|   | green devil | 04.12.2011 21:17 |  
 Nochmal Hallo und Sorry für das Missachten der Regeln, 
war vorhin ein wenig in Eile und habe das schlichtweg überlesen...  
Hier nun mein OTL Log, der Extra Log befindet sich im Angang.   
Vielen Dank für eure Bemühungen.  
André  
OTL Log:OTL Logfile:   Code: 
 OTL logfile created on: 04.12.2011 20:53:15 - Run 1OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Andre\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
 Internet Explorer (Version = 9.0.8112.16421)
 Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
 2,99 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 64,87% Memory free
 5,99 Gb Paging File | 4,52 Gb Available in Paging File | 75,46% Paging File free
 Paging file location(s): ?:\pagefile.sys [binary data]
 
 %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
 Drive C: | 142,16 Gb Total Space | 51,20 Gb Free Space | 36,01% Space Free | Partition Type: NTFS
 Drive D: | 142,18 Gb Total Space | 135,07 Gb Free Space | 94,99% Space Free | Partition Type: NTFS
 Drive G: | 50,00 Gb Total Space | 49,87 Gb Free Space | 99,74% Space Free | Partition Type: NTFS
 Drive I: | 32,88 Gb Total Space | 25,12 Gb Free Space | 76,39% Space Free | Partition Type: NTFS
 Drive J: | 931,51 Gb Total Space | 296,37 Gb Free Space | 31,82% Space Free | Partition Type: NTFS
 Drive L: | 500,00 Gb Total Space | 75,89 Gb Free Space | 15,18% Space Free | Partition Type: NTFS
 Drive M: | 500,00 Gb Total Space | 39,08 Gb Free Space | 7,82% Space Free | Partition Type: NTFS
 Drive N: | 397,26 Gb Total Space | 232,40 Gb Free Space | 58,50% Space Free | Partition Type: NTFS
 Drive O: | 150,00 Gb Total Space | 9,59 Gb Free Space | 6,39% Space Free | Partition Type: NTFS
 
 Computer Name: ANDRE-PC | User Name: Andre | Logged in as Administrator.
 Boot Mode: Normal | Scan Mode: Current user | Quick Scan
 Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
 ========== Processes (SafeList) ==========
 
 PRC - [2011.12.04 19:46:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andre\Desktop\OTL.exe
 PRC - [2011.12.02 17:58:41 | 001,045,328 | ---- | M] (Flexera Software, Inc.) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
 PRC - [2011.11.09 23:52:11 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
 PRC - [2011.10.28 14:36:53 | 001,506,824 | ---- | M] (G Data Software AG) -- C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe
 PRC - [2011.10.28 14:36:43 | 001,617,416 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalCare\Firewall\GDFirewallTray.exe
 PRC - [2011.10.28 14:36:11 | 000,457,536 | ---- | M] (G Data Software AG) -- C:\Programme\Common Files\G Data\GDScan\GDScan.exe
 PRC - [2011.10.28 02:40:14 | 001,554,184 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalCare\AVK\AVKWCtl.exe
 PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
 PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
 PRC - [2011.08.10 13:20:28 | 001,613,424 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalCare\Firewall\GDFwSvc.exe
 PRC - [2011.05.11 11:18:59 | 000,923,144 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalCare\AVKTray\AVKTray.exe
 PRC - [2011.03.28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
 PRC - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
 PRC - [2011.03.04 19:56:12 | 000,381,448 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalCare\AVK\AVKService.exe
 PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 PRC - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
 PRC - [2010.11.20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
 PRC - [2010.02.24 10:34:36 | 000,220,944 | ---- | M] (PCTV Systems S.à r.l.) -- C:\Programme\Common Files\PCTV Systems\RemoTerm\remoterm.exe
 PRC - [2010.02.18 13:01:06 | 000,462,632 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
 PRC - [2009.12.21 17:35:18 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
 PRC - [2009.03.30 15:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfcMon.exe
 PRC - [2009.02.23 16:16:02 | 000,870,920 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
 
 
 ========== Modules (No Company Name) ==========
 
 MOD - [2011.11.09 23:52:10 | 001,989,592 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
 MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 MOD - [2010.03.15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll
 MOD - [2009.02.27 15:39:29 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
 MOD - [2003.06.07 13:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll
 
 
 ========== Win32 Services (SafeList) ==========
 
 SRV - [2011.12.02 17:58:41 | 001,045,328 | ---- | M] (Flexera Software, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
 SRV - [2011.10.28 14:43:51 | 001,498,616 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Programme\G Data\TotalCare\AVKBackup\AVKBackupService.exe -- (GDBackupSvc)
 SRV - [2011.10.28 14:36:53 | 001,506,824 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
 SRV - [2011.10.28 14:36:11 | 000,457,536 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
 SRV - [2011.10.28 02:40:14 | 001,554,184 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\G Data\TotalCare\AVK\AVKWCtl.exe -- (AVKWCtl)
 SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
 SRV - [2011.08.10 13:20:28 | 001,613,424 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files\G Data\TotalCare\Firewall\GDFwSvc.exe -- (GDFwSvc)
 SRV - [2011.06.12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
 SRV - [2011.05.20 02:40:34 | 000,960,504 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files\G Data\TotalCare\AVKTuner\AVKTunerService.exe -- (GDTunerSvc)
 SRV - [2011.03.04 19:56:12 | 000,381,448 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\G Data\TotalCare\AVK\AVKService.exe -- (AVKService)
 SRV - [2010.02.18 13:01:06 | 000,462,632 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
 SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
 SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
 SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
 SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
 ========== Driver Services (SafeList) ==========
 
