Webseiten von Microsoft, Avira etc. nicht mehr aufrufbar

OTL logfile created on: 20.06.2012 09:08:31 - Run 2
OTL by OldTimer - Version 3.2.44.0     Folder = C:\Users\xxx\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 62,57% Memory free
5,99 Gb Paging File | 4,74 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,71 Gb Total Space | 326,56 Gb Free Space | 71,66% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 9,92 Gb Free Space | 99,23% Space Free | Partition Type: NTFS
 
Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.29 17:39:44 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
PRC - [2012.05.28 15:06:18 | 000,867,080 | ---- | M] (Acresso Software Inc.) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.09.29 16:19:26 | 000,020,880 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011.09.29 16:19:16 | 003,508,112 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011.07.07 08:16:04 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.03.28 21:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.03.28 16:15:17 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 16:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.09.15 11:11:22 | 000,339,312 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Programme\Common Files\Lexware\Update Manager\LxUpdateManager.exe
PRC - [2010.06.17 21:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2010.05.11 06:06:40 | 001,885,512 | ---- | M] (Sanford, L.P.) -- C:\Programme\DYMO\DYMO Label Software\DymoQuickPrint.exe
PRC - [2010.05.11 05:53:16 | 000,055,808 | ---- | M] (Sanford, L.P.) -- C:\Programme\DYMO\DYMO Label Software\DLSService.exe
PRC - [2010.04.23 16:20:36 | 001,670,144 | ---- | M] (ESRI) -- C:\Programme\ArcGIS\License10.0\bin\ARCGIS.exe
PRC - [2009.08.18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2008.11.06 00:59:50 | 001,500,424 | ---- | M] (Acresso Software Inc.) -- C:\Programme\ArcGIS\License10.0\bin\lmgrd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.12 10:55:10 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll
MOD - [2012.05.12 10:53:45 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\65f0d70169a0e73b45307dddbd86f92b\System.Runtime.Remoting.ni.dll
MOD - [2012.05.12 10:53:38 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
MOD - [2012.05.11 20:35:34 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\041b1bcf6ae9ab58925791d8198c37e2\PresentationFramework.ni.dll
MOD - [2012.05.11 20:35:19 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a1de74c8d0dfd15e3246e5dd394013bf\PresentationCore.ni.dll
MOD - [2012.05.11 20:35:10 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\4b7adff986a085bb562222d0c5fdf5aa\WindowsBase.ni.dll
MOD - [2012.05.11 20:35:08 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll
MOD - [2012.05.11 20:32:54 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9ee9841d9e33fe5dceba4cd7d90f2ae0\System.Windows.Forms.ni.dll
MOD - [2012.05.11 20:32:51 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012.05.11 20:32:48 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012.05.11 20:32:45 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\03b5233f1511f5fdb39eb681b04e5506\System.Drawing.ni.dll
MOD - [2012.05.11 20:32:43 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012.05.11 20:32:37 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2012.02.15 17:04:18 | 000,593,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\a717cdb44ec0d3238c621efa420a9956\System.Messaging.ni.dll
MOD - [2012.02.15 14:25:10 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll
MOD - [2012.02.15 14:24:56 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
MOD - [2012.02.15 14:24:38 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
MOD - [2012.02.15 14:24:22 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012.02.15 14:24:14 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012.02.15 14:24:11 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
MOD - [2012.02.15 14:24:00 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012.02.15 14:23:55 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012.02.15 14:23:51 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012.02.15 14:23:50 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011.12.30 20:15:03 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.12.29 18:20:24 | 000,115,137 | ---- | M] () -- C:\Users\xxx\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll
MOD - [2011.09.29 16:19:26 | 000,020,880 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.05.11 05:52:30 | 000,094,208 | ---- | M] () -- C:\Programme\DYMO\DYMO Label Software\DYMO.Common.dll
MOD - [2006.12.10 21:51:08 | 000,077,824 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006.12.10 21:51:08 | 000,065,536 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmlparse.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2012.06.18 11:13:20 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.28 15:06:18 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.07.07 08:16:04 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.11.20 23:29:48 | 000,128,848 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010.11.20 23:29:32 | 000,068,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2009.07.14 03:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.11.06 00:59:50 | 001,500,424 | ---- | M] (Acresso Software Inc.) [Auto | Running] -- C:\Programme\ArcGIS\License10.0\bin\lmgrd.exe -- (ArcGIS License Manager)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.07.07 08:16:04 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.07 08:16:04 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 23:29:12 | 000,246,784 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 03:20:28 | 000,022,096 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk)
DRV - [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2009.07.14 01:11:15 | 000,070,656 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs)
DRV - [2009.07.14 00:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3501483959-2219181981-1860870347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKU\S-1-5-21-3501483959-2219181981-1860870347-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3501483959-2219181981-1860870347-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-3501483959-2219181981-1860870347-1000\..\SearchScopes,DefaultScope = {2279C29F-823D-4444-815A-CF161E9B6251}
IE - HKU\S-1-5-21-3501483959-2219181981-1860870347-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3501483959-2219181981-1860870347-1000\..\SearchScopes\{2279C29F-823D-4444-815A-CF161E9B6251}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3501483959-2219181981-1860870347-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-3501483959-2219181981-1860870347-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3501483959-2219181981-1860870347-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 11:13:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.05.01 10:08:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions
[2012.05.02 12:56:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\ft2iwcdl.default\extensions
[2012.03.29 20:13:09 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\ft2iwcdl.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.06.15 16:38:49 | 000,000,950 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ft2iwcdl.default\searchplugins\icqplugin-1.xml
[2011.11.06 12:45:18 | 000,001,056 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\ft2iwcdl.default\searchplugins\icqplugin.xml
[2012.01.09 11:55:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.18 11:13:21 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.18 11:13:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.18 11:13:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.18 11:13:19 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.18 11:13:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.18 11:13:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.18 11:13:19 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Programme\icq\Internet Explorer\icq.dll (solute gmbh)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DLSService] C:\Program Files\DYMO\DYMO Label Software\DLSService.exe (Sanford, L.P.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-3501483959-2219181981-1860870347-1000..\Run: [Cixyi] C:\Users\xxx\AppData\Roaming\Xoyz\olow.exe ()
O4 - HKU\S-1-5-21-3501483959-2219181981-1860870347-1000..\Run: [DymoQuickPrint] C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sanford, L.P.)
