SysWow64\ff\Fonts\morgenstern.ttf
c:\windows\SysWow64\ff\Fonts\N-Gage.ttf
c:\windows\SysWow64\ff\Fonts\NASALIZA.TTF
c:\windows\SysWow64\ff\Fonts\neon2.ttf
c:\windows\SysWow64\ff\Fonts\NEUROTOX.TTF
c:\windows\SysWow64\ff\Fonts\nevis.ttf
c:\windows\SysWow64\ff\Fonts\Orange Fizz.ttf
c:\windows\SysWow64\ff\Fonts\oreos.ttf
c:\windows\SysWow64\ff\Fonts\Origami.ttf
c:\windows\SysWow64\ff\Fonts\PaisleyCaps .ttf
c:\windows\SysWow64\ff\Fonts\Patches.ttf
c:\windows\SysWow64\ff\Fonts\pdark.ttf
c:\windows\SysWow64\ff\Fonts\Phorssa.ttf
c:\windows\SysWow64\ff\Fonts\Planet of the Apes.ttf
c:\windows\SysWow64\ff\Fonts\Playtoy.ttf
c:\windows\SysWow64\ff\Fonts\Pleiades.TTF
c:\windows\SysWow64\ff\Fonts\postoffice.ttf
c:\windows\SysWow64\ff\Fonts\Pozo.ttf
c:\windows\SysWow64\ff\Fonts\Prototype.ttf
c:\windows\SysWow64\ff\Fonts\Prozak.ttf
c:\windows\SysWow64\ff\Fonts\Pyromane.ttf
c:\windows\SysWow64\ff\Fonts\quake.TTF
c:\windows\SysWow64\ff\Fonts\Requiem.ttf
c:\windows\SysWow64\ff\Fonts\Resident Evil Large.ttf
c:\windows\SysWow64\ff\Fonts\retroRockPoster.ttf
c:\windows\SysWow64\ff\Fonts\ribbon.ttf
c:\windows\SysWow64\ff\Fonts\riesling.ttf
c:\windows\SysWow64\ff\Fonts\Rockit.ttf
c:\windows\SysWow64\ff\Fonts\romeo.ttf
c:\windows\SysWow64\ff\Fonts\Rounded.ttf
c:\windows\SysWow64\ff\Fonts\rzrarti.ttf
c:\windows\SysWow64\ff\Fonts\Scream Real.ttf
c:\windows\SysWow64\ff\Fonts\se7en.ttf
c:\windows\SysWow64\ff\Fonts\Searfont.ttf
c:\windows\SysWow64\ff\Fonts\shellhead.ttf
c:\windows\SysWow64\ff\Fonts\Sickness.ttf
c:\windows\SysWow64\ff\Fonts\sidewalk.ttf
c:\windows\SysWow64\ff\Fonts\Sin City.ttf
c:\windows\SysWow64\ff\Fonts\Sliced_Juice.ttf
c:\windows\SysWow64\ff\Fonts\Smallville1.ttf
c:\windows\SysWow64\ff\Fonts\Spirit Medium.ttf
c:\windows\SysWow64\ff\Fonts\splinter2.ttf
c:\windows\SysWow64\ff\Fonts\spongefont.ttf
c:\windows\SysWow64\ff\Fonts\stentiga.ttf
c:\windows\SysWow64\ff\Fonts\TAGSTER.TTF
c:\windows\SysWow64\ff\Fonts\Taste of steel.ttf
c:\windows\SysWow64\ff\Fonts\TERMINAT.TTF
c:\windows\SysWow64\ff\Fonts\the ring.ttf
c:\windows\SysWow64\ff\Fonts\the sixth sense.ttf
c:\windows\SysWow64\ff\Fonts\the_King__26_Queen_font.ttf
c:\windows\SysWow64\ff\Fonts\the_Poison.ttf
c:\windows\SysWow64\ff\Fonts\TheGodFather.ttf
c:\windows\SysWow64\ff\Fonts\tiza.ttf
c:\windows\SysWow64\ff\Fonts\tondo.ttf
c:\windows\SysWow64\ff\Fonts\tron.ttf
c:\windows\SysWow64\ff\Fonts\Trumania.ttf
c:\windows\SysWow64\ff\Fonts\Turok.ttf
c:\windows\SysWow64\ff\Fonts\ultimate MIDNIGHT.ttf
c:\windows\SysWow64\ff\Fonts\Umberto.ttf
c:\windows\SysWow64\ff\Fonts\Unreal.ttf
c:\windows\SysWow64\ff\Fonts\Uptown__.ttf
c:\windows\SysWow64\ff\Fonts\uwch.ttf
c:\windows\SysWow64\ff\Fonts\Vampiress.ttf
c:\windows\SysWow64\ff\Fonts\Varsity.ttf
c:\windows\SysWow64\ff\Fonts\vintage.ttf
c:\windows\SysWow64\ff\Fonts\walk_plank.ttf
c:\windows\SysWow64\ff\Fonts\weezerfont.ttf
c:\windows\SysWow64\ff\Fonts\WillyWonka.ttf
c:\windows\SysWow64\ff\Fonts\Xfiles.ttf
c:\windows\SysWow64\ff\Fonts\Yoshitoshi.ttf
c:\windows\SysWow64\ff\Fonts\Yukon Gold.ttf
c:\windows\SysWow64\ff\Fonts\zerogene.ttf
c:\windows\SysWow64\ff\help.html
c:\windows\SysWow64\ff\Other\Help\images\donation_button.png
c:\windows\SysWow64\ff\Other\Help\images\favicon.ico
c:\windows\SysWow64\ff\Other\Help\images\help_background_footer.png
c:\windows\SysWow64\ff\Other\Help\images\help_background_header.png
c:\windows\SysWow64\ff\Other\Help\images\help_logo_top.png
c:\windows\SysWow64\ff\Other\Source\AppSource.txt
c:\windows\SysWow64\ff\Other\Source\CheckForPlatformSplashDisable.nsh
c:\windows\SysWow64\ff\Other\Source\FirefoxPortable.ini
c:\windows\SysWow64\ff\Other\Source\FirefoxPortable.jpg
c:\windows\SysWow64\ff\Other\Source\FirefoxPortableU.nsi
c:\windows\SysWow64\ff\Other\Source\License.txt
c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_DUTCH.nsh
c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_ENGLISH.nsh
c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_ENGLISHGB.nsh
c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_FRENCH.nsh
c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_GERMAN.nsh
c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_HUNGARIAN.nsh
c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_ITALIAN.nsh
c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_JAPANESE.nsh
c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_KOREAN.nsh
c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_POLISH.nsh
c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_PORTUGUESE.nsh
c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_PORTUGUESEBR.nsh
c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_RUSSIAN.nsh
c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_SIMPCHINESE.nsh
c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_SPANISH.nsh
c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_SPANISHINTERNATIONAL.nsh
c:\windows\SysWow64\ff\Other\Source\PortableApps.comLauncherLANG_TRADCHINESE.nsh
c:\windows\SysWow64\ff\Other\Source\ReadINIStrWithDefault.nsh
c:\windows\SysWow64\ff\Other\Source\Readme.txt
c:\windows\SysWow64\ff\Other\Source\ReplaceInFileWithTextReplace.nsh
c:\windows\SysWow64\ff\Other\Source\SetFileAttributesDirectoryNormal.nsh
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\r_unzip.exe
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-10-11 bis 2013-11-11  ))))))))))))))))))))))))))))))
.
.
2013-11-10 09:35 . 2013-11-10 09:35	--------	d-----w-	C:\FRST
2013-11-08 13:51 . 2013-10-14 07:12	10280728	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{63FDE940-7B5A-4780-ABF4-D2BAD9C96E13}\mpengine.dll
2013-10-29 17:25 . 2013-09-04 12:12	343040	----a-w-	c:\windows\system32\drivers\usbhub.sys
2013-10-29 17:25 . 2013-09-04 12:11	325120	----a-w-	c:\windows\system32\drivers\usbport.sys