 DRV - [2011.12.04 17:13:10 | 000,041,336 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\HookCentre.sys -- (HookCentre)
 DRV - [2011.12.04 17:12:50 | 000,079,992 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt)
 DRV - [2011.12.04 17:12:50 | 000,040,440 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\GDBehave.sys -- (GDBehave)
 DRV - [2011.12.04 17:12:49 | 000,054,648 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\gdwfpcd32.sys -- (gdwfpcd)
 DRV - [2011.10.17 19:12:17 | 000,030,256 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\GRD.sys -- (GRD)
 DRV - [2011.10.13 06:02:23 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
 DRV - [2011.10.10 14:14:21 | 000,084,512 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vsflt58.sys -- (vidsflt58) Acronis Disk Storage Filter (58)
 DRV - [2011.10.10 14:14:16 | 000,076,768 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\fltsrv.sys -- (fltsrv)
 DRV - [2011.10.09 20:53:56 | 000,049,016 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PktIcpt.sys -- (GDPkIcpt)
 DRV - [2011.10.09 20:52:17 | 000,029,400 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GdNetMon32.sys -- (GdNetMon)
 DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
 DRV - [2011.08.02 17:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
 DRV - [2010.11.20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
 DRV - [2010.11.20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
 DRV - [2010.11.20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
 DRV - [2010.11.20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
 DRV - [2010.11.20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
 DRV - [2010.11.20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
 DRV - [2010.11.20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
 DRV - [2010.11.20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
 DRV - [2010.11.20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
 DRV - [2009.08.24 08:14:30 | 000,044,544 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\azvusb.sys -- (azvusb)
 DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\serial.sys -- (Serial)
 DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
 DRV - [2008.11.21 21:07:00 | 007,451,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
 DRV - [2008.10.08 09:43:08 | 000,005,632 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidshim.sys -- (hidshim)
 DRV - [2008.10.08 09:43:06 | 000,022,528 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys -- (nuvotonhidgeneric)
 DRV - [2008.09.25 04:39:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
 DRV - [2007.09.24 13:46:24 | 000,433,664 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctv4XXe.sys -- (PCTV)
 DRV - [2006.11.28 15:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
 DRV - [2006.05.03 21:40:42 | 000,390,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd.sys -- (snpstd)
 DRV - [1997.06.27 05:33:00 | 000,064,512 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\sentinel.SYS -- (SENTINEL)
 
 
 ========== Standard Registry (SafeList) ==========
 
 
 ========== Internet Explorer ==========
 
 IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
 
 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
 IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 ========== FireFox ==========
 
 FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
 FF - prefs.js..network.proxy.type: 0
 
 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
 FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
 FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
 FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
 FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
 FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
 FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
 FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
 FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.09 23:52:13 | 000,000,000 | ---D | M]
 FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
 [2011.10.10 13:47:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andre\AppData\Roaming\mozilla\Extensions
 [2011.11.19 18:57:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andre\AppData\Roaming\mozilla\Firefox\Profiles\swidoxwj.default\extensions
 [2011.11.19 18:57:49 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Andre\AppData\Roaming\mozilla\Firefox\Profiles\swidoxwj.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
 [2011.12.04 17:12:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
 [2011.12.04 17:12:49 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Programme\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
 [2011.12.04 17:12:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
 [2011.12.04 17:12:49 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{906305F7-AAFC-45E9-8BBD-941950A84DAD}
 [2011.11.09 23:52:11 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
 [2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
 [2011.09.29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
 [2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
 [2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
 [2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
 [2011.09.29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
 ========== Chrome  ==========
 
 CHR - default_search_provider: Yahoo! (Enabled)
 CHR - default_search_provider: search_url = hxxp://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
 CHR - default_search_provider: suggest_url = hxxp://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
 