O4 - HKU\S-1-5-21-3501483959-2219181981-1860870347-1000..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5759352-0A3C-4DF4-B67E-99428EFF0E84}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9aba0abc-3230-11e1-b5d3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9aba0abc-3230-11e1-b5d3-806e6f6e6963}\Shell\AutoRun\command - "" = F:\ESRI.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.20 09:03:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{26E4F382-CB56-4279-89AE-4CE46E6B5446}
[2012.06.20 09:02:38 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{D93A105D-3A4C-4C91-9DB9-206B0BFC705D}
[2012.06.19 13:10:43 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{6411389A-7957-44C3-9507-326168C6AAEE}
[2012.06.19 13:10:33 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{0288AD2F-BD63-4F7C-BB1E-88A9FFB8196B}
[2012.06.19 13:06:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{0980F83C-70E5-41CA-A5DE-5F3E6AFB7332}
[2012.06.19 13:06:27 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{E5602BB3-69F5-4A69-9F9C-41310802AFBC}
[2012.06.19 13:06:02 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{F924D841-6367-4AAB-A70E-D7C75BD443ED}
[2012.06.19 13:05:16 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{93761219-AA5F-4A08-86FA-3BDF80B193C6}
[2012.06.19 13:04:55 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{7C55003F-DBE2-496F-9CCB-B883243B39B7}
[2012.06.19 10:17:15 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.19 09:07:36 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{4950116A-F6F2-4EA7-BC89-83AEA94F7B44}
[2012.06.19 09:07:09 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{B01EED93-C734-4ED4-826D-96F565B8670C}
[2012.06.18 11:13:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.06.18 11:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.06.18 09:24:55 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes
[2012.06.18 09:24:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.18 09:24:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.18 09:24:47 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.18 09:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.18 09:16:18 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{C7262CF4-1679-4BFE-8955-4F9655D455A7}
[2012.06.17 10:27:48 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{589C032A-7F0E-447B-9B6B-0DDB7DE25745}
[2012.06.16 08:49:50 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{22765BD8-042C-42FE-B6C5-8589540C977E}
[2012.06.15 15:03:52 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{F38108E2-0130-4648-9F83-84A106677404}
[2012.06.14 21:30:38 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{A8972D7C-71BC-4DFD-9796-6A4461BF423C}
[2012.06.14 21:30:28 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{3D362C0E-B751-40D0-8C74-22585A24DF0A}
[2012.06.14 17:31:43 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{10787AD5-FE16-4D16-9585-C72455EF2E88}
[2012.06.14 17:31:33 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{D23DCAEE-86EB-465F-A946-15BF81D7DF53}
[2012.06.14 17:27:17 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{07D3CFBE-882D-443A-9AFD-A44A90C21C41}
[2012.06.14 17:26:55 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{9D41B0DB-B22B-4256-ABAE-1A0B9F0345F2}
[2012.06.14 17:12:01 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{C0D3E03C-57BD-489B-B24D-51B734427984}
[2012.06.14 17:11:40 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{2B685C69-9FE2-4FFF-9203-AA2C48A6B82F}
[2012.06.14 16:51:42 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{35E967F6-5E58-40A7-B897-BB16FEBB3EC6}
[2012.06.14 16:51:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{5550F1A5-8985-426C-8BE7-12314B41E7BA}
[2012.06.14 16:07:54 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{02C69EFC-3146-412F-8188-D54FDC07A21F}
[2012.06.14 16:07:32 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{B87866B8-B8C1-43B0-9AB6-BB2035E3D1FE}
[2012.06.14 15:16:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{45897D1B-0C4B-404E-8835-D433011CBADE}
[2012.06.14 15:15:43 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{2B24F4E1-B165-4F59-AAF8-A96B6A789060}
[2012.06.13 18:08:12 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{99AAB18C-BF1A-4F77-833C-C823251FE64D}
[2012.06.13 17:47:13 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{F18409C4-30DF-4FDE-873C-3721D5711848}
[2012.06.13 17:46:52 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{8587915A-79F5-40BA-8519-253B5F388E0C}
[2012.06.13 17:32:02 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{70C8A38A-7C29-4565-8AA0-F83E0CA44C1E}
[2012.06.13 17:31:41 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{7C2D91DC-DAF9-44C4-8CC5-6A0A17ACE4A4}
[2012.06.13 13:10:29 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{51362A5F-8488-449B-A9F2-8D5D05410081}
[2012.06.13 13:10:06 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{76BAA57D-E7C9-48AE-96AC-D75606F1E41A}
[2012.06.12 18:16:25 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{42D19CC2-E26B-422F-BA55-401D470BA461}
[2012.06.12 18:16:04 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{49CCC110-17AD-4663-A330-B5E2F306A6C4}
[2012.06.12 16:57:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{870D8B87-008A-4638-85B7-8794ADFF3302}
[2012.06.12 16:56:59 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{910CFAB5-2120-4B8C-B4DE-A443FEA104AB}
[2012.06.12 16:03:57 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{2305186E-8949-476D-9864-65CDFED86A46}