2013-10-29 17:25 . 2013-09-04 12:11	99840	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2013-10-29 17:25 . 2013-09-04 12:11	52736	----a-w-	c:\windows\system32\drivers\usbehci.sys
2013-10-29 17:25 . 2013-09-04 12:11	30720	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2013-10-29 17:25 . 2013-09-04 12:11	25600	----a-w-	c:\windows\system32\drivers\usbohci.sys
2013-10-29 17:25 . 2013-09-04 12:11	7808	----a-w-	c:\windows\system32\drivers\usbd.sys
2013-10-25 20:26 . 2013-10-25 20:26	--------	d-----w-	c:\users\robin\AppData\Local\photoOptimizeHistoryDataBase
2013-10-25 20:26 . 2013-10-25 20:26	--------	d-----w-	c:\users\robin\AppData\Local\Ashampoo Photo Optimizer 4
2013-10-22 20:31 . 2013-10-26 10:37	--------	d-----w-	c:\users\robin\AppData\Local\RadioSure
2013-10-22 20:15 . 2013-10-22 20:22	--------	d-----w-	c:\users\robin\AppData\Roaming\Chilirec
2013-10-22 20:15 . 2013-10-22 20:29	--------	d-----w-	c:\program files (x86)\Chilirec
2013-10-19 15:05 . 2013-10-19 15:05	--------	d-----w-	c:\programdata\Oracle
2013-10-19 15:05 . 2013-10-19 15:05	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-10-19 15:05 . 2013-10-19 15:04	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-19 15:04 . 2013-10-19 15:04	--------	d-----w-	c:\program files (x86)\Java
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-11 21:47 . 2012-06-04 20:37	80541720	----a-w-	c:\windows\system32\MRT.exe
2013-10-08 19:24 . 2012-10-18 18:04	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-08 19:24 . 2012-10-18 18:04	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-22 23:28 . 2013-10-11 21:50	1767936	----a-w-	c:\windows\SysWow64\wininet.dll
2013-09-22 23:27 . 2013-10-11 21:50	2876928	----a-w-	c:\windows\SysWow64\jscript9.dll
2013-09-22 23:27 . 2013-10-11 21:50	61440	----a-w-	c:\windows\SysWow64\iesetup.dll
2013-09-22 23:27 . 2013-10-11 21:50	109056	----a-w-	c:\windows\SysWow64\iesysprep.dll
2013-09-22 22:55 . 2013-10-11 21:50	51712	----a-w-	c:\windows\system32\ie4uinit.exe
2013-09-22 22:55 . 2013-10-11 21:50	2241024	----a-w-	c:\windows\system32\wininet.dll
2013-09-22 22:55 . 2013-10-11 21:50	1365504	----a-w-	c:\windows\system32\urlmon.dll
2013-09-22 22:54 . 2013-10-11 21:50	603136	----a-w-	c:\windows\system32\msfeeds.dll
2013-09-22 22:54 . 2013-10-11 21:50	19252224	----a-w-	c:\windows\system32\mshtml.dll
2013-09-22 22:54 . 2013-10-11 21:50	855552	----a-w-	c:\windows\system32\jscript.dll
2013-09-22 22:54 . 2013-10-11 21:50	3959296	----a-w-	c:\windows\system32\jscript9.dll
2013-09-22 22:54 . 2013-10-11 21:50	53248	----a-w-	c:\windows\system32\jsproxy.dll
2013-09-22 22:54 . 2013-10-11 21:50	526336	----a-w-	c:\windows\system32\ieui.dll
2013-09-22 22:54 . 2013-10-11 21:50	67072	----a-w-	c:\windows\system32\iesetup.dll
2013-09-22 22:54 . 2013-10-11 21:50	39936	----a-w-	c:\windows\system32\iernonce.dll
2013-09-22 22:54 . 2013-10-11 21:50	136704	----a-w-	c:\windows\system32\iesysprep.dll
2013-09-22 22:54 . 2013-10-11 21:50	2647552	----a-w-	c:\windows\system32\iertutil.dll
2013-09-22 22:54 . 2013-10-11 21:50	15404544	----a-w-	c:\windows\system32\ieframe.dll
2013-09-21 03:38 . 2013-10-11 21:50	2706432	----a-w-	c:\windows\system32\mshtml.tlb
2013-09-21 03:30 . 2013-10-11 21:50	2706432	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-09-21 02:48 . 2013-10-11 21:50	89600	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2013-09-21 02:39 . 2013-10-11 21:50	71680	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-09-17 20:33 . 2013-09-17 20:33	42184	----a-w-	c:\windows\system32\drivers\taphss6.sys
2013-09-14 01:10 . 2013-10-11 15:25	497152	----a-w-	c:\windows\system32\drivers\afd.sys
2013-09-10 14:18 . 2013-09-10 14:18	715038	----a-w-	c:\windows\unins000.exe
2013-09-08 02:30 . 2013-10-11 15:25	1903552	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-11 15:25	327168	----a-w-	c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-11 15:25	231424	----a-w-	c:\windows\SysWow64\mswsock.dll
2013-09-05 12:37 . 2013-05-06 11:29	81112	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-09-05 12:37 . 2013-03-30 03:10	132088	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-09-05 12:37 . 2013-03-30 03:10	105344	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-09-03 12:35 . 2012-08-10 15:49	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-08-29 02:17 . 2013-10-11 15:25	5549504	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-11 15:25	1732032	----a-w-	c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-11 15:25	243712	----a-w-	c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-11 15:25	859648	----a-w-	c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-11 15:25	878080	----a-w-	c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-11 15:25	3969472	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-11 15:25	3914176	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-11 15:25	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-11 15:25	1292192	----a-w-	c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-11 15:25	619520	----a-w-	c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-11 15:25	640512	----a-w-	c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-11 15:25	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-11 15:25	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-11 15:25	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-11 15:25	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-11 15:25	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-11 15:25	3155968	----a-w-	c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-11 15:25	461312	----a-w-	c:\windows\system32\scavengeui.dll
2013-08-26 09:13 . 2013-08-26 09:13	354656	----a-w-	c:\windows\SysWow64\DivXControlPanelApplet.cpl