 O1 HOSTS File: ([2011.11.18 20:55:07 | 000,001,437 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
 O1 - Hosts: soundspectrum.com
 O1 - Hosts: 127.0.0.1 activate.adobe.com
 O1 - Hosts: 127.0.0.1 practivate.adobe.com
 O1 - Hosts: 127.0.0.1 ereg.adobe.com
 O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
 O1 - Hosts: 127.0.0.1 wip3.adobe.com
 O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
 O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
 O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
 O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
 O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
 O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
 O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
 O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
 O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
 O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
 O1 - Hosts: SoundSpectrum - artistic music visuals for your media player
 O1 - Hosts: soundspectrum.com
 O1 - Hosts: 127.0.0.1 secure.disc-soft.com
 O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\TotalCare\Webfilter\AvkWebIE.dll (G Data Software AG)
 O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
 O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
 O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
 O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
 O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
 O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)
 O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
 O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\TotalCare\Webfilter\AvkWebIE.dll (G Data Software AG)
 O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
 O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
 O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
 O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
 O4 - HKLM..\Run: []  File not found
 O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
 O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
 O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\TotalCare\AVKTray\AVKTray.exe (G Data Software AG)
 O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\TotalCare\Firewall\GDFirewallTray.exe (G Data Software AG)
 O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
 O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
 O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
 O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
 O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
 O4 - HKCU..\Run: [RemoTerm.exe] C:\Programme\Common Files\PCTV Systems\RemoTerm\remoterm.exe (PCTV Systems S.à r.l.)
 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
 O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
 O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
 O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
 O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
 O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
 O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
 O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
 O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
 O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
 O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
 O13 - gopher Prefix: missing
 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
 O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
 O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.6.1
 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0D44C06-0796-4C42-8CE4-4A97DE546AF3}: DhcpNameServer = 10.0.6.1
 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD8AF39C-FA0F-43E0-9D93-04518E4FC3D6}: DhcpNameServer = 139.7.30.126 139.7.30.125
 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0233D7D-9FEE-482E-97A0-8B92EC543B1A}: DhcpNameServer = 139.13.30.65
 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
 O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
 O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
 O20 - AppInit_DLLs: (acaptuser32.dll) -C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated)
 O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
 O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
 O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
 O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
 O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
 O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
 O32 - HKLM CDRom: AutoRun - 1
 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
 O33 - MountPoints2\F\Shell - "" = AutoRun
 O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SETUP.EXE
 O33 - MountPoints2\F\Shell\configure\command - "" = F:\SETUP.EXE
 O33 - MountPoints2\F\Shell\install\command - "" = F:\SETUP.EXE
 O34 - HKLM BootExecute: (autocheck autochk *)
 O35 - HKLM\..comfile [open] -- "%1" %*
 O35 - HKLM\..exefile [open] -- "%1" %*
 O37 - HKLM\...com [@ = comfile] -- "%1" %*
 O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
 ActiveX: {121374FD-01EE-0AC9-DD20-60E7DEF850C1} - Java (Sun)
 ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
 ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
 ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
 ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
 ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
 ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
 ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
 ActiveX: {5743D567-BDBC-2C9C-C4A3-B904A1F67D3E} - Internet Explorer
 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
 ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
 ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
 ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
 ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
 ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
 ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
 ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
 ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
 ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
 ActiveX: {DBC83924-8347-F086-E863-33FD0165B938} - Internet Explorer
 ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
 ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
 ActiveX: {F1274DDC-9028-C55E-E069-D0DCD93C79A3} - Browser Customizations
 ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
 ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 NetSvcs: FastUserSwitchingCompatibility -  File not found
 NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
 NetSvcs: Nla -  File not found
 NetSvcs: Ntmssvc -  File not found
 NetSvcs: NWCWorkstation -  File not found
 NetSvcs: Nwsapagent -  File not found
 NetSvcs: SRService -  File not found
 NetSvcs: WmdmPmSp -  File not found
 NetSvcs: LogonHours -  File not found
 NetSvcs: PCAudit -  File not found
 NetSvcs: helpsvc -  File not found
 NetSvcs: uploadmgr -  File not found
 
 MsConfig - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
 MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
 MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
 MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
 MsConfig - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
 MsConfig - StartUpReg: Connectify - hkey= - key= -  File not found
 MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
 MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
 MsConfig - StartUpReg: NBAgent - hkey= - key= - C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
 MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
 MsConfig - StartUpReg: snpstd - hkey= - key= - C:\Windows\vsnpstd.exe ()
 MsConfig - State: "startup" - 2
 