[2012.06.12 16:03:36 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{4322C968-9DBE-44F9-A464-12FAD3CDF30F}
[2012.06.12 14:30:37 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{ED217BFD-0CA1-4232-A267-B2A2C0996A13}
[2012.06.12 14:30:16 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{A854A5D2-1979-4FEC-8696-217A067B3443}
[2012.06.12 12:33:55 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{255EBDAA-8C32-4434-A9EC-90F99185F40F}
[2012.06.12 12:33:34 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{2BA6C983-DC21-418D-A1E8-6EF96EEBDCCE}
[2012.06.12 08:10:47 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{CD3EDDB5-8097-4330-8284-6B8D8496FBC5}
[2012.06.12 08:10:26 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{8732127F-3DA1-4F62-8A61-BEB60AEF43EB}
[2012.06.11 21:28:16 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{D98372A5-1893-47C3-A3C5-D2584B35F760}
[2012.06.11 19:16:11 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{E4FA5CB4-8EDE-489F-9657-96BADBFF9485}
[2012.06.11 19:15:50 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{31E2FB5F-E0D5-4404-B8F1-2C30CA550849}
[2012.06.11 17:22:47 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{B3C6AF3E-9D60-46A8-B423-05BAE1BB8BB7}
[2012.06.11 17:22:26 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{C1827E8E-87F5-4C77-90D7-BFBCE0668BCE}
[2012.06.11 17:14:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{B3661AEC-C09D-4CDE-8DC1-EB3B136C037C}
[2012.06.11 16:57:42 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{5DCA3DD1-A59F-42D0-97F4-7D0F378F5E0A}
[2012.06.11 16:43:56 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{6218B81C-7DF8-4FA4-A4A4-3BA74BC7D63C}
[2012.06.11 16:22:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{5B6EEBB2-229C-479A-BAB5-586D94946AFE}
[2012.06.11 16:21:39 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{6F298620-8DAC-408E-8E7F-66C6AAFA1AA7}
[2012.06.11 15:21:33 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{7F730BD8-0A67-49D7-9B4C-34EC22DE5242}
[2012.06.11 15:21:12 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{CD592FEE-8EC1-4FDF-8B84-89599D9EC7AA}
[2012.06.10 17:16:02 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{A181D88E-0214-4C2B-96BC-F7291C808B9A}
[2012.06.10 17:15:41 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{D3704A20-EC3E-4738-8390-D8FC80FFDC8E}
[2012.06.10 16:28:23 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{95A5624D-6825-4C1E-8F5A-DB4C1829CE79}
[2012.06.10 16:28:02 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{D93EFBEC-48E8-44C1-95B3-1AC61936996F}
[2012.06.10 12:02:12 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{812DA2FB-1335-4583-8259-49C4AB809F50}
[2012.06.10 12:01:50 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{8C1C5823-FB2E-4C9F-9124-8A1D0017D80E}
[2012.06.10 11:54:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{2B319957-546A-45ED-8AC6-24EA0FD2EF8E}
[2012.06.10 11:46:01 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{3E964F07-AD3B-4DD6-8804-5091D17156CD}
[2012.06.10 11:17:49 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{77092EB1-5456-4335-903A-B5ED0C65BA85}
[2012.06.10 11:17:27 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{1507F644-B3FE-4257-939E-83DD4DB83C55}
[2012.06.09 19:18:17 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{35F428CE-EFAF-4B47-A1F5-93FBB24139FE}
[2012.06.09 19:17:56 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{761C153B-0793-401C-8A4F-37FA1AF77A72}
[2012.06.09 09:24:56 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{A8E97706-F503-4A61-B301-0084F62C1547}
[2012.06.09 09:24:34 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{FC0BA484-490B-4B4B-A9FE-6DB46269032E}
[2012.06.09 08:33:33 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{9BEE748E-027A-487D-901F-C4B2220FE807}
[2012.06.09 08:33:12 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{85DDB330-DD2E-48AA-95E3-4CC2DC533F60}
[2012.06.08 21:31:04 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{56E48E9B-9D67-4213-91CD-AC496F4C9117}
[2012.06.08 21:30:42 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{63694AEC-96C8-4BC3-BEF4-00F180A8D022}
[2012.06.08 11:09:15 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{157D2FD1-F1A6-41DD-AA7C-BE070718E11A}
[2012.06.08 11:08:54 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{95633FEE-C4A0-453A-B79B-EF2E82E0AF7F}
[2012.06.08 09:59:56 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{A3D4B876-E1E2-4669-8C89-CA45A0F9472F}
[2012.06.08 09:59:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{3A437730-6F19-453B-B884-7ACD8D581602}
[2012.06.08 09:34:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\luigi
[2012.06.08 08:32:47 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{78CB5832-D540-43D3-A38E-CE44E41052FF}
[2012.06.08 08:32:25 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{B5CB642C-22DC-44BF-96EC-531A2AD66F3F}
[2012.06.07 20:01:38 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{F4E45F9C-E9A7-4367-B94C-6E53E45AD6B1}
[2012.06.07 20:01:12 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{1C822518-EB0D-4B9D-B5D4-684CF1B277E6}
[2012.06.07 08:44:22 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{529EBCBE-5247-4FDE-A48A-98563423BAE6}
[2012.06.07 08:44:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{CCC7008C-6C5F-4272-9AFF-3C9FD16A8FE1}
[2012.06.06 10:22:17 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{F780C3D9-DBEC-4BCB-8B44-87335212F7A7}