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-21 17:44	220632	----a-w-	c:\users\robin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-21 17:44	220632	----a-w-	c:\users\robin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-21 17:44	220632	----a-w-	c:\users\robin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\robin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\robin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\robin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\daten\Steam\steam.exe" [2013-10-30 1820584]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-21 20549280]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-08-25 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-08-21 450560]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-09-05 347192]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-08-29 1861968]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\robin\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TP-LINK Wireless Configuration Utility.lnk - c:\program files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe -nogui [2013-2-10 788992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DiscountfinderService;DiscountfinderService;c:\programdata\Rabatt-Finder\DFService.exe;c:\programdata\Rabatt-Finder\DFService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys;c:\windows\SYSNATIVE\drivers\hcw88aud.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Rent Update;Rent Update;C:/Windows/Rent/Update.exe;C:/Windows/Rent/Update.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 hcw88bda;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys;c:\windows\SYSNATIVE\drivers\hcw88bda.sys [x]
S3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\system32\Drivers\hcw88rc5.sys;c:\windows\SYSNATIVE\Drivers\hcw88rc5.sys [x]
S3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys;c:\windows\SYSNATIVE\drivers\hcw88tse.sys [x]
S3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys;c:\windows\SYSNATIVE\drivers\hcw88vid.sys [x]
S3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\HCW88BAR.sys;c:\windows\SYSNATIVE\drivers\HCW88BAR.sys [x]
S3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys;c:\windows\SYSNATIVE\DRIVERS\TVMonitor.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-11-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-18 19:24]
.
2013-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2099103694-3175837312-4042448093-1000Core.job
- c:\users\robin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-03 14:42]
.
2013-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2099103694-3175837312-4042448093-1000UA.job
- c:\users\robin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-03 14:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-21 17:44	244696	----a-w-	c:\users\robin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-21 17:44	244696	----a-w-	c:\users\robin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-21 17:44	244696	----a-w-	c:\users\robin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\robin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\robin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\robin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\robin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files (x86)\PokerStars.EU\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.178.1
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
Toolbar-!{e36df325-3f4b-476f-8f89-123bc5d51a30} - (no file)
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\robin\AppData\Local\Akamai\netsession_win.exe
Wow6432Node-HKCU-Run-Remote Control Server - c:\program files (x86)\Remote Control Server\Remote Control Server.exe
Wow6432Node-HKCU-Run-Exetender_148 - c:\program files (x86)\FreeRide Games\GPlayer.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
Toolbar-!{e36df325-3f4b-476f-8f89-123bc5d51a30} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Rent Update]
"ImagePath"="C:/Windows/Rent/Update.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Rent Update]
"ImagePath"="C:/Windows/Rent/Update.exe"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,08,01,60,
   1a,82,e9,65,3d,9d,e9,17,af,a2,b0,e5,ab
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:6c,07,07,72,1c,4e,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,30,bc,ce,13,37,76,28,48,b3,9e,25,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,30,bc,ce,13,37,76,28,48,b3,9e,25,\
.
[HKEY_USERS\S-1-5-21-2099103694-3175837312-4042448093-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2099103694-3175837312-4042448093-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2099103694-3175837312-4042448093-1000\Software\SecuROM\License information*]
"datasecu"=hex:6d,16,55,fc,c5,b5,7b,96,3d,d8,69,c4,43,59,52,10,b2,73,94,ed,fb,
   e7,ac,ce,25,e8,87,c8,c6,dc,34,ac,d2,2e,0b,fc,b4,a7,5a,3d,dd,cf,39,c5,30,ee,\
"rkeysecu"=hex:e8,1c,b6,72,10,72,8a,b6,48,fd,90,ef,fb,0d,29,0e
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{722b3793-5367-4446-b6bb-db89b05c1f24}\LocalServer32]
@DACL=(02 0000)
@=expand:"%SystemRoot%\\System32\\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {722b3793-5367-4446-b6bb-db89b05c1f24}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\Rent\Update.exe
c:\program files (x86)\TeamViewer\Version8\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version8\tv_w32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-11-11  18:08:18 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-11-11 17:08
.
Vor Suchlauf: 17 Verzeichnis(se), 36.672.356.352 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 36.369.608.704 Bytes frei
.
- - End Of File - - 7F682F7211B1A26C782D0B63E3E4F701
A36C5E4F47E84449FF07ED3517B43A31