 CREATERESTOREPOINT
 Restore point Set: OTL Restore Point
 
 ========== Files/Folders - Created Within 30 Days ==========
 
 [2011.12.04 20:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
 [2011.12.04 20:30:37 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\E8D0C297-324A-4218-B5B8-6BA8D5D27442
 [2011.12.04 20:30:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
 [2011.12.04 19:45:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Andre\Desktop\OTL.exe
 [2011.12.04 17:45:43 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\Malwarebytes
 [2011.12.04 17:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
 [2011.12.04 17:45:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
 [2011.12.04 17:45:24 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 [2011.12.04 17:45:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
 [2011.12.04 17:23:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
 [2011.12.04 17:16:04 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{B709CB73-FC67-462E-A7E8-F7B136327677}
 [2011.12.04 15:50:04 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{E6A3128D-37EE-4796-85EE-F9C6C5658F47}
 [2011.12.02 17:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Enfocus
 [2011.12.02 17:57:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Enfocus Software
 [2011.12.02 17:00:31 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\SettingsConfigurator
 [2011.12.02 17:00:30 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\Enfocus Prefs Folder
 [2011.12.02 17:00:26 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\PitStop Extreme
 [2011.12.02 17:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Enfocus Prefs Folder
 [2011.12.02 17:00:24 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\EskoArtwork
 [2011.12.02 16:55:23 | 000,000,000 | ---D | C] -- C:\Program Files\Enfocus
 [2011.11.30 21:15:08 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\IHS_Fairplay
 [2011.11.30 18:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ports and Terminals Guide 2011
 [2011.11.30 18:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\IHS
 [2011.11.30 18:34:49 | 000,000,000 | ---D | C] -- C:\Program Files\IHS
 [2011.11.29 20:56:08 | 000,000,000 | ---D | C] -- C:\Users\Andre\Documents\StreamTransport
 [2011.11.29 19:23:22 | 000,000,000 | ---D | C] -- C:\Users\Andre\Application Data
 [2011.11.29 17:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTransport
 [2011.11.29 17:12:57 | 000,000,000 | ---D | C] -- C:\Program Files\StreamTransport
 [2011.11.28 21:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\TryEcdis
 [2011.11.21 10:20:01 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\redsn0w
 [2011.11.20 19:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NauticTools
 [2011.11.20 19:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\NauticTools
 [2011.11.20 19:09:27 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NauticTools
 [2011.11.19 20:27:29 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\DivX
 [2011.11.19 18:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
 [2011.11.19 18:57:04 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\Conduit
 [2011.11.19 18:57:03 | 000,000,000 | ---D | C] -- C:\Program Files\Winload
 [2011.11.19 18:16:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\desktop-education-icons ico
 [2011.11.19 17:51:58 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\Hulubulu
 [2011.11.19 17:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Renamer
 [2011.11.19 17:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced Renamer
 [2011.11.19 13:46:44 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TryEcdis
 [2011.11.19 11:04:14 | 000,000,000 | ---D | C] -- C:\Program Files\Launch Manager
 [2011.11.19 10:51:15 | 000,347,656 | ---- | C] (Dritek System Inc.) -- C:\Windows\UNINST32.EXE
 [2011.11.18 22:15:29 | 000,000,000 | ---D | C] -- C:\Users\Andre\Desktop\Programme Nautikstudium
 [2011.11.18 20:55:22 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\SoundSpectrum
 [2011.11.18 20:52:19 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhiteCap
 [2011.11.18 20:52:16 | 000,000,000 | ---D | C] -- C:\Program Files\SoundSpectrum
 [2011.11.17 19:04:09 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\Skype
 [2011.11.17 19:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
 [2011.11.17 19:03:47 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
 [2011.11.17 19:03:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
 [2011.11.16 18:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tsunamis '99
 [2011.11.16 18:43:15 | 000,377,624 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\System32\sstbars.ocx
 [2011.11.16 18:43:15 | 000,324,376 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\System32\SSTree.ocx
 [2011.11.16 18:43:15 | 000,305,432 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\System32\Threed20.ocx
 [2011.11.16 18:43:15 | 000,154,392 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\System32\Splitter.ocx
 [2011.11.16 18:43:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\RNBOSENT
 [2011.11.16 18:43:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Transas Shared
 [2011.11.16 18:43:09 | 000,000,000 | ---D | C] -- C:\Program Files\Transas
 [2011.11.16 18:43:07 | 000,000,000 | ---D | C] -- C:\tcwf
 [2011.11.14 07:01:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
 [2011.11.13 16:04:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Radarplot
 [2011.11.13 16:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\Radarplot
 [2011.11.13 14:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Morsetrainer
 [2011.11.13 14:54:54 | 000,000,000 | ---D | C] -- C:\Program Files\Projekt1
 [2011.11.13 13:04:00 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\Buhl Data Service
 [2011.11.13 13:03:22 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\Buhl Data Service
 [2011.11.13 13:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\DataDesign
 [2011.11.13 13:01:57 | 000,000,000 | ---D | C] -- C:\Program Files\Letstrade