[2012.06.06 10:21:56 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{F3732D03-090D-443B-A0E3-2E449CA89C38}
[2012.06.06 08:32:36 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{465E10AB-1449-4D85-A4F5-EB221B031C85}
[2012.06.06 08:32:15 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{DAA7F9E7-AC2B-463E-A3DA-4469D26E9D1A}
[2012.06.05 21:35:52 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{88577245-446E-4DDA-B2EA-5161A8F416F8}
[2012.06.05 21:35:41 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{028FC70B-0509-4BDF-8D4E-FFE623FA8F4E}
[2012.06.05 08:12:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{96AC4950-5C80-47D2-83A9-3C2102DF4FE1}
[2012.06.05 08:12:13 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{F0546C9D-6475-4E27-A458-A61005DE382F}
[2012.06.04 12:32:42 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{96F08BAB-3F65-4AA2-8D71-7B54B54A9F9F}
[2012.06.04 12:32:21 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{F1508788-3FB1-4842-AEF3-1BB491333F03}
[2012.06.04 12:26:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{9D138589-E367-46DB-9206-A597D7E115CF}
[2012.06.04 12:25:41 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{5AD484B1-45CC-4F97-A8C1-451F67E7E5CE}
[2012.06.03 18:20:07 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{71B383BF-AB42-40D6-8545-3BE67C5FB59A}
[2012.06.03 18:19:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{FFA19CC2-230A-4326-A26A-DC6EF3ED708F}
[2012.06.03 16:30:54 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{44D3C68F-9133-40DD-BA5E-F1D80E654CC6}
[2012.06.03 16:30:33 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{695EFA0C-1401-46A2-8325-FF1A24C67F4C}
[2012.06.03 10:42:15 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{4A73707C-F489-426B-8DD1-D77A1F6FDC7F}
[2012.06.03 10:41:54 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{31DD13D9-F550-4F5A-8AF0-9B08FB49B486}
[2012.06.03 09:28:22 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{4C974236-C834-42DF-B66F-1955D00491BF}
[2012.06.03 09:28:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{660A40F9-A8CD-4612-9974-5D42D2F33DED}
[2012.06.02 20:13:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{406DC126-8817-45CD-A1F6-376527886EA8}
[2012.06.02 20:12:42 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{3FFC60CC-3688-4180-BAFF-964135FCA623}
[2012.06.02 18:21:24 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{61FF4240-8772-4621-84DB-7BC2C97E8723}
[2012.06.02 18:21:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{2D5221AE-E901-429E-834E-73AF68868BE7}
[2012.06.02 18:13:57 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{17D82328-FBE7-4548-938A-0D35E2E7C1C8}
[2012.06.02 18:13:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{2C545DA0-B434-49BE-9E06-DB36CC080238}
[2012.06.02 16:06:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{3F0D5D90-D43E-4BA2-B513-225DB858B261}
[2012.06.02 16:05:59 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{7558BA9F-CCB9-43D1-925B-6F81B70A7C99}
[2012.06.02 14:30:22 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{AC043A89-B562-4548-AD34-854306697ED3}
[2012.06.02 14:30:01 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{94E2E69C-200B-4A87-8BAC-CEA3AB9A3858}
[2012.06.02 09:12:30 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{A84F802E-DAEA-4B81-8921-C3B1F11A4707}
[2012.06.02 09:12:07 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{EA0FF724-E4E4-4655-A13E-73DADC500658}
[2012.06.01 20:51:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{916F53F7-8621-4E2C-B628-7C3BA41EF4DB}
[2012.06.01 17:49:55 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{711EBB45-EC04-4FAE-9B8C-38AD71568E40}
[2012.06.01 17:49:34 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{18D62813-085D-4E6C-828B-232ABBEEEF16}
[2012.06.01 17:09:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{33A49C86-9AFD-414D-BFB4-744FE4DBAB44}
[2012.06.01 17:09:24 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{023E72CA-6376-425A-A62D-C8F6851A136E}
[2012.06.01 15:44:58 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{8C527B64-58AE-41DC-BF85-D885B066D274}
[2012.06.01 15:44:37 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{2208EBF7-08E4-4672-B99B-16B666435E4E}
[2012.05.31 20:05:43 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{702AA196-6FF1-4468-80F8-3A0C55349034}
[2012.05.31 20:05:22 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{E8DD09BC-3D60-4914-AF14-F2BF3707AD74}
[2012.05.31 17:33:16 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{AD40EF41-533A-4F70-B68D-342F58D3D4D9}
[2012.05.31 17:32:53 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{2F95CBC4-0E00-448C-BA5F-A6041BFFBE9F}
[2012.05.30 18:27:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{DCB234A8-4F14-4F8A-A9C4-6175AC3B2BA7}
[2012.05.30 18:27:14 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{3B443606-432B-47A6-8F97-8B9D75407073}
[2012.05.30 18:12:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{3F3213AF-34FE-4A3C-800B-ECA5C2A42B45}
[2012.05.30 16:52:50 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{33E30836-8975-4565-BE1D-5DDC02A07232}
[2012.05.30 16:52:29 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{7B7F0E18-922F-4EC4-8AAE-08B04CA33CAF}
[2012.05.29 21:04:24 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{578254E7-B8F7-425B-A3B6-53C24D47F699}
[2012.05.29 21:04:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{22DC8CC0-0B5E-43A3-AD3C-465AD797B0CA}