cosinus · 11.11.2013, 22:36

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

werso111 · 12.11.2013, 18:41

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.11.12.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
robin :: PC-R4KZ83901G [administrator]

12.11.2013 17:58:28
mbar-log-2013-11-12 (17-58-28).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 226667
Time elapsed: 9 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\robin\Desktop\alles\EvilHook\COD4.exe (Trojan.Agent.H) -> Delete on reboot.
C:\Users\robin\Desktop\BFP4FHack\Winject.exe (Backdoor.Agent.DCRSAGen) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

aber ich glaube net das diese 2 dateien das waren denn die habe ich schon fast nen halbes jahr auf meinem pc ...

cosinus · 12.11.2013, 22:53

SInd das Cheats/Hacks?

Da bitte vorsichtiger mit sein, da ist oft sehr viel Unsinn mit drin

Bite einen neuen Lauf mit MBAR machen und Log wieder posten

werso111 · 13.11.2013, 17:45

ja beim lauf danach waren sie weg...

cosinus · 13.11.2013, 22:19

Adware/Junkware/Toolbars entfernen

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

werso111 · 14.11.2013, 20:17

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013
Ran by robin (administrator) on PC-R4KZ83901G on 14-11-2013 20:12:13
Running from C:\Users\robin\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Windows\Rent\Rent.exe
(Valve Corporation) D:\Daten\Steam\Steam.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Dropbox, Inc.) C:\Users\robin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\WinTV.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Google Inc.) C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [Steam] - D:\Daten\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-08-25] (AMD)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Startup: C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\robin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x13ECD8049741CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - !{DFEFCDEE-CF1A-4FC8-88AD-129872198372} -  No File
Toolbar: HKLM-x32 - No Name - !{DFEFCDEE-CF1A-4FC8-88AD-129872198372} -  No File
Toolbar: HKLM-x32 - No Name - !{e36df325-3f4b-476f-8f89-123bc5d51a30} -  No File
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR HomePage: hxxp://start.icq.com/
CHR RestoreOnStartup: "hxxp://start.icq.com/", "hxxp://www.searchnu.com/406", "hxxp://search.babylon.com/?affID=109958&tt=120912_pcp_3812_1&babsrc=HP_ss&mntrId=5a1b86af000000000000bc0543027d7b", "hxxp://search.iminent.com/?appId=8A9725FF-166A-4A54-AA70-3C19BF792E8C", "hxxp://www.delta-search.com/?affID=119776&tt=120912_pcp_3812_1&babsrc=HP_ss&mntrId=5a1b86af00000000000000ff4fbcb0c0", "hxxp://isearch.babylon.com/?affID=120349&tt=120912_pcp_3812_1&babsrc=HP_ss&mntrId=5a1b86af0000000000006470026efb0a", "hxxp://www.delta-search.com/?affID=119396&tt=120912_pcp_3812_1&babsrc=HP_ss&mntrId=5a1b86af0000000000006470026efb0a", "hxxp://search.conduit.com/?ctid=CT3297265&SearchSource=48&CUI=UN16027366193223595&UM=2", "hxxp://www.google.com", "hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=5A1B6470026EFB0A&affID=121565&tsp=5010"
CHR Plugin: (Shockwave Flash) - C:\Users\robin\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\robin\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\robin\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (LoadTubes Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (MoneyMillionaire plugin) - C:\ProgramData\Rabatt-Finder\FFExtension20130203211738\plugins\npdf.dll No File
CHR Plugin: (Google Update) - C:\Users\robin\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Drive) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Battlefield Play4Free) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0
CHR Extension: (Gmail) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR Extension: (AdBlock) - C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pljaalgmajnlogcgiohkhdmgpomjcihk\2.6.10_0
CHR HKLM\...\Chrome\Extension: [kdmpheneajogfnlbplgmdbempjibfbok] - C:\Program Files\FBFlicker\source.crx
CHR HKLM-x32\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\robin\AppData\LocalLow\proxtube\CHROME\proxtube.crx
CHR HKLM-x32\...\Chrome\Extension: [flolnhkojafikhpkpidiphabnpgedplh] - C:\Users\robin\AppData\Local\CRE\flolnhkojafikhpkpidiphabnpgedplh.crx
CHR HKLM-x32\...\Chrome\Extension: [hkoahcaobjbihehldfimhblmhgalcipm] - C:\Users\robin\AppData\Local\CRE\hkoahcaobjbihehldfimhblmhgalcipm.crx
CHR HKLM-x32\...\Chrome\Extension: [kdmpheneajogfnlbplgmdbempjibfbok] - C:\Program Files\FBFlicker\source.crx
CHR HKLM-x32\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\robin\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx
CHR StartMenuInternet: Google Chrome - C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] ()
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-04-01] ()
S2 DiscountfinderService; "C:\ProgramData\Rabatt-Finder\DFService.exe" [x]
S2 Rent Update; C:/Windows/Rent/Update.exe [x]