 [2011.11.13 13:01:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Buhl Data Service
 [2011.11.13 12:58:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH
 [2011.11.13 09:41:42 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{6B250D70-6AF2-41DD-8DDA-C311F8251671}
 [2011.11.12 18:58:26 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{8229848E-3E51-4DD7-A87C-111FFB948731}
 [2011.11.11 06:51:59 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{138CF936-9A7B-4DE4-A6B1-AEEB31AD6029}
 [2011.11.10 18:54:25 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{74AE5361-8FFF-43C2-B539-63410C5DEA99}
 [2011.11.10 06:50:02 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{FB2F801E-59BA-4F5B-85A5-3A0C91DFE26D}
 [2011.11.09 08:32:27 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\ElevatedDiagnostics
 [2011.11.09 08:05:58 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{8D428A37-7593-48DD-AB09-3DD7EA5A6556}
 [2011.11.08 19:27:46 | 000,000,000 | R--D | C] -- C:\Users\Andre\AppData\Roaming\Brother
 [2011.11.08 19:26:21 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{8E2D89D0-B857-44F8-8402-0E01CC521A9A}
 [2011.11.08 19:20:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
 [2011.11.08 19:19:53 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BroSNMP.dll
 [2011.11.08 19:19:53 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2L.dll
 [2011.11.08 19:19:52 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2.dll
 [2011.11.08 19:19:52 | 000,012,288 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2S.dll
 [2011.11.08 19:19:51 | 001,534,464 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrWia09b.dll
 [2011.11.08 19:19:51 | 000,053,760 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrUsi09a.dll
 [2011.11.08 19:19:45 | 000,167,936 | ---- | C] (brother) -- C:\Windows\System32\NSSearch.dll
 [2011.11.08 19:19:45 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
 [2011.11.08 19:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
 [2011.11.08 19:18:35 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\InstallShield
 [2011.11.08 17:56:01 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{FE2DBC82-55B3-4F02-B14D-AE07FD74D59B}
 [2011.11.08 08:06:06 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{1EE1BDCD-38AF-491F-B5DD-13B3DFEC8C31}
 [2011.11.07 18:00:32 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{CC27D423-F93A-41CB-9E08-97BDA8C24387}
 [2011.11.07 13:47:29 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{4A4132D7-8671-439E-95EF-A194BF6543D2}
 [2011.11.07 06:53:01 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{9B50E46A-2710-4AD2-B652-499788427C9A}
 [2011.11.06 09:14:21 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{949D6187-D988-49E6-8532-CBF5B5BC92F9}
 [2011.11.05 19:10:07 | 000,000,000 | ---D | C] -- C:\Users\Andre\Desktop\Von Desktop
 [2011.11.05 14:26:08 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
 [2011.11.05 14:15:01 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{F5C09B98-9B59-4414-AE1E-33BD1874EC34}
 [2011.11.05 14:14:46 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{42E789F4-0D51-4BB7-B2FD-FA3560BAF199}
 [2011.11.05 14:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\Connectify
 [2011.11.05 13:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Connectify
 [2011.11.05 13:53:10 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{E1B963D2-E5BE-4FA5-9053-1AC6136B6D90}
 [2011.11.05 12:55:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
 [2011.11.05 12:53:19 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{1284736E-99DF-4AAF-A9E2-AB161162DD33}
 [2011.11.05 12:25:11 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{C60E59FB-44D4-43F0-AD72-C9171557E39A}
 [2011.11.05 11:29:13 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\Apple Computer
 [2011.11.05 11:29:13 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\Apple Computer
 [2011.11.05 11:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
 [2011.11.05 11:29:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
 [2011.11.05 11:27:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
 [2011.11.05 11:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
 [2011.11.05 11:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
 [2011.11.05 11:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
 [2011.11.05 11:27:20 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\Apple
 [2011.11.05 11:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
 [2011.11.05 11:25:51 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
 [2011.11.05 11:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
 [2011.11.05 11:25:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
 [2011.11.05 10:30:14 | 000,000,000 | ---D | C] -- C:\Users\Andre\Documents\Outlook-Dateien
 [2011.11.05 09:53:03 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{B8564540-A093-490E-BFD2-0AB248715ABC}
 [2011.11.05 09:37:54 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{435117A1-65BD-4AC0-A3AE-9D08FFDCB377}
 [2011.11.05 09:35:03 | 000,027,248 | ---- | C] (Connectify) -- C:\Windows\System32\drivers\cnnctfy2.sys
 [2011.11.05 09:27:28 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\Diagnostics
 [2011.11.05 09:21:26 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{4BE12525-2643-4B28-968B-D0851E6ED8E1}
 [2011.11.05 09:18:41 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\Chris_Pietschmann_(http__
 [2011.11.05 09:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual Router
 [2011.11.05 08:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP
 [2011.11.05 08:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
 [2011.11.05 08:27:59 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{9986D621-7390-4CED-9A97-61B054080621}
 [2011.10.20 16:14:09 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd.dll
 [2011.10.20 16:14:08 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\csnpstd.dll
 [2005.04.20 23:16:28 | 000,036,864 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd.dll
 
 ========== Files - Modified Within 30 Days ==========
 
 [2011.12.04 20:49:48 | 000,000,020 | ---- | M] () -- C:\Users\Andre\defogger_reenable
 [2011.12.04 20:48:24 | 000,050,477 | ---- | M] () -- C:\Users\Andre\Desktop\Defogger.exe
 [2011.12.04 20:46:40 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
 [2011.12.04 20:41:42 | 000,021,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
 [2011.12.04 20:41:42 | 000,021,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
 [2011.12.04 20:34:28 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
 [2011.12.04 20:34:27 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
 [2011.12.04 20:34:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
 [2011.12.04 20:34:08 | 2411,888,640 | -HS- | M] () -- C:\hiberfil.sys
 [2011.12.04 20:12:18 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
 [2011.12.04 19:56:59 | 000,476,427 | ---- | M] () -- C:\Windows\System32\sig.bin
 [2011.12.04 19:56:59 | 000,034,700 | ---- | M] () -- C:\Windows\System32\nmp.map
 [2011.12.04 19:46:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andre\Desktop\OTL.exe
 [2011.12.04 17:45:31 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
 [2011.12.04 17:13:10 | 000,041,336 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys
 [2011.12.04 17:12:50 | 000,079,992 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
 [2011.12.04 17:12:50 | 000,040,440 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
 [2011.12.04 17:12:49 | 000,054,648 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
 [2011.12.04 09:05:39 | 000,696,416 | ---- | M] () -- C:\Windows\System32\perfh007.dat
 [2011.12.04 09:05:39 | 000,651,694 | ---- | M] () -- C:\Windows\System32\perfh009.dat
 [2011.12.04 09:05:39 | 000,147,680 | ---- | M] () -- C:\Windows\System32\perfc007.dat
 [2011.12.04 09:05:39 | 000,120,626 | ---- | M] () -- C:\Windows\System32\perfc009.dat
 [2011.12.02 22:40:36 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
 [2011.12.02 17:35:13 | 004,780,637 | ---- | M] () -- C:\Users\Andre\Desktop\admiralty-list-of-radio-sig....pdf
 [2011.11.30 19:44:37 | 000,180,040 | ---- | M] () -- C:\Users\Andre\Desktop\pruefungsplan_ws11.pdf
 [2011.11.29 21:34:28 | 181,998,082 | ---- | M] () -- C:\Users\Andre\Documents\Die Jet-Setter in Dubai  Teil 1 von 3  Die Geissens  Video  RTL2 Mediathek.flv
 [2011.11.29 21:20:23 | 074,995,025 | ---- | M] () -- C:\Users\Andre\Documents\Die Jet-Setter in Dubai  Teil 2 von 3  Die Geissens  Video  RTL2 Mediathek.flv
 [2011.11.29 20:56:24 | 048,854,468 | ---- | M] () -- C:\Users\Andre\Desktop\Deckblatt Funktecnische Reiseplanung.psd
 [2011.11.29 19:33:11 | 026,870,498 | ---- | M] () -- C:\Users\Andre\Documents\Die Jet-Setter in Dubai  Teil 3 von 3  Die Geissens  Video  RTL2 Mediathek.flv
 [2011.11.29 19:03:26 | 019,065,830 | ---- | M] () -- C:\Users\Andre\Desktop\NASE SHIPPING bearbeitet.psd
 [2011.11.29 18:55:17 | 019,090,195 | ---- | M] () -- C:\Users\Andre\Desktop\NASE SHIPPING.psd
 [2011.11.29 18:31:50 | 000,027,711 | ---- | M] () -- C:\Users\Andre\Desktop\Alam Sakti.pdf
 [2011.11.29 18:28:59 | 002,219,032 | ---- | M] () -- C:\Users\Andre\Desktop\IkanJebuh.jpg
 [2011.11.29 18:02:51 | 138,624,299 | ---- | M] () -- C:\Users\Andre\Documents\Die Jet-Setter in Athen  Teil 2 von 3  Die Geissens  Video  RTL2 Mediathek.flv
 [2011.11.29 17:34:58 | 060,803,562 | ---- | M] () -- C:\Users\Andre\Documents\Die Jet-Setter in Athen  Teil 1 von 3  Die Geissens  Video  RTL2 Mediathek.flv
 [2011.11.29 17:24:47 | 017,072,489 | ---- | M] () -- C:\Users\Andre\Documents\Die Jet-Setter in Athen  Teil 3 von 3  Die Geissens  Video  RTL2 Mediathek.flv
 [2011.11.28 21:14:01 | 000,001,907 | ---- | M] () -- C:\Users\Public\Desktop\TryEcdis!.lnk
 [2011.11.24 11:12:05 | 001,070,918 | ---- | M] () -- C:\Users\Andre\Desktop\Deckblatt Bürokauffrau.jpg
 [2011.11.22 20:31:00 | 000,097,766 | ---- | M] () -- C:\Users\Andre\Desktop\Screenshot Single Turn POB.jpg
 [2011.11.21 10:17:03 | 014,188,871 | ---- | M] () -- C:\Users\Andre\Desktop\Screenshots ECDIS.psd
 [2011.11.20 19:09:52 | 000,001,005 | ---- | M] () -- C:\Users\Andre\Desktop\NauticTools.lnk
 [2011.11.19 11:04:17 | 000,000,083 | ---- | M] () -- C:\Windows\LManager.UNI
 [2011.11.18 22:18:58 | 000,000,000 | ---- | M] () -- C:\Windows\Setup.INI
 [2011.11.15 20:00:23 | 000,000,065 | ---- | M] () -- C:\Users\Andre\.radarplot
 [2011.11.15 20:00:02 | 000,000,000 | ---- | M] () -- C:\Users\Andre\.gtk-bookmarks
 [2011.11.15 16:28:50 | 001,610,977 | ---- | M] () -- C:\Users\Andre\Desktop\SCAN0013.PDF
 [2011.11.10 06:48:37 | 002,337,504 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 [2011.11.08 19:20:50 | 000,000,050 | ---- | M] () -- C:\Windows\System32\bridf07a.dat
 [2011.11.08 19:20:47 | 000,000,425 | ---- | M] () -- C:\Windows\BRWMARK.INI
 [2011.11.08 19:20:47 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
 [2011.11.06 21:29:12 | 000,038,251 | ---- | M] () -- C:\Users\Andre\AppData\Roaming\Microsoft Excel 97-2003.ADR
 [2011.11.05 14:26:03 | 289,358,270 | ---- | M] () -- C:\Windows\MEMORY.DMP
 [2011.11.05 14:21:38 | 000,000,600 | ---- | M] () -- C:\Users\Andre\AppData\Roaming\winscp.rnd
 [2011.11.05 09:35:03 | 000,027,248 | ---- | M] (Connectify) -- C:\Windows\System32\drivers\cnnctfy2.sys
 
 ========== Files Created - No Company Name ==========
 
 [2011.12.04 20:48:58 | 000,000,020 | ---- | C] () -- C:\Users\Andre\defogger_reenable
 [2011.12.04 20:48:23 | 000,050,477 | ---- | C] () -- C:\Users\Andre\Desktop\Defogger.exe
 [2011.12.04 17:45:31 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
 [2011.12.02 22:40:36 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
 [2011.12.02 17:34:30 | 004,780,637 | ---- | C] () -- C:\Users\Andre\Desktop\admiralty-list-of-radio-sig....pdf
 [2011.12.02 16:56:08 | 000,000,196 | ---- | C] () -- C:\Users\Andre\AppData\Roaming\PitStop Extreme Prefs
 [2011.11.30 19:44:37 | 000,180,040 | ---- | C] () -- C:\Users\Andre\Desktop\pruefungsplan_ws11.pdf
 [2011.11.29 20:59:06 | 074,995,025 | ---- | C] () -- C:\Users\Andre\Documents\Die Jet-Setter in Dubai  Teil 2 von 3  Die Geissens  Video  RTL2 Mediathek.flv
 [2011.11.29 20:58:05 | 181,998,082 | ---- | C] () -- C:\Users\Andre\Documents\Die Jet-Setter in Dubai  Teil 1 von 3  Die Geissens  Video  RTL2 Mediathek.flv
 [2011.11.29 19:22:00 | 026,870,498 | ---- | C] () -- C:\Users\Andre\Documents\Die Jet-Setter in Dubai  Teil 3 von 3  Die Geissens  Video  RTL2 Mediathek.flv
 [2011.11.29 19:05:41 | 048,854,468 | ---- | C] () -- C:\Users\Andre\Desktop\Deckblatt Funktecnische Reiseplanung.psd
 [2011.11.29 19:03:24 | 019,065,830 | ---- | C] () -- C:\Users\Andre\Desktop\NASE SHIPPING bearbeitet.psd
 [2011.11.29 18:43:16 | 019,090,195 | ---- | C] () -- C:\Users\Andre\Desktop\NASE SHIPPING.psd
 [2011.11.29 18:31:50 | 000,027,711 | ---- | C] () -- C:\Users\Andre\Desktop\Alam Sakti.pdf
 [2011.11.29 18:28:57 | 002,219,032 | ---- | C] () -- C:\Users\Andre\Desktop\IkanJebuh.jpg
 [2011.11.29 17:36:25 | 138,624,299 | ---- | C] () -- C:\Users\Andre\Documents\Die Jet-Setter in Athen  Teil 2 von 3  Die Geissens  Video  RTL2 Mediathek.flv
 [2011.11.29 17:17:08 | 017,072,489 | ---- | C] () -- C:\Users\Andre\Documents\Die Jet-Setter in Athen  Teil 3 von 3  Die Geissens  Video  RTL2 Mediathek.flv
 [2011.11.29 17:15:17 | 060,803,562 | ---- | C] () -- C:\Users\Andre\Documents\Die Jet-Setter in Athen  Teil 1 von 3  Die Geissens  Video  RTL2 Mediathek.flv
 [2011.11.28 21:14:01 | 000,001,907 | ---- | C] () -- C:\Users\Public\Desktop\TryEcdis!.lnk
 [2011.11.24 11:11:57 | 001,070,918 | ---- | C] () -- C:\Users\Andre\Desktop\Deckblatt Bürokauffrau.jpg
 [2011.11.22 20:30:52 | 000,097,766 | ---- | C] () -- C:\Users\Andre\Desktop\Screenshot Single Turn POB.jpg
 [2011.11.20 19:09:27 | 000,001,005 | ---- | C] () -- C:\Users\Andre\Desktop\NauticTools.lnk
 [2011.11.20 15:32:04 | 014,188,871 | ---- | C] () -- C:\Users\Andre\Desktop\Screenshots ECDIS.psd
 [2011.11.19 10:52:39 | 000,000,083 | ---- | C] () -- C:\Windows\LManager.UNI
 [2011.11.18 22:18:58 | 000,000,000 | ---- | C] () -- C:\Windows\Setup.INI
 [2011.11.16 18:43:16 | 000,209,672 | ---- | C] () -- C:\Windows\System32\VsVIEW3.ocx
 [2011.11.16 18:43:15 | 000,064,512 | ---- | C] () -- C:\Windows\System32\drivers\sentinel.SYS
 [2011.11.16 18:43:15 | 000,052,736 | ---- | C] () -- C:\Windows\System32\drivers\Ssipddp.sys
 [2011.11.16 18:43:15 | 000,047,616 | ---- | C] () -- C:\Windows\System32\drivers\Ssipddpm.sys
 [2011.11.16 18:43:15 | 000,040,601 | ---- | C] () -- C:\Windows\System32\Ssiact.386
 [2011.11.16 18:43:14 | 000,064,868 | ---- | C] () -- C:\Windows\System32\Sentinel.vxd
 [2011.11.15 20:00:23 | 000,000,065 | ---- | C] () -- C:\Users\Andre\.radarplot
 [2011.11.13 18:52:23 | 000,000,000 | ---- | C] () -- C:\Users\Andre\.gtk-bookmarks
 [2011.11.08 19:20:50 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat
 [2011.11.08 19:20:47 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
 [2011.11.08 19:20:47 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
 [2011.11.05 14:26:03 | 289,358,270 | ---- | C] () -- C:\Windows\MEMORY.DMP
 [2011.11.05 11:27:17 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
 [2011.11.05 10:31:14 | 000,038,251 | ---- | C] () -- C:\Users\Andre\AppData\Roaming\Microsoft Excel 97-2003.ADR
 [2011.11.05 08:37:34 | 000,000,600 | ---- | C] () -- C:\Users\Andre\AppData\Roaming\winscp.rnd
 [2011.10.20 16:14:31 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dsnpstd.dll
 [2011.10.20 16:14:31 | 000,015,541 | ---- | C] () -- C:\Windows\snpstd.ini
 [2011.10.10 12:12:37 | 000,476,427 | ---- | C] () -- C:\Windows\System32\sig.bin
 [2011.04.12 02:30:05 | 000,696,416 | ---- | C] () -- C:\Windows\System32\perfh007.dat
 [2011.04.12 02:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
 [2011.04.12 02:30:05 | 000,147,680 | ---- | C] () -- C:\Windows\System32\perfc007.dat
 [2011.04.12 02:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
 [2010.11.20 22:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
 [2010.01.18 12:42:06 | 000,034,666 | ---- | C] () -- C:\Windows\Irremote.ini
 [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
 [2009.07.14 05:33:53 | 002,337,504 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
 [2009.07.14 03:05:48 | 000,651,694 | ---- | C] () -- C:\Windows\System32\perfh009.dat
 [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
 [2009.07.14 03:05:48 | 000,120,626 | ---- | C] () -- C:\Windows\System32\perfc009.dat
 [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
 [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
 [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
 [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
 [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
 [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 [2007.09.06 01:01:22 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
 [2007.08.23 17:55:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
 [2006.05.03 21:40:42 | 000,390,784 | ---- | C] () -- C:\Windows\System32\drivers\snpstd.sys
 [2005.10.11 19:54:48 | 000,339,968 | ---- | C] () -- C:\Windows\vsnpstd.exe
 [2005.02.02 01:29:12 | 000,020,480 | ---- | C] () -- C:\Windows\usnpstd.exe
 [2002.07.24 03:52:36 | 000,032,768 | ---- | C] () -- C:\Windows\System32\inpout32.dll
 
 ========== LOP Check ==========
 
 [2011.10.10 14:14:35 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\7508E511-E65F-4F2E-B4BF-BE92A47D0E5F
 [2011.10.10 14:21:03 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\Acronis
 [2011.11.19 19:44:21 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\AllDup
 [2011.11.13 13:04:00 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\Buhl Data Service
 [2011.10.12 22:15:32 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\DAEMON Tools Lite
 [2011.10.13 06:33:00 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\DAEMON Tools Pro
 [2011.12.04 20:30:40 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\E8D0C297-324A-4218-B5B8-6BA8D5D27442
 [2011.12.02 18:03:16 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\Enfocus Prefs Folder
 [2011.12.02 17:00:30 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\EskoArtwork
 [2011.11.19 17:51:58 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\Hulubulu
 [2011.12.02 18:03:03 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\PitStop Extreme
 [2011.11.21 10:20:01 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\redsn0w
 [2011.11.18 20:56:38 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\SoundSpectrum
 [2011.12.04 20:34:27 | 000,000,264 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
 [2009.07.14 05:53:46 | 000,030,368 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
 ========== Purity Check ==========
 
 
 
 ========== Custom Scans ==========
 
 
 < %SYSTEMDRIVE%\*. >
 [2011.01.01 19:51:32 | 000,000,000 | -HSD | M] -- C:\#GDATA.Trash.Store#
 [2011.11.14 07:01:28 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
 [2011.01.01 13:00:48 | 000,000,000 | ---D | M] -- C:\Acer
 [2011.01.01 21:33:25 | 000,000,000 | ---D | M] -- C:\Book
 [2011.10.06 18:49:01 | 000,000,000 | -HSD | M] -- C:\Boot
 [2011.01.01 13:12:11 | 000,000,000 | ---D | M] -- C:\CLSetup
 [2011.12.04 20:33:51 | 000,000,000 | -HSD | M] -- C:\Config.Msi
 [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
 [2011.01.01 12:56:53 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
 [2009.01.23 04:52:21 | 000,000,000 | ---D | M] -- C:\Elements
 [2008.11.11 04:39:10 | 000,000,000 | ---D | M] -- C:\Intel
 [2011.10.20 16:12:55 | 000,000,000 | ---D | M] -- C:\Medion
 [2011.01.01 20:07:50 | 000,000,000 | RH-D | M] -- C:\MSOCache
 [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
 [2011.12.04 20:33:51 | 000,000,000 | R--D | M] -- C:\Program Files
 [2011.12.04 20:31:12 | 000,000,000 | -H-D | M] -- C:\ProgramData
 [2011.01.01 12:56:53 | 000,000,000 | -HSD | M] -- C:\Programme
 [2011.10.06 19:13:34 | 000,000,000 | -HSD | M] -- C:\Recovery
 [2011.12.04 20:56:00 | 000,000,000 | -HSD | M] -- C:\System Volume Information
 [2011.11.16 18:43:07 | 000,000,000 | ---D | M] -- C:\tcwf
 [2011.10.13 09:19:45 | 000,000,000 | ---D | M] -- C:\Temp
 [2011.10.09 21:02:06 | 000,000,000 | R--D | M] -- C:\Users
 [2011.12.02 23:17:33 | 000,000,000 | ---D | M] -- C:\Windows
 
 < %PROGRAMFILES%\*.exe >
 
 < %LOCALAPPDATA%\*.exe >
 
 < %systemroot%\*. /mp /s >
 
 < %systemroot%\system32\*.manifest /3 >
 
 
 < MD5 for: AFD.SYS  >
 [2010.11.20 22:29:19 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
 [2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\System32\drivers\afd.sys
 [2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
 [2011.04.25 04:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
 
 < MD5 for: EXPLORER.EXE  >
 [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
 [2010.11.20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
 [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
 [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
 
 < MD5 for: REGEDIT.EXE  >
 [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
 [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
 < MD5 for: USERINIT.EXE  >
 [2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
 [2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
 
 < MD5 for: WININIT.EXE  >
 [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
 [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
 < MD5 for: WINLOGON.EXE  >
 [2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
 [2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
 
 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-02 16:02:51
 
 < End of report >
 --- --- ---  |