[2012.05.29 20:19:26 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{2EFC369B-ED39-4925-A949-AAAC2F62750E}
[2012.05.29 20:19:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{6ABFEA33-2878-43D8-A43D-1319C056D467}
[2012.05.29 17:56:43 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{88A547A5-9907-45FA-92D5-C1EE13FB5018}
[2012.05.29 17:56:22 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{4370737D-6134-41E2-BD4C-B70AE9D9E321}
[2012.05.29 17:39:44 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2012.05.29 17:19:43 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{D658E1F5-8797-4EC4-BB0C-99C2D7DD1602}
[2012.05.29 17:19:21 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{AA231AA0-461A-42F5-AC79-F8AA71522E47}
[2012.05.28 21:27:54 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{07F2B0D4-2A42-445E-89C6-A6C6D506DE84}
[2012.05.28 21:27:33 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{C5629840-B195-415E-93F7-5B6EDF0F7472}
[2012.05.28 19:23:50 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{00343808-B43E-4FDF-8ABB-EA139981E271}
[2012.05.28 19:23:28 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{9B64C16F-7202-473A-B752-F4F2FAB9604F}
[2012.05.28 18:06:58 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{60A3A18D-70D4-45A1-942D-1B4AEFE4AD90}
[2012.05.28 18:06:37 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{4C0D9836-7A22-43D5-98A7-D48EDD5C220A}
[2012.05.28 16:39:16 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{A466910F-A396-4E96-A407-5D79E6F6A32D}
[2012.05.28 16:38:54 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{9CC06A2B-6EE2-4F7C-9769-35013BC140D9}
[2012.05.28 15:06:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision
[2012.05.28 15:06:29 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012.05.28 15:06:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2012.05.28 15:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcGIS
[2012.05.28 15:06:04 | 000,000,000 | ---D | C] -- C:\Program Files\ArcGIS
[2012.05.28 14:56:53 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{C2893615-A733-4A5D-ACA6-E232C27EC629}
[2012.05.28 14:27:10 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{0A92EDC7-577C-4C6C-BC9F-AC8BB71C824C}
[2012.05.28 14:26:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{BCB4E447-9936-4C1E-ADE9-B4037BAFF057}
[2012.05.28 11:46:13 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{60A4B995-9CBD-4557-B94C-EF12AD74C514}
[2012.05.28 11:45:51 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{742DB147-F5C4-4343-BE2E-CC8BE54003A2}
[2012.05.28 09:33:22 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{E27A8F2E-58A4-4CAA-AF5A-0C5F187A6A38}
[2012.05.28 09:33:01 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{93D8BFA6-314C-4E34-ACB2-1AABCDF0045B}
[2012.05.27 13:32:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{F2BB5EC1-2DF6-479E-90DC-9BD0A82EC8C4}
[2012.05.27 13:31:39 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{A7323F44-DC1F-4B70-BEA8-13383F129BF0}
[2012.05.27 12:25:18 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{40D01E2C-8FD5-4A74-A578-0E334774B93C}
[2012.05.27 12:24:57 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{3E76BDB9-3830-4457-BA64-F2EEB8CD4F90}
[2012.05.27 09:31:26 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{08713810-3D9F-4A88-9F35-1BDD1051B8F1}
[2012.05.27 09:31:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{8645FB2B-0576-4819-90D9-697F3C40E25B}
[2012.05.27 08:06:44 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{298615DD-D5BC-493D-8CB2-CB82C97C072F}
[2012.05.27 08:06:22 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{497FA8D0-6319-429C-A945-3B2688E82840}
[2012.05.26 23:21:30 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{C72D7920-63D0-4D44-A550-C1EFBA4AF678}
[2012.05.26 23:21:09 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{A360A2E4-CC63-4692-A71C-3FF661A3A59F}
[2012.05.26 23:18:17 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{8F4A5933-DAAF-40B0-9E1E-AB605CF887C2}
[2012.05.26 22:27:56 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Xoyz
[2012.05.26 22:27:56 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Xosaax
[2012.05.26 22:27:56 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Hepou
[2012.05.26 17:53:56 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{FFCD3756-4629-47D6-BFF5-5A170CFFB1CA}
[2012.05.26 17:53:33 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{27336804-5A83-43AC-81C3-32C5CEE32017}
[2012.05.26 08:17:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{2EE7A628-23D2-414C-8DD1-AFCAC7D6FA5D}
[2012.05.26 08:17:24 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{6A5BCAA0-C426-45A3-9B15-A8C44404A808}
[2012.05.25 20:53:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{0212FF09-A0C0-4ECD-A468-9110CFE6725E}
[2012.05.25 20:52:43 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{BF670025-0425-4642-A295-D86D54D2C513}
[2012.05.25 20:22:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{D10CE2B9-B337-45E1-9CB3-8DB6F4A69899}
[2012.05.25 20:22:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{0902F138-D908-4BA6-B33E-03AD914688AF}
[2012.05.25 20:01:18 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{B9C93B3D-D966-4E3E-B29D-5A548DD1BB0D}
[2012.05.25 20:00:57 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{991697C6-980C-4C93-AA83-1B389BE88F91}
[2012.05.25 18:54:32 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{FBFCCF18-255C-4230-9E4C-0C9A848F2E74}