==================== Drivers (Whitelisted) ====================

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-30] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2009-03-20] (AVM Berlin)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2009-03-20] (AVM GmbH)
R3 hcw88rc5; C:\Windows\System32\Drivers\hcw88rc5.sys [15872 2010-08-16] (Hauppauge Computer Works, Inc.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-17] (Anchorfree Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-14 20:12 - 2013-11-14 20:12 - 00013029 _____ C:\Users\robin\Downloads\FRST.txt
2013-11-14 20:12 - 2013-11-14 20:12 - 00000000 ___HD C:\Windows\SysWOW64\FF_BN_125559
2013-11-14 20:11 - 2013-11-14 20:12 - 01957794 _____ (Farbar) C:\Users\robin\Downloads\FRST64.exe
2013-11-14 20:10 - 2013-11-14 20:10 - 00016708 _____ C:\Users\robin\Desktop\JRT.txt
2013-11-14 20:06 - 2013-11-14 20:06 - 00000000 ____D C:\Windows\ERUNT
2013-11-14 20:05 - 2013-11-14 20:05 - 01034531 _____ (Thisisu) C:\Users\robin\Downloads\JRT.exe
2013-11-14 19:39 - 2013-11-14 19:40 - 01085542 _____ C:\Users\robin\Desktop\adwcleaner.exe
2013-11-13 22:48 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 22:48 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 22:48 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 22:48 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 22:48 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 22:48 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 22:48 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 22:48 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 22:48 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 22:48 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 22:48 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 22:48 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 22:48 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 22:48 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 22:48 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 22:48 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 22:48 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 22:48 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 22:48 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 22:48 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 22:48 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 22:48 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 22:48 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 22:48 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 22:48 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 22:48 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 22:48 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 22:48 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 22:48 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 22:48 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 22:48 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 17:32 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 17:32 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 17:31 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 17:31 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 17:31 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 17:31 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 17:31 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 17:31 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 17:31 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 17:31 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 17:31 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 17:31 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 17:31 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 17:31 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 17:31 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 17:31 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 17:31 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 17:31 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 17:31 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 17:31 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 17:31 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 17:31 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 17:31 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 17:31 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 17:31 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 17:31 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 17:31 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 17:31 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 17:31 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 17:31 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-12 17:58 - 2013-11-12 18:26 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-12 17:56 - 2013-11-12 18:38 - 00000000 ____D C:\Users\robin\Desktop\mbar
2013-11-12 17:56 - 2013-11-12 18:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-12 17:37 - 2013-11-12 17:37 - 00000000 ___HD C:\Windows\SysWOW64\FF
2013-11-11 22:51 - 2013-11-11 22:51 - 12576792 _____ (Malwarebytes Corp.) C:\Users\robin\Desktop\mbar-1.07.0.1007.exe
2013-11-11 18:08 - 2013-11-11 18:08 - 00069860 _____ C:\ComboFix.txt
2013-11-11 18:07 - 2013-11-12 17:34 - 00139264 _____ C:\Windows\SysWOW64\r_unzip.exe
2013-11-11 17:54 - 2013-11-11 18:08 - 00000000 ____D C:\Qoobox
2013-11-11 17:54 - 2013-11-11 18:07 - 00000000 ____D C:\Windows\erdnt
2013-11-11 17:54 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-11 17:54 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-11 17:54 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-11 17:54 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-11 17:54 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-11 17:54 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-11 17:54 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-11 17:54 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-11 17:49 - 2013-11-11 17:49 - 05144727 ____R (Swearware) C:\Users\robin\Desktop\ComboFix.exe
2013-11-10 10:35 - 2013-11-10 10:35 - 00000000 ____D C:\FRST
2013-11-10 10:26 - 2013-11-12 18:09 - 00001664 _____ C:\Windows\PFRO.log
2013-11-09 23:15 - 2013-11-14 20:01 - 00000784 _____ C:\Windows\setupact.log
2013-11-09 23:15 - 2013-11-09 23:15 - 00000000 _____ C:\Windows\setuperr.log
2013-10-29 18:25 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-29 18:25 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-29 18:25 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-29 18:25 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-29 18:25 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-29 18:25 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-29 18:25 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-26 11:45 - 2013-10-27 02:05 - 00000000 ____D C:\Users\robin\Documents\Rockstar Games
2013-10-26 11:42 - 2013-10-26 11:42 - 00000000 ____D C:\Users\robin\Documents\Games for Windows - LIVE Demos
2013-10-25 21:26 - 2013-10-25 21:26 - 00000000 ____D C:\Users\robin\AppData\Local\photoOptimizeHistoryDataBase
2013-10-25 21:26 - 2013-10-25 21:26 - 00000000 ____D C:\Users\robin\AppData\Local\Ashampoo Photo Optimizer 4
2013-10-24 19:13 - 2013-11-08 17:55 - 00000041 _____ C:\Users\robin\Desktop\Neues Textdokument.txt
2013-10-22 21:31 - 2013-10-26 11:37 - 00000000 ____D C:\Users\robin\AppData\Local\RadioSure
2013-10-22 21:15 - 2013-10-22 21:29 - 00000000 ____D C:\Program Files (x86)\Chilirec
2013-10-22 21:15 - 2013-10-22 21:22 - 00000000 ____D C:\Users\robin\AppData\Roaming\Chilirec
2013-10-19 16:05 - 2013-10-19 16:05 - 00000000 ____D C:\ProgramData\Oracle
2013-10-19 16:05 - 2013-10-19 16:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-19 16:05 - 2013-10-19 16:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-19 16:05 - 2013-10-19 16:04 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-19 16:05 - 2013-10-19 16:04 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-19 16:04 - 2013-10-19 16:04 - 00000000 ____D C:\Program Files (x86)\Java