[2012.05.25 18:54:11 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{9D186EBA-944A-49D6-A9BC-68680FC00CE9}
[2012.05.25 18:28:25 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{36FD2A69-1B65-466E-B9CA-4371A77DBAB7}
[2012.05.25 18:28:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{30D82AA4-E94E-4AF7-899E-FBA93112FA87}
[2012.05.25 18:20:24 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{661C5169-CE36-4504-91C0-A1454A4E435D}
[2012.05.25 18:20:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{D19FF07F-33B7-47CC-906A-8A4A6144BBDE}
[2012.05.25 18:14:07 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{005694A0-279A-49FE-976D-62B20C1896E7}
[2012.05.25 18:13:44 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{8E13B2F4-58B0-4F84-9119-A1511D79B306}
[2012.05.25 17:36:37 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{D27F983F-334E-497C-BC95-059A896624CC}
[2012.05.25 17:36:15 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{02EE096A-3A16-4FDB-9BE0-A93DE98B3543}
[2012.05.25 17:15:48 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{6B41EA12-2D5C-45D2-8C56-2D98784C43DD}
[2012.05.25 17:15:26 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{2F88112A-BDBC-47B5-9943-168FEE9FC28A}
[2012.05.25 15:04:28 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{BA2C61DA-E263-4BDF-AEBC-FA6AE7125492}
[2012.05.25 15:04:07 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{C90C043B-207B-4701-85C3-C3B99367A4C0}
[2012.05.25 14:53:01 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{80AE2BD3-C9F1-42D1-8E90-BCBBAF399F03}
[2012.05.25 14:52:39 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{0CDC75E3-09A3-4338-B5CA-D067661946A8}
[2012.05.25 14:40:08 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{4336CBBF-1F93-45F4-AAB8-424572EDB844}
[2012.05.25 14:21:26 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{C0D44067-34E0-4C16-8313-84869C33B2BA}
[2012.05.25 14:21:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{1A712885-A1A4-4A08-9FC4-7069359768CB}
[2012.05.25 13:41:27 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{66D49911-84EE-4FCC-80F7-C931F5E07D37}
[2012.05.25 13:41:06 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{6F3A567F-CCDE-48A0-A3C1-C13AFFE3FDB8}
[2012.05.25 13:28:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{4BB2EF86-55F7-4472-B062-D9175200C633}
[2012.05.25 13:27:57 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{44227E19-32EF-4E95-A6E6-86CE232C10D7}
[2012.05.25 11:25:21 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{6072DCFA-9723-4A65-973F-1B9FCDA63124}
[2012.05.25 11:25:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{FD950060-AD4E-445F-8719-795B73DDD1DB}
[2012.05.25 10:50:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{B57D63CA-4B55-42D5-BD23-EAA1793CDBAE}
[2012.05.25 10:50:14 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{79E392EE-9CB1-4145-88DA-488ED6C3B9E5}
[2012.05.25 10:41:41 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{D61537C7-748E-4253-9BAB-D558B9CACDF7}
[2012.05.25 10:13:47 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{2DA1F4CF-60B8-4A21-9ECA-43AE78B58F34}
[2012.05.25 10:13:26 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{9633F56D-8A9F-4AB5-A1C7-900C06F8E223}
[2012.05.25 09:04:52 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{2CD74460-0169-4C4F-93BA-8054E880654C}
[2012.05.25 09:04:30 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{5F422A0A-7077-4FE1-8075-F8BC710BEE20}
[2012.05.24 21:15:16 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{3D51B460-9A23-4E73-AD69-589D4626996A}
[2012.05.24 21:15:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{12E8F401-A437-4A61-8BDA-D5739D0282ED}
[2012.05.24 17:51:27 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{1A6CF54A-1DA7-431B-9AAE-1AB1D51D7BA6}
[2012.05.24 17:51:17 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{C3E01E22-024B-42AA-AA52-75C7B8372DF0}
[2012.05.24 16:33:15 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{F45A194D-EB75-4760-9DB6-B63145077EBB}
[2012.05.24 16:32:55 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{92C60E8E-3A1B-4DB2-84D8-69F47DD3B1A0}
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.20 09:06:45 | 000,011,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.20 09:06:45 | 000,011,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.20 08:59:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.20 08:58:50 | 2414,481,408 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.18 09:24:49 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.17 19:40:30 | 000,977,882 | ---- | M] () -- C:\Users\xxx\Desktop\bewerbung_xxx.pdf
[2012.05.29 17:39:44 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2012.05.29 17:38:22 | 000,000,000 | ---- | M] () -- C:\Users\xxx\defogger_reenable
[2012.05.29 17:37:01 | 000,050,477 | ---- | M] () -- C:\Users\xxx\Desktop\Defogger.exe
[2012.05.28 14:27:26 | 001,812,736 | ---- | M] () -- C:\Users\xxx\Desktop\InVeKoS_2012_Einführung.pdf
[2012.05.28 10:04:19 | 000,007,411 | ---- | M] () -- C:\Users\xxx\Desktop\328_5026_1854_Bestätigung der Annahme UStVA 2012 - 1. Quartal_ElsterOnline6.pdf
[2012.05.25 15:09:23 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.25 15:09:23 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.25 15:09:23 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.25 15:09:23 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2012.06.18 09:24:49 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.17 19:40:29 | 000,977,882 | ---- | C] () -- C:\Users\xxx\Desktop\bewerbung_xxx.pdf