==================== One Month Modified Files and Folders =======

2013-11-14 20:13 - 2013-11-14 20:12 - 00013029 _____ C:\Users\robin\Downloads\FRST.txt
2013-11-14 20:13 - 2012-06-03 16:02 - 00000000 ____D C:\Users\robin\AppData\Roaming\Skype
2013-11-14 20:12 - 2013-11-14 20:12 - 00000000 ___HD C:\Windows\SysWOW64\FF_BN_125559
2013-11-14 20:12 - 2013-11-14 20:11 - 01957794 _____ (Farbar) C:\Users\robin\Downloads\FRST64.exe
2013-11-14 20:11 - 2009-07-14 05:45 - 00014928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-14 20:11 - 2009-07-14 05:45 - 00014928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-14 20:10 - 2013-11-14 20:10 - 00016708 _____ C:\Users\robin\Desktop\JRT.txt
2013-11-14 20:08 - 2009-07-14 18:58 - 00699416 _____ C:\Windows\system32\perfh007.dat
2013-11-14 20:08 - 2009-07-14 18:58 - 00149556 _____ C:\Windows\system32\perfc007.dat
2013-11-14 20:08 - 2009-07-14 06:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-14 20:06 - 2013-11-14 20:06 - 00000000 ____D C:\Windows\ERUNT
2013-11-14 20:05 - 2013-11-14 20:05 - 01034531 _____ (Thisisu) C:\Users\robin\Downloads\JRT.exe
2013-11-14 20:02 - 2013-10-05 14:41 - 00000000 ____D C:\Program Files (x86)\WinTV
2013-11-14 20:02 - 2013-01-08 22:04 - 00000000 ___RD C:\Users\robin\Dropbox
2013-11-14 20:02 - 2013-01-08 22:01 - 00000000 ____D C:\Users\robin\AppData\Roaming\Dropbox
2013-11-14 20:01 - 2013-11-09 23:15 - 00000784 _____ C:\Windows\setupact.log
2013-11-14 20:01 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-14 20:00 - 2013-08-28 16:19 - 00000000 ____D C:\AdwCleaner
2013-11-14 20:00 - 2012-06-03 15:30 - 01788244 _____ C:\Windows\WindowsUpdate.log
2013-11-14 19:40 - 2013-11-14 19:39 - 01085542 _____ C:\Users\robin\Desktop\adwcleaner.exe
2013-11-14 19:40 - 2012-09-30 18:19 - 00000000 ____D C:\Users\robin\AppData\Local\CrashDumps
2013-11-14 19:24 - 2012-10-18 19:04 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-14 19:24 - 2012-06-03 15:42 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2099103694-3175837312-4042448093-1000UA.job
2013-11-14 15:17 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-14 14:27 - 2012-06-03 16:27 - 00000000 ____D C:\Windows\Panther
2013-11-13 22:48 - 2012-06-23 13:13 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-13 22:47 - 2013-07-17 20:25 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 22:46 - 2012-06-04 21:37 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 22:24 - 2012-06-03 15:42 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2099103694-3175837312-4042448093-1000Core.job
2013-11-12 18:38 - 2013-11-12 17:56 - 00000000 ____D C:\Users\robin\Desktop\mbar
2013-11-12 18:28 - 2012-06-05 14:12 - 00000000 ____D C:\Users\robin\AppData\Local\Windows Live
2013-11-12 18:26 - 2013-11-12 17:58 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-12 18:26 - 2013-11-12 17:56 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-12 18:09 - 2013-11-10 10:26 - 00001664 _____ C:\Windows\PFRO.log
2013-11-12 18:08 - 2012-11-13 14:14 - 00000000 __SHD C:\Users\robin\Desktop\BFP4FHack
2013-11-12 17:37 - 2013-11-12 17:37 - 00000000 ___HD C:\Windows\SysWOW64\FF
2013-11-12 17:34 - 2013-11-11 18:07 - 00139264 _____ C:\Windows\SysWOW64\r_unzip.exe
2013-11-11 22:51 - 2013-11-11 22:51 - 12576792 _____ (Malwarebytes Corp.) C:\Users\robin\Desktop\mbar-1.07.0.1007.exe
2013-11-11 18:08 - 2013-11-11 18:08 - 00069860 _____ C:\ComboFix.txt
2013-11-11 18:08 - 2013-11-11 17:54 - 00000000 ____D C:\Qoobox
2013-11-11 18:08 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-11-11 18:07 - 2013-11-11 17:54 - 00000000 ____D C:\Windows\erdnt
2013-11-11 18:04 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-11-11 18:02 - 2012-11-13 14:11 - 00000000 ____D C:\Users\robin\Documents\MSDCSC
2013-11-11 18:01 - 2012-08-28 17:15 - 00000000 ____D C:\Users\robin\AppData\Roaming\convert
2013-11-11 17:49 - 2013-11-11 17:49 - 05144727 ____R (Swearware) C:\Users\robin\Desktop\ComboFix.exe
2013-11-10 10:35 - 2013-11-10 10:35 - 00000000 ____D C:\FRST
2013-11-09 23:15 - 2013-11-09 23:15 - 00000000 _____ C:\Windows\setuperr.log
2013-11-09 03:21 - 2012-08-19 20:57 - 00000000 ____D C:\Users\robin\AppData\Roaming\TS3Client
2013-11-08 17:55 - 2013-10-24 19:13 - 00000041 _____ C:\Users\robin\Desktop\Neues Textdokument.txt
2013-11-08 14:48 - 2012-06-03 15:51 - 00000000 ____D C:\ProgramData\Skype
2013-11-08 14:47 - 2013-01-26 16:36 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-06 18:59 - 2012-06-12 12:21 - 00000000 ____D C:\Users\robin\AppData\Roaming\Mozilla
2013-11-04 22:38 - 2013-09-25 21:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-29 21:31 - 2012-06-07 20:40 - 00000000 ____D C:\Program Files (x86)\Origin
2013-10-27 02:05 - 2013-10-26 11:45 - 00000000 ____D C:\Users\robin\Documents\Rockstar Games
2013-10-26 11:43 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-26 11:42 - 2013-10-26 11:42 - 00000000 ____D C:\Users\robin\Documents\Games for Windows - LIVE Demos
2013-10-26 11:37 - 2013-10-22 21:31 - 00000000 ____D C:\Users\robin\AppData\Local\RadioSure
2013-10-25 21:26 - 2013-10-25 21:26 - 00000000 ____D C:\Users\robin\AppData\Local\photoOptimizeHistoryDataBase
2013-10-25 21:26 - 2013-10-25 21:26 - 00000000 ____D C:\Users\robin\AppData\Local\Ashampoo Photo Optimizer 4
2013-10-25 17:43 - 2013-10-05 14:26 - 00083574 _____ C:\hcwDriverInstall.txt
2013-10-22 21:29 - 2013-10-22 21:15 - 00000000 ____D C:\Program Files (x86)\Chilirec
2013-10-22 21:22 - 2013-10-22 21:15 - 00000000 ____D C:\Users\robin\AppData\Roaming\Chilirec
2013-10-22 18:17 - 2012-06-03 15:35 - 00000000 ____D C:\Users\robin
2013-10-22 15:44 - 2012-07-12 19:55 - 00000000 ____D C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-10-19 20:16 - 2013-02-09 23:48 - 00000000 ____D C:\Users\robin\AppData\Local\Downloaded Installations
2013-10-19 16:05 - 2013-10-19 16:05 - 00000000 ____D C:\ProgramData\Oracle
2013-10-19 16:04 - 2013-10-19 16:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-19 16:04 - 2013-10-19 16:05 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-19 16:04 - 2013-10-19 16:05 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-19 16:04 - 2013-10-19 16:05 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-19 16:04 - 2013-10-19 16:04 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-19 11:26 - 2013-07-31 17:27 - 00002373 _____ C:\Users\robin\Desktop\Google Chrome.lnk
2013-10-16 21:19 - 2012-06-03 15:42 - 00004090 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2099103694-3175837312-4042448093-1000UA
2013-10-16 21:19 - 2012-06-03 15:42 - 00003694 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2099103694-3175837312-4042448093-1000Core

Some content of TEMP:
====================
C:\Users\robin\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-14 15:10

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by robin on 14.11.2013 at 20:06:09,47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2099103694-3175837312-4042448093-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2099103694-3175837312-4042448093-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2099103694-3175837312-4042448093-1000\Software\web assistant
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211101158}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\taskhost_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\taskhost_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricepeep_02042013_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricepeep_02042013_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211101158}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\taskhost_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\taskhost_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\pricepeep_02042013_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\pricepeep_02042013_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{690CC4C4-C3B3-44DB-8BC3-39D146EA96F1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F7EE4016-0062-4D55-A6C7-9A1C0C6669E5}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\optimizerpro"
Successfully deleted: [Folder] "C:\Users\robin\appdata\locallow\datamngr"
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{0139CF54-70AF-4D93-89D0-BB764C363870}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{02F71238-7518-4F89-8D49-1819ADAC0367}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{073E71FC-68D8-4C30-8500-0F09237B4E8B}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{0A76B511-D8DB-4FA7-9407-0C65C6FB9EF4}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{0AAA32ED-3BB9-4CE9-A374-42FE7B412363}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{0C2FC9A1-8730-4768-A5B4-12215F59F40D}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{0C458D6A-3A7B-4934-BAB4-9CAC33C053F9}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{0E1E164B-85C6-4D8A-8E58-484322B79FF7}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{0FE6D785-E61C-4F2B-B821-4C389020E687}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{145AB6B3-F245-46BD-A8E0-1649853CE599}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{1590A30F-0D8C-4280-8B20-E74CF745A7EA}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{16005D6C-C17C-474C-8DAA-34B91EFEFEE4}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{19F4D622-3436-422B-9E66-587B4EA65BBA}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{1A4819A8-C995-4111-A46E-E767D3639928}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{1D96AC7D-4937-43C5-BC1D-A5D22A438588}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{1F9E509E-3575-493D-8DFF-213C34D1E93A}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{20A07906-4987-46AF-B87C-99D9E01A36E2}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{24681B98-1F3B-4480-8BC8-1042127A7DD7}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{287E942C-4651-406E-9C6D-645CEE82A6E4}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{29817018-4115-40A5-B4DC-E846ECD895F0}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{2A1D1F77-131F-4EF4-AA88-88B0060891EF}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{2AFFBAC4-773C-490F-8E40-76D377A331F5}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{2BCD7B52-4B7E-4EE3-AD98-18B46849F0F9}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{2C3307DB-0F63-4533-93CF-823177DCB01C}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{2F124F52-8954-4847-95EB-9A60C6BE341E}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{2F5E1CD8-2D01-4370-8717-0B58D213D8C0}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{327C6AD3-C858-4CA1-A520-4BC723E945ED}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{3299C701-F305-46E0-BD7B-6B5985A2B4AF}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{35119AEA-719D-4A6F-B16C-E5022B5B08F0}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{35210C8A-5415-4C29-914A-086AD26E1893}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{38094B1F-52C1-479B-B135-71CF6A1CA2B8}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{3DA550B4-F6AA-4121-A1D6-857F48862865}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{3E2A90E7-DEFF-474E-8A9A-9FFB56BB9BD6}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{3EEB208A-0D91-437B-9D67-AAEC4E77D32B}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{448E13E2-CCD5-48AC-9566-D9D5B42DEBC6}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{44EEE324-D7F3-4CB1-A448-6CBE99374D7D}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{496B2300-A502-40D7-89B5-4DCF400B1332}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{49C5596B-ADFA-442E-8310-50456D76B4CB}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{4A3A92A5-6E45-431E-BCF0-77BA6AE07538}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{4D0EE557-8EAB-4CE1-8FBD-0C6D192BDDBA}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{572D36E3-7140-4706-8859-3182E1DA288C}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{57D19E61-4B6E-4728-99E2-74611CE3B0A3}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{583DE304-DEAE-4841-BDD1-C4917B080B6A}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{58DF4C1F-38C3-489A-BE6D-2C878DC810A3}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{59A5D71E-A5BA-4D12-8FE8-8CA89A0C7C04}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{5B449E38-E6F4-414C-964B-A5364A5879F5}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{5BCBBB91-31AB-4C6B-92B2-091F542CBF17}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{5CDF1F48-B302-470C-80EB-11831FD85278}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{5E7C33DF-0AFA-48C5-84C8-358CB67D0C51}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{5F4314D2-406A-42F9-904D-631374663502}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{60170186-46A9-4D50-9BA8-41A2422B579A}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{6322048A-A5EE-4470-89E4-C346C8654C4F}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{644B9454-B937-424B-90D2-324AD55ED1F8}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{645B7749-E3D0-4F7D-9AB6-81710E202120}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{64D8D333-C182-4EAB-8E62-59FD38F1BD2F}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{65BB7923-85F3-401A-BDAF-15079E85A030}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{67EB7D31-F551-43C5-BCB4-5A0528A2DD66}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{69CB5FCC-49F3-4960-8812-A614857307FE}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{6ACE4B5C-0DA5-4256-9FCA-851556CFF149}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{6AD40301-D844-4C5F-994E-81EC8200CF92}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{6B769C7A-F36E-46C7-A3CD-9E1E552B8E30}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{6DC2E2F2-5C3F-4C77-BFE7-0C1B9F33F5B7}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{742C63B5-363B-4046-9BC7-4E709AE4C39F}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{7595C6EA-F75D-43A3-963D-D0D7A1455B6A}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{76C9C9CF-5CD7-48CA-BAF9-2A40D2E57BF7}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{796B08C5-7BDA-4D34-9BF8-6E9B4EA59DDA}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{81F4BC97-6EA2-452B-B91A-A48734696776}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{845CA774-D8CF-4C84-B929-2F67FBCB29F2}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{85A8771C-B2CF-4516-8437-03BAE8D1E4CC}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{8CAB9446-CD23-4652-A3CB-E07BF99CB46F}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{8FD82551-84BD-4CD7-8405-1D60A78376DD}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{92994177-BAB7-4B95-84C6-4DD94A7669C9}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{94D05195-6B0B-43E3-80DD-B277A5C2DADE}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{96F84CCF-C2F2-494A-8314-8042A6F2E16F}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{9871DF34-D38C-4923-9540-36DC098153C5}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{9945C444-0271-47ED-8494-17635B1183C9}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{9B68BCA8-117B-4F76-BD0E-7803FAA1E615}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{9D76B4D7-2C66-4CA3-ABED-62EA84D7CC3C}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{9D893A8A-5F5C-45DC-9775-0A7EFD1512F7}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{9DB4577E-4933-4570-AE64-0DBF6EDDC6E5}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{9EA6E06A-6E9E-482A-B029-9C2AB55B35D9}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{A81289E0-E9FF-4FDC-B1E8-DBE72205542E}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{A8B56359-155E-48C4-ACC4-CBC0ACE92ED5}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{B1A3ED8B-930D-46A5-BFD9-F845E9D115D0}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{B37C6A9A-901A-4D1C-AC40-7E7D04174E6C}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{B5400013-0078-452D-A8EA-934B684E94A4}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{B57DEC49-5C6A-4712-80D8-AE79D0BD5EA7}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{B6330760-A813-421A-8AF4-0E7725B7E35B}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{B9467377-439B-40D0-A16A-0861A96D9C41}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{B9E9F911-D97B-4590-82A5-FD2039A2EAD9}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{BAB7FB24-7927-4A03-A776-4B61AC7E8DA7}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{BAE7DE9F-6844-4A41-9B9E-CC1228CE808A}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{BFEB9C41-417B-4D28-8031-7B3A074F5304}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{C087374E-7DE4-45B8-8ACB-319C61604223}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{C0CCC999-4130-473C-AC40-DA5E8AABB19B}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{C1160388-122F-4276-8FD1-98663F91C5BD}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{C13C5E85-C98C-46C0-BC1F-D12F5C41D24A}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{C180CC1E-6744-4BBF-8D70-11CFEEDA7960}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{C1CFEFF5-7FB7-49DC-8965-D0EEC7E587FE}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{C3881582-16E2-4418-838E-F88342D3EF9B}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{C422CEED-F4D2-40D2-8A55-705D1275178E}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{CAFBD2E9-FAFB-4DA5-8D8E-A68B9758BF61}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{CBC4DB51-0E68-4250-8F59-B9C7E15D596F}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{CEE8E686-196B-4E20-B911-A3ADFE2D8761}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{CF03BFA8-B01A-4EB6-B653-C61B0B7B2A6C}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{CFC9EE7D-025F-4522-9BB8-DAD6B64953A7}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{D612BDCD-EEAC-4C15-8AF0-715CF97F1D9C}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{D7AB358B-6842-46E5-A4A6-921A6F3541CE}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{DB3B5B94-399E-4553-8D77-00F750CBDFFD}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{E41A7A45-245C-4409-8766-CEF21E71631D}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{E90F9C58-2A72-4CC2-A254-7504EE312832}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{E916BBF1-FFA3-4781-9079-5A8F60646DDA}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{E971F284-674D-4633-AAAA-4815B25831F1}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{F06970DD-D740-4226-9AA2-D0657CC1BFA2}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{F1ECB145-B5FF-415F-B948-D782172A9136}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{F2529465-E668-4AA3-A3C6-3AFCBC881A08}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{F4F0ACAC-06A6-44B5-A4E2-3D64301893BA}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{F5832BBC-7FE4-4DC6-9766-AB4A63784125}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{F676FC7B-A027-4E20-96F6-625CFEEDBE71}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{F7AAB829-E900-4B00-9A5F-E52B8755B6D5}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{F803C839-EB28-47F3-B1B7-5AD6527067D9}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{F9701822-ADA0-4EBD-9EBE-5CD882A1467D}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{FA30D0FE-E675-46E0-A545-2656F2E77244}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{FF6553DB-B308-4DCD-8B6F-C8BF2DD06C6C}
Successfully deleted: [Empty Folder] C:\Users\robin\appdata\local\{FF66D434-A564-45C4-98B3-D9067F35FA9F}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.11.2013 at 20:10:44,78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

ATTFilter

# AdwCleaner v3.012 - Bericht erstellt am 14/11/2013 um 20:00:04
# Updated 11/11/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : robin - PC-R4KZ83901G
# Gestartet von : C:\Users\robin\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\DealPlyLive
Ordner Gelöscht : C:\ProgramData\DSearchLink
Ordner Gelöscht : C:\Program Files (x86)\DealPlyLive
Ordner Gelöscht : C:\Program Files\~Web Assistant
Ordner Gelöscht : C:\Users\robin\AppData\Local\DealPlyLive
Ordner Gelöscht : C:\Users\robin\AppData\Local\webplayer
Ordner Gelöscht : C:\Users\robin\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\robin\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\robin\AppData\Roaming\DealPly
Ordner Gelöscht : C:\Users\robin\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiennapmieppnpfhhogglccgepbdajan

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\pricegong_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\pricegong_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\5e57df8bbc3abd17
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2536373
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3297265
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKCU\Software\anchorfree
Schlüssel Gelöscht : HKCU\Software\Conduit
[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\DealPlyLive
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\smartbar
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DealPlyLive
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\Vittalia
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Google Chrome v

[ Datei : C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : urls_to_restore_on_startup
Gelöscht : homepage

*************************

AdwCleaner[R0].txt - [84813 octets] - [28/08/2013 16:19:39]
AdwCleaner[R1].txt - [10782 octets] - [14/11/2013 19:40:21]
AdwCleaner[S0].txt - [84857 octets] - [28/08/2013 16:20:29]
AdwCleaner[S1].txt - [9366 octets] - [14/11/2013 20:00:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [9426 octets] ##########

12.11.2013, 22:53	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	tonproblem habe "unsichtbare ton werbung" seid 3tagen SInd das Cheats/Hacks? Da bitte vorsichtiger mit sein, da ist oft sehr viel Unsinn mit drin Bite einen neuen Lauf mit MBAR machen und Log wieder posten __________________ Logfiles bitte immer in CODE-Tags posten

tonproblem habe "unsichtbare ton werbung" seid 3tagen

Plagegeister aller Art und deren Bekämpfung: tonproblem habe "unsichtbare ton werbung" seid 3tagen