[2012.05.29 17:38:22 | 000,000,000 | ---- | C] () -- C:\Users\xxx\defogger_reenable
[2012.05.29 17:37:01 | 000,050,477 | ---- | C] () -- C:\Users\xxx\Desktop\Defogger.exe
[2012.05.28 14:27:25 | 001,812,736 | ---- | C] () -- C:\Users\xxx\Desktop\InVeKoS_2012_Einführung.pdf
[2012.05.28 10:04:19 | 000,007,411 | ---- | C] () -- C:\Users\xxx\Desktop\328_5026_1854_Bestätigung der Annahme UStVA 2012 - 1. Quartal_ElsterOnline6.pdf
[2012.04.05 13:29:53 | 000,299,073 | ---- | C] () -- C:\Windows\System32\PythonCOM21.dll
[2012.04.05 13:29:53 | 000,065,536 | ---- | C] () -- C:\Windows\System32\PyWinTypes21.dll
[2011.12.29 20:45:35 | 000,000,138 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.12.29 17:57:12 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011.12.29 17:24:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.16 11:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.09.16 11:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.09.16 11:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.09.16 11:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.09.16 11:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.05.13 10:04:16 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2011.05.13 10:03:16 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2011.05.13 10:01:22 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2011.05.13 10:01:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2011.05.01 19:35:30 | 000,167,018 | ---- | C] () -- C:\Windows\hpwins05.dat
[2011.05.01 01:32:09 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.05.01 01:32:09 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.04.30 16:15:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.04.12 03:30:05 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.04.12 03:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.04.12 03:30:05 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.04.12 03:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.11.20 23:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
 
========== LOP Check ==========
 
[2011.12.29 17:39:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Easy Thumbnails
[2012.03.12 15:53:23 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\elsterformular
[2012.04.05 13:33:30 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ESRI
[2012.05.26 22:27:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Hepou
[2012.01.28 15:07:23 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ICQ
[2012.01.07 18:46:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Lexware
[2011.12.29 17:39:23 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\MAXON
[2011.12.29 17:39:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Nemetschek
[2011.12.29 17:39:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PlagiarismFinder
[2011.12.29 17:39:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Samsung
[2011.12.30 11:17:00 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Windows Live Writer
[2012.06.20 09:02:48 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Xosaax
[2012.05.26 22:27:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Xoyz
[2012.05.28 16:33:17 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.12.29 17:39:21 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Adobe
[2012.01.07 14:13:00 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Apple Computer
[2011.12.29 17:39:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ATI
[2011.12.29 17:39:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Avira
[2011.12.29 17:39:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Easy Thumbnails
[2012.03.12 15:53:23 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\elsterformular
[2012.04.05 13:33:30 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ESRI
[2012.05.26 22:27:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Hepou
[2011.12.29 17:39:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\HP
[2011.12.29 17:39:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\HpUpdate
[2012.01.28 15:07:23 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ICQ
[2011.12.29 21:18:18 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Identities
[2012.01.07 18:46:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Lexware
[2011.12.29 17:39:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Macromedia
[2012.06.18 09:24:55 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Malwarebytes
[2011.12.29 17:39:23 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\MAXON
[2011.04.12 03:39:07 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Media Center Programs
[2012.05.25 17:27:10 | 000,000,000 | --SD | M] -- C:\Users\xxx\AppData\Roaming\Microsoft
[2011.12.29 17:39:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Mozilla
[2011.12.29 17:39:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Nemetschek
[2011.12.29 17:39:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PlagiarismFinder
[2011.12.29 17:39:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Samsung
[2011.12.30 11:17:00 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Windows Live Writer
[2012.06.20 09:02:48 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Xosaax
[2012.05.26 22:27:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Xoyz
 
< %APPDATA%\*.exe /s >
[2012.04.26 17:50:37 | 004,277,440 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\xxx\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_10_8479_8623.exe
[2012.04.26 17:50:59 | 004,275,120 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\xxx\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_11_8479_8623.exe
[2012.04.26 17:51:20 | 004,264,240 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\xxx\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_12_8479_8623.exe
[2012.04.26 17:51:42 | 004,573,816 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\xxx\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_09_8479_8623.exe
[2012.04.26 17:52:12 | 005,762,152 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\xxx\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_10_8479_8623.exe
[2012.04.26 17:52:42 | 005,937,224 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\xxx\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_11_8479_8623.exe
[2012.04.26 17:53:05 | 004,316,616 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\xxx\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_09_8479_8623.exe
[2012.04.26 17:53:26 | 004,309,624 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\xxx\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_10_8479_8623.exe
[2012.04.26 17:53:49 | 004,591,856 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\xxx\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_11_8479_8623.exe
[2012.04.26 17:55:16 | 004,271,616 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\xxx\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gstz_09_8479_8623.exe
[2012.04.26 17:55:37 | 004,272,896 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\xxx\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gstz_10_8479_8623.exe
[2012.04.26 17:55:59 | 004,506,672 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\xxx\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gstz_11_8479_8623.exe
[2012.04.26 17:54:11 | 004,278,864 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\xxx\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gst_09_8479_8623.exe
[2012.04.26 17:54:33 | 004,278,384 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\xxx\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gst_10_8479_8623.exe
[2012.04.26 17:54:55 | 004,504,904 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\xxx\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gst_11_8479_8623.exe
[2012.04.26 17:56:21 | 004,269,256 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\xxx\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_10_8479_8623.exe
[2012.04.26 17:56:42 | 004,286,816 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\xxx\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_11_8479_8623.exe
[2012.04.26 17:57:03 | 004,267,496 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\xxx\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_12_8479_8623.exe
[2012.04.26 17:57:24 | 004,300,704 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\xxx\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lstb_10_8479_8623.exe
[2012.04.26 17:57:46 | 004,301,752 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\xxx\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lstb_11_8479_8623.exe
[2012.04.26 17:58:07 | 004,318,152 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\xxx\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lstb_12_8479_8623.exe
[2012.04.26 17:58:28 | 004,278,352 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\xxx\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_09_8479_8623.exe
[2012.04.26 17:58:50 | 004,290,960 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\xxx\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_10_8479_8623.exe
[2012.04.26 17:59:12 | 004,282,328 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\xxx\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_11_8479_8623.exe
[2012.04.26 17:50:00 | 005,576,392 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\xxx\AppData\Roaming\elsterformular\pluginmanager\tmp\update_pica_0_8479_8623.exe
[2012.04.26 18:00:33 | 004,272,528 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\xxx\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_10_8479_8623.exe
[2012.04.26 18:00:51 | 004,272,848 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\xxx\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_11_8479_8623.exe
[2012.04.26 18:01:09 | 004,288,088 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\xxx\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_12_8479_8623.exe
[2012.04.26 17:59:34 | 004,287,560 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\xxx\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_09_8479_8623.exe
[2012.04.26 17:59:55 | 004,284,592 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\xxx\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_10_8479_8623.exe
[2012.04.26 18:00:16 | 004,290,016 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\xxx\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_11_8479_8623.exe
[2012.02.17 02:02:12 | 000,360,960 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Xoyz\olow.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys
[2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2007.01.06 07:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_29af12c5857181b0\nvstor.sys
[2007.01.06 07:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvstor.inf_x86_neutral_2d190bda0635df72\nvstor.sys
[2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys
[2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >