Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   web.de "mail deliver failed..." (https://www.trojaner-board.de/127272-web-de-mail-deliver-failed.html)

BieneTVB 20.11.2012 12:28
web.de "mail deliver failed..."
 
Hallo,
ich habe das selbe Problem mit web.de wie schon von einigen Usern hier beschrieben. Da die Problemlösung recht kompliziert scheint öffne ich mal einen eigenen Beitrag damit es übersichtlich bleibt. ( Hoffe das ist zulässig?)

Also ich bekomme täglich ca.30 Meldungen von zurückgesendeten spammails, die
aus irgend einem grund über meine web.de Adresse verschickt werden.

da steht keineantwortadresse@web.de und darunter "mail delivery failes:returning massage to sender"

Als Antivirus Programm nutze ich Avast. Der Scan hat nichts gefunden.

Habe bereits alle wichtigen Passwörter geändert.

Wie soll ich vorgehen?

hier die Angaben die in der Anleitung zum Forum verlangt werden:

Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:33 on 20/11/2012 (BieneTVB)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
OTL:

OTL Logfile:
Code:
OTL logfile created on: 20.11.2012 12:44:17 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Hagemann\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,97 Gb Total Physical Memory | 6,51 Gb Available Physical Memory | 81,64% Memory free
15,93 Gb Paging File | 14,45 Gb Available in Paging File | 90,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 49,10 Gb Free Space | 41,21% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 912,66 Gb Free Space | 97,98% Space Free | Partition Type: NTFS
Drive I: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: HAGEMANN-PC | User Name: Hagemann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.20 12:35:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hagemann\Desktop\OTL.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.10.11 12:17:59 | 002,312,216 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012.02.07 17:53:34 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.02.07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.02.07 17:52:04 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2011.09.28 01:37:56 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.12.10 03:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2009.12.10 03:37:16 | 003,690,496 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.11 12:17:59 | 002,312,216 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
MOD - [2012.10.11 12:17:06 | 002,069,528 | ---- | M] () -- c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.03.04 12:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2011.03.04 12:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2011.03.04 12:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.09.28 02:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.11.02 10:26:42 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.10.19 16:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.11 12:17:59 | 002,312,216 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.09.19 11:29:44 | 002,365,792 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.02.07 17:53:34 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.02.07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.02.07 17:52:04 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.02.02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2011.04.20 09:57:02 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.10 03:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.09.28 03:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.09.28 02:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.03 14:01:20 | 000,677,480 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.11.10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.11.03 11:10:42 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.11.03 11:10:42 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.04.20 03:07:48 | 001,930,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2011.03.23 15:41:28 | 000,036,448 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.09.19 10:50:50 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=109727&tt=311012_niche_4412_4&babsrc=HP_ss&mntrId=721a3d7b00000000000090f652e6eb59
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=109727&tt=311012_niche_4412_4&babsrc=HP_ss&mntrId=721a3d7b00000000000090f652e6eb59
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 AB 93 38 3D B7 CD 01  [binary data]
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109727&tt=311012_niche_4412_4&babsrc=SP_ss&mntrId=721a3d7b00000000000090f652e6eb59
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.11.02 17:46:23 | 000,000,000 | ---D | M]
 
[2012.11.02 17:46:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.babylon.com/?affID=109727&tt=311012_niche_4412_4&babsrc=HP_ss&mntrId=721a3d7b00000000000090f652e6eb59
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://search.babylon.com/?affID=109727&tt=311012_niche_4412_4&babsrc=HP_ss&mntrId=721a3d7b00000000000090f652e6eb59
CHR - Extension: No name found = C:\Users\Hagemann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\Hagemann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\Hagemann\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: No name found = C:\Users\Hagemann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\
CHR - Extension: No name found = C:\Users\Hagemann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\
CHR - Extension: No name found = C:\Users\Hagemann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Plus_Sonderedition\TrayServer_de.exe (MAGIX AG)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_BFF1274CEC412B4E702C782D380CCB14] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - Startup: C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Hagemann\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Hagemann\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AACC0C1-6273-4F0F-938B-58BD3476DED7}: DhcpNameServer = 192.168.10.4 192.168.10.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E53FDE10-D543-4BA8-A460-B483277A1286}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\labelprint.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\power2go.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\power2goexpress.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\producer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\ps.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\youcam.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\labelprint.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\power2go.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\power2goexpress.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\producer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\ps.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\youcam.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.15 10:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) - I:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.10.11 18:03:48 | 000,000,054 | R--- | M] () - I:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{84e48d4a-2321-11e2-a253-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{84e48d4a-2321-11e2-a253-806e6f6e6963}\Shell\AutoRun\command - "" = I:\Autorun.exe -- [2008.11.15 10:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.20 12:35:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hagemann\Desktop\OTL.exe
[2012.11.19 09:50:51 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Diagnostics
[2012.11.15 12:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.11.15 12:28:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.11.14 20:27:53 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\OpenOffice.org
[2012.11.10 12:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012.11.10 12:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012.11.10 12:45:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012.11.10 12:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012.11.10 12:44:29 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\HP
[2012.11.10 12:43:09 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\ElevatedDiagnostics
[2012.11.08 17:45:53 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\Desktop\Neuer Ordner
[2012.11.08 17:29:52 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\Desktop\CAM_SD
[2012.11.08 08:48:17 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.11.08 08:48:17 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.11.08 08:48:17 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.11.08 08:48:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2012.11.08 08:48:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013
[2012.11.08 08:48:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.11.05 17:06:11 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\Desktop\Miami AHCV
[2012.11.05 15:43:59 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.11.05 15:43:59 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\DVDVideoSoft
[2012.11.05 15:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.11.05 15:43:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2012.11.05 15:43:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2012.11.05 15:28:56 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\Desktop\Miami 12
[2012.11.05 15:23:47 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\Desktop\Pics für miami video
[2012.11.05 15:21:23 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\Desktop\Route Miami
[2012.11.05 14:47:06 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\MJProductions
[2012.11.05 14:45:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Route Generator
[2012.11.05 14:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.11.05 14:29:49 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\FreeScreenToVideo
[2012.11.05 14:29:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Screen To Video
[2012.11.05 14:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Screen To Video
[2012.11.05 13:58:20 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\MAGIX_AG
[2012.11.04 17:01:13 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\Skype
[2012.11.04 17:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.11.04 17:01:08 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.11.04 17:01:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.11.04 17:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.11.04 14:18:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2012.11.04 14:05:39 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\Documents\Games for Windows - LIVE Demos
[2012.11.04 14:03:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2012.11.04 13:46:43 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\Documents\Rockstar Games
[2012.11.04 13:44:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2012.11.04 13:44:07 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Rockstar Games
[2012.11.04 13:42:59 | 000,000,000 | RH-D | C] -- C:\Users\Hagemann\AppData\Roaming\SecuROM
[2012.11.04 13:37:59 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012.11.04 13:35:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2012.11.04 13:35:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2012.11.04 13:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2012.11.04 13:06:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2012.11.02 18:50:03 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Desktop\Programme
[2012.11.02 18:36:21 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\Documents\MAGIX Downloads
[2012.11.02 18:36:21 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\Documents\MAGIX
[2012.11.02 18:35:03 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\Documents\MAGIX_MusicEditor
[2012.11.02 18:35:02 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Xara
[2012.11.02 18:35:01 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\MAGIX
[2012.11.02 18:34:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Shared
[2012.11.02 18:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2012.11.02 18:33:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX
[2012.11.02 18:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2012.11.02 18:33:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Services
[2012.11.02 18:33:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012.11.02 18:29:47 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.11.02 18:29:47 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.11.02 18:29:47 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.11.02 18:29:47 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.11.02 18:29:47 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.11.02 18:29:47 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.11.02 18:29:47 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.11.02 18:29:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.11.02 18:29:33 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.11.02 18:29:33 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.11.02 18:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.11.02 18:29:24 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.11.02 18:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.11.02 18:14:21 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\Apple Computer
[2012.11.02 18:14:21 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Apple Computer
[2012.11.02 18:14:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012.11.02 18:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.11.02 18:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.11.02 18:14:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.11.02 18:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.11.02 18:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.11.02 18:13:58 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Apple
[2012.11.02 18:13:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012.11.02 18:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.11.02 18:13:49 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.11.02 18:13:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012.11.02 18:13:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012.11.02 18:13:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012.11.02 17:53:24 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\TuneUp Software
[2012.11.02 17:47:29 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.11.02 17:47:26 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.11.02 17:47:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.11.02 17:46:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2012.11.02 17:46:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2012.11.02 17:46:23 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
[2012.11.02 17:46:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012.11.02 17:46:22 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\BabylonToolbar
[2012.11.02 17:46:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2012.11.02 17:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.11.02 17:45:46 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\Babylon
[2012.11.02 17:45:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.11.02 17:45:45 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\DesktopIconForAmazon
[2012.11.02 17:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 8.3
[2012.11.02 17:39:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PostgreSQL
[2012.11.02 17:34:27 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\PokerStars.EU
[2012.11.02 17:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.EU
[2012.11.02 17:34:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars.EU
[2012.11.02 17:19:29 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerTracker 3
[2012.11.02 17:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerTracker 3
[2012.11.02 17:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerTracker 3
[2012.11.02 17:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.11.02 17:11:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.11.02 17:11:40 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Google
[2012.11.02 17:10:00 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Deployment
[2012.11.02 17:10:00 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Apps
[2012.11.02 17:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
[2012.11.02 17:03:48 | 001,930,240 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athurx.sys
[2012.11.02 17:03:48 | 001,930,240 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athurx.sys
[2012.11.02 17:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TP-LINK
[2012.11.02 12:41:07 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Power2Go
[2012.11.02 12:26:55 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
[2012.11.02 12:25:00 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\CyberLink
[2012.11.02 12:25:00 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Cyberlink
[2012.11.02 12:23:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2012.11.02 12:23:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2012.11.02 12:22:49 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
[2012.11.02 12:22:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2012.11.02 12:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012.11.02 12:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012.11.02 10:56:13 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2012.11.02 10:55:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2012.11.02 10:52:12 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\WinRAR
[2012.11.02 10:52:12 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.11.02 10:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.11.02 10:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012.11.02 10:32:10 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\ashampoo
[2012.11.02 10:32:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo
[2012.11.02 10:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2012.11.02 10:32:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
[2012.11.02 10:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012.11.02 10:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.11.02 10:29:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.11.02 10:29:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.11.02 10:29:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.11.02 10:27:54 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\Macromedia
[2012.11.02 10:27:54 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\Adobe
[2012.11.02 10:26:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012.11.02 10:26:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.11.02 10:26:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.10.31 18:05:12 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\ATI
[2012.10.31 18:05:12 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\ATI
[2012.10.31 18:05:12 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.10.31 18:04:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012.10.31 18:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012.10.31 18:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012.10.31 18:04:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012.10.31 18:04:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.10.31 18:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.10.31 18:03:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012.10.31 18:02:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.10.31 18:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012.10.31 18:02:29 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012.10.31 08:57:30 | 000,000,000 | ---D | C] -- C:\Treiber
[2012.10.31 08:53:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3
[2012.10.31 08:53:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2012.10.31 08:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012.10.31 08:52:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2012.10.31 08:52:28 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\InstallShield
[2012.10.31 08:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asmedia Technology
[2012.10.31 08:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM106xSATA
[2012.10.31 08:52:12 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012.10.31 08:51:27 | 000,677,480 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2012.10.31 08:51:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012.10.31 08:51:08 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.10.31 08:50:58 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012.10.31 08:50:57 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012.10.31 08:50:57 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2012.10.31 08:50:57 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012.10.31 08:50:57 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012.10.31 08:50:57 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012.10.31 08:50:57 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2012.10.31 08:50:57 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2012.10.31 08:50:57 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2012.10.31 08:50:48 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012.10.31 08:50:48 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012.10.31 08:50:48 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012.10.31 08:50:48 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012.10.31 08:50:48 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012.10.31 08:50:48 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012.10.31 08:50:42 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2012.10.31 08:50:42 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2012.10.31 08:50:42 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2012.10.31 08:50:42 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2012.10.31 08:50:42 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2012.10.31 08:50:41 | 000,702,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek2.dll
[2012.10.31 08:50:41 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2012.10.31 08:50:39 | 003,768,152 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2012.10.31 08:50:39 | 002,132,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012.10.31 08:50:39 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2012.10.31 08:50:39 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012.10.31 08:50:37 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2012.10.31 08:50:31 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012.10.31 08:50:30 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2012.10.31 08:50:30 | 000,527,872 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2012.10.31 08:50:30 | 000,515,584 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2012.10.31 08:50:30 | 000,439,808 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2012.10.31 08:50:29 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2012.10.31 08:50:29 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2012.10.31 08:50:29 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2012.10.31 08:50:29 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2012.10.31 08:50:28 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2012.10.31 08:50:28 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2012.10.31 08:50:28 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2012.10.31 08:50:28 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2012.10.31 08:50:28 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2012.10.31 08:50:28 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2012.10.31 08:50:27 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2012.10.31 08:50:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012.10.31 08:50:24 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012.10.31 08:50:24 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012.10.31 08:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012.10.31 08:49:27 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012.10.31 08:49:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012.10.31 08:48:35 | 000,000,000 | ---D | C] -- C:\Windows\AsusInstAll
[2012.10.31 07:41:20 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.10.31 07:41:20 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Searches
[2012.10.31 07:41:20 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.10.31 07:41:15 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\Identities
[2012.10.31 07:41:14 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Contacts
[2012.10.31 07:41:13 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\VirtualStore
[2012.10.31 07:41:11 | 000,000,000 | --SD | C] -- C:\Users\Hagemann\AppData\Roaming\Microsoft
[2012.10.31 07:41:11 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Videos
[2012.10.31 07:41:11 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Saved Games
[2012.10.31 07:41:11 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Pictures
[2012.10.31 07:41:11 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Music
[2012.10.31 07:41:11 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.10.31 07:41:11 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Links
[2012.10.31 07:41:11 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Favorites
[2012.10.31 07:41:11 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Downloads
[2012.10.31 07:41:11 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Documents
[2012.10.31 07:41:11 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Desktop
[2012.10.31 07:41:11 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Vorlagen
[2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\AppData\Local\Verlauf
[2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\AppData\Local\Temporary Internet Files
[2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Startmenü
[2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\SendTo
[2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Recent
[2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Netzwerkumgebung
[2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Lokale Einstellungen
[2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Documents\Eigene Videos
[2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Documents\Eigene Musik
[2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Eigene Dateien
[2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Documents\Eigene Bilder
[2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Druckumgebung
[2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Cookies
[2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\AppData\Local\Anwendungsdaten
[2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Anwendungsdaten
[2012.10.31 07:41:11 | 000,000,000 | -H-D | C] -- C:\Users\Hagemann\AppData
[2012.10.31 07:41:11 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Temp
[2012.10.31 07:41:11 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Microsoft
[2012.10.31 07:41:11 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\Media Center Programs
[2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.10.31 07:41:09 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.10.31 07:09:36 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012.10.31 07:09:27 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012.10.31 07:08:58 | 000,000,000 | ---D | C] -- C:\Windows\Panther
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.20 12:35:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hagemann\Desktop\OTL.exe
[2012.11.20 12:33:55 | 000,000,000 | ---- | M] () -- C:\Users\Hagemann\defogger_reenable
[2012.11.20 12:32:17 | 000,050,477 | ---- | M] () -- C:\Users\Hagemann\Desktop\Defogger.exe
[2012.11.20 12:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.20 11:47:44 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.20 11:47:44 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.20 11:44:26 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.20 11:44:26 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.20 11:44:26 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.20 11:44:26 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.20 11:44:26 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.20 11:38:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.20 11:38:26 | 2121,637,887 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.19 08:43:50 | 000,419,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.15 16:16:20 | 000,069,162 | ---- | M] () -- C:\Users\Hagemann\Desktop\clubmail_871948_att.jpg
[2012.11.14 20:27:57 | 000,001,235 | ---- | M] () -- C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012.11.10 12:36:09 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.10 12:36:09 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.08 20:45:09 | 1138,249,857 | ---- | M] () -- C:\Users\Hagemann\Desktop\Miami 2012HD.MP4
[2012.11.08 19:29:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.11.08 19:09:50 | 1237,983,469 | ---- | M] () -- C:\Users\Hagemann\Desktop\Miami 2012.mp4
[2012.11.08 19:09:50 | 000,000,108 | ---- | M] () -- C:\Users\Hagemann\Desktop\Miami 2012.mei
[2012.11.08 17:43:13 | 000,001,701 | ---- | M] () -- C:\Users\Hagemann\Desktop\bus_icon.jpg
[2012.11.08 17:40:22 | 000,002,359 | ---- | M] () -- C:\Users\Hagemann\Desktop\bus.jpg
[2012.11.08 11:05:06 | 000,034,238 | ---- | M] () -- C:\Users\Hagemann\Desktop\MIAMI-SEAQUARIUM-LOGO.jpg
[2012.11.08 08:48:16 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.11.08 08:48:16 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2012.11.08 08:38:37 | 000,000,224 | ---- | M] () -- C:\Users\Hagemann\Documents\Tune UP Produktschlüssel.rtf
[2012.11.06 20:43:34 | 001,327,158 | ---- | M] () -- C:\Users\Hagemann\Desktop\key west.bmp
[2012.11.06 20:42:17 | 001,327,158 | ---- | M] () -- C:\Users\Hagemann\Desktop\everglades.bmp
[2012.11.06 19:00:33 | 013,957,525 | ---- | M] () -- C:\Users\Hagemann\Desktop\fotostream2.WMV
[2012.11.05 16:54:15 | 000,437,143 | ---- | M] () -- C:\Users\Hagemann\Desktop\19(2).jpg
[2012.11.05 16:52:45 | 001,013,460 | ---- | M] () -- C:\Users\Hagemann\Desktop\7(3).jpg
[2012.11.05 16:51:20 | 001,603,643 | ---- | M] () -- C:\Users\Hagemann\Desktop\miami-heat-wallpaper-1.png
[2012.11.05 16:34:44 | 039,733,591 | ---- | M] () -- C:\Users\Hagemann\Desktop\fotostram1 miami.WMV
[2012.11.05 15:43:58 | 000,001,398 | ---- | M] () -- C:\Users\Hagemann\Desktop\Free YouTube to MP3 Converter.lnk
[2012.11.05 15:14:08 | 000,427,851 | ---- | M] () -- C:\Users\Hagemann\Desktop\karte.png
[2012.11.05 15:12:42 | 000,001,090 | ---- | M] () -- C:\Users\Hagemann\Desktop\images.jpg
[2012.11.05 15:10:08 | 000,004,253 | ---- | M] () -- C:\Users\Hagemann\Desktop\images3.jpg
[2012.11.05 15:09:38 | 000,002,344 | ---- | M] () -- C:\Users\Hagemann\Desktop\images2.jpg
[2012.11.05 15:09:25 | 000,004,833 | ---- | M] () -- C:\Users\Hagemann\Desktop\images1.jpg
[2012.11.05 15:07:33 | 000,020,243 | ---- | M] () -- C:\Users\Hagemann\Desktop\SYMBOL-HOPE-FREEDOM.jpg
[2012.11.05 14:57:45 | 002,026,949 | ---- | M] () -- C:\Users\Hagemann\Desktop\politische_weltkarte_cia_2007.png
[2012.11.05 14:53:57 | 001,327,158 | ---- | M] () -- C:\Users\Hagemann\Desktop\Map.bmp
[2012.11.05 14:32:16 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.11.05 14:29:49 | 000,001,126 | ---- | M] () -- C:\Users\Hagemann\Desktop\Free Screen To Video.lnk
[2012.11.04 17:01:09 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.11.04 14:00:55 | 000,002,196 | ---- | M] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk
[2012.11.04 13:37:59 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012.11.02 18:35:23 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.11.02 18:34:59 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Video deluxe MX Plus Sonderedition.lnk
[2012.11.02 18:29:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.11.02 18:14:21 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.11.02 17:35:43 | 000,001,069 | ---- | M] () -- C:\Users\Hagemann\Desktop\PokerTracker 3.lnk
[2012.11.02 17:34:27 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.eu.lnk
[2012.11.02 17:19:52 | 000,004,996 | ---- | M] () -- C:\ProgramData\bltofzsb.qlf
[2012.11.02 17:13:40 | 000,002,247 | ---- | M] () -- C:\Users\Hagemann\Desktop\Google Chrome.lnk
[2012.11.02 17:07:40 | 000,000,207 | ---- | M] () -- C:\Users\Hagemann\Documents\Heimnetz.rtf
[2012.10.31 18:13:23 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.10.31 18:13:23 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.10.31 18:05:07 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012.10.31 08:53:29 | 000,044,274 | ---- | M] () -- C:\Windows\Ascd_log.ini
[2012.10.31 08:43:40 | 000,031,393 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2012.10.31 08:43:14 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2012.10.31 07:11:27 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.10.31 07:11:27 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012.10.31 07:10:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.10.30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.10.30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.10.30 23:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.10.29 15:28:32 | 001,845,296 | ---- | M] () -- C:\Users\Hagemann\Desktop\20121022_164720.jpg
 
========== Files Created - No Company Name ==========
 
[2012.11.20 12:33:55 | 000,000,000 | ---- | C] () -- C:\Users\Hagemann\defogger_reenable
[2012.11.20 12:32:16 | 000,050,477 | ---- | C] () -- C:\Users\Hagemann\Desktop\Defogger.exe
[2012.11.19 00:24:08 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.19 00:21:27 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.15 16:16:20 | 000,069,162 | ---- | C] () -- C:\Users\Hagemann\Desktop\clubmail_871948_att.jpg
[2012.11.14 20:27:57 | 000,001,235 | ---- | C] () -- C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012.11.08 20:13:37 | 1138,249,857 | ---- | C] () -- C:\Users\Hagemann\Desktop\Miami 2012HD.MP4
[2012.11.08 19:29:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.11.08 19:09:50 | 000,000,108 | ---- | C] () -- C:\Users\Hagemann\Desktop\Miami 2012.mei
[2012.11.08 18:25:15 | 1237,983,469 | ---- | C] () -- C:\Users\Hagemann\Desktop\Miami 2012.mp4
[2012.11.08 17:50:25 | 021,378,698 | ---- | C] () -- C:\Users\Hagemann\Desktop\Fritz & Paul Kalkbrenner - Sky and Sand (Original Mix).mp3
[2012.11.08 17:41:53 | 000,001,701 | ---- | C] () -- C:\Users\Hagemann\Desktop\bus_icon.jpg
[2012.11.08 17:40:22 | 000,002,359 | ---- | C] () -- C:\Users\Hagemann\Desktop\bus.jpg
[2012.11.08 11:11:32 | 005,021,359 | ---- | C] () -- C:\Users\Hagemann\Desktop\Simple Plan - Summer Paradise ft. Sean Paul (Official Audio).mp3
[2012.11.08 11:05:06 | 000,034,238 | ---- | C] () -- C:\Users\Hagemann\Desktop\MIAMI-SEAQUARIUM-LOGO.jpg
[2012.11.08 08:48:16 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.11.08 08:48:16 | 000,002,201 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2012.11.08 08:48:16 | 000,002,189 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2012.11.08 08:38:37 | 000,000,224 | ---- | C] () -- C:\Users\Hagemann\Documents\Tune UP Produktschlüssel.rtf
[2012.11.06 20:43:34 | 001,327,158 | ---- | C] () -- C:\Users\Hagemann\Desktop\key west.bmp
[2012.11.06 20:42:17 | 001,327,158 | ---- | C] () -- C:\Users\Hagemann\Desktop\everglades.bmp
[2012.11.06 18:59:52 | 013,957,525 | ---- | C] () -- C:\Users\Hagemann\Desktop\fotostream2.WMV
[2012.11.05 16:54:15 | 000,437,143 | ---- | C] () -- C:\Users\Hagemann\Desktop\19(2).jpg
[2012.11.05 16:52:45 | 001,013,460 | ---- | C] () -- C:\Users\Hagemann\Desktop\7(3).jpg
[2012.11.05 16:51:20 | 001,603,643 | ---- | C] () -- C:\Users\Hagemann\Desktop\miami-heat-wallpaper-1.png
[2012.11.05 16:33:24 | 039,733,591 | ---- | C] () -- C:\Users\Hagemann\Desktop\fotostram1 miami.WMV
[2012.11.05 15:43:58 | 000,001,398 | ---- | C] () -- C:\Users\Hagemann\Desktop\Free YouTube to MP3 Converter.lnk
[2012.11.05 15:28:56 | 001,845,296 | ---- | C] () -- C:\Users\Hagemann\Desktop\20121022_164720.jpg
[2012.11.05 15:12:42 | 000,001,090 | ---- | C] () -- C:\Users\Hagemann\Desktop\images.jpg
[2012.11.05 15:10:08 | 000,004,253 | ---- | C] () -- C:\Users\Hagemann\Desktop\images3.jpg
[2012.11.05 15:09:38 | 000,002,344 | ---- | C] () -- C:\Users\Hagemann\Desktop\images2.jpg
[2012.11.05 15:09:25 | 000,004,833 | ---- | C] () -- C:\Users\Hagemann\Desktop\images1.jpg
[2012.11.05 15:07:13 | 000,020,243 | ---- | C] () -- C:\Users\Hagemann\Desktop\SYMBOL-HOPE-FREEDOM.jpg
[2012.11.05 15:02:18 | 000,427,851 | ---- | C] () -- C:\Users\Hagemann\Desktop\karte.png
[2012.11.05 14:55:16 | 002,026,949 | ---- | C] () -- C:\Users\Hagemann\Desktop\politische_weltkarte_cia_2007.png
[2012.11.05 14:52:15 | 001,327,158 | ---- | C] () -- C:\Users\Hagemann\Desktop\Map.bmp
[2012.11.05 14:32:16 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.11.05 14:29:49 | 000,001,126 | ---- | C] () -- C:\Users\Hagemann\Desktop\Free Screen To Video.lnk
[2012.11.04 17:01:09 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.11.04 14:03:41 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2012.11.04 13:34:33 | 000,002,196 | ---- | C] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk
[2012.11.02 18:34:59 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Video deluxe MX Plus Sonderedition.lnk
[2012.11.02 18:29:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012.11.02 18:14:21 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.11.02 18:13:57 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.11.02 17:34:27 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.eu.lnk
[2012.11.02 17:19:52 | 000,004,996 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2012.11.02 17:19:29 | 000,001,069 | ---- | C] () -- C:\Users\Hagemann\Desktop\PokerTracker 3.lnk
[2012.11.02 17:13:40 | 000,002,247 | ---- | C] () -- C:\Users\Hagemann\Desktop\Google Chrome.lnk
[2012.11.02 17:11:51 | 000,001,114 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.02 17:11:51 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.02 17:07:40 | 000,000,207 | ---- | C] () -- C:\Users\Hagemann\Documents\Heimnetz.rtf
[2012.11.02 17:03:48 | 000,027,040 | ---- | C] () -- C:\Windows\SysNative\netathurx.inf
[2012.11.02 17:03:48 | 000,008,820 | ---- | C] () -- C:\Windows\SysNative\athurextx.cat
[2012.11.02 10:31:02 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.11.02 10:26:42 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.02 10:25:59 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012.10.31 18:13:23 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.10.31 18:13:23 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.10.31 18:05:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.10.31 08:53:04 | 000,015,128 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
[2012.10.31 08:50:48 | 000,200,468 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2012.10.31 08:48:21 | 000,044,274 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.10.31 08:43:09 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.10.31 08:43:01 | 000,031,393 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.10.31 07:41:22 | 000,001,405 | ---- | C] () -- C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.10.31 07:41:21 | 000,001,439 | ---- | C] () -- C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.10.31 07:11:22 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.10.31 07:11:22 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.10.31 07:10:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.10.31 07:09:27 | 2121,637,887 | -HS- | C] () -- C:\hiberfil.sys
[2012.09.28 02:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.09.28 02:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.11.02 17:45:46 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\Babylon
[2012.11.02 17:46:23 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\BabylonToolbar
[2012.11.02 17:45:45 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\DesktopIconForAmazon
[2012.11.05 15:44:01 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\DVDVideoSoft
[2012.11.05 15:43:59 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.11.05 14:29:49 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\FreeScreenToVideo
[2012.11.05 17:37:48 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\MAGIX
[2012.11.14 20:27:53 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\OpenOffice.org
[2012.11.08 08:48:14 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


OTL Logfile:
Code:
OTL Extras logfile created on: 20.11.2012 12:44:17 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Hagemann\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,97 Gb Total Physical Memory | 6,51 Gb Available Physical Memory | 81,64% Memory free
15,93 Gb Paging File | 14,45 Gb Available in Paging File | 90,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 49,10 Gb Free Space | 41,21% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 912,66 Gb Free Space | 97,98% Space Free | Partition Type: NTFS
Drive I: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: HAGEMANN-PC | User Name: Hagemann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01AC5E30-DAED-4329-A023-9856EAF46FD9}" = rport=137 | protocol=17 | dir=out | app=system |
"{0D826B92-0C1B-40B4-B76B-E6C5DED2D2A3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1AC58809-64AD-4F86-95FA-69671C644D05}" = rport=138 | protocol=17 | dir=out | app=system |
"{1C261AC8-AE52-4842-BC50-5FC38720E469}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{28060D3D-C7A5-4F5B-B9E5-CBFE97D3B2B6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{41B56195-28F7-4854-A8AC-DC1103603D90}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{457DC3E7-F9C3-4DCF-BF68-5F9A506A5BA1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5473ECC8-F1FB-4D53-A9C0-268BFB43F46C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{68109295-CB22-4889-87B5-FC11E76167CE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7288082E-0423-4EEE-89CD-51C927C81EF3}" = lport=445 | protocol=6 | dir=in | app=system |
"{795EF496-6D48-4DA9-932A-651EFE9432A2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8109CDF7-521C-4ABF-B81A-7D3812801402}" = lport=139 | protocol=6 | dir=in | app=system |
"{815F6C7C-E518-4EDD-8C90-D679046A72F0}" = rport=445 | protocol=6 | dir=out | app=system |
"{9B5691F5-E1AB-4E64-8B69-ED3075FBC74E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A145E050-C263-4C15-9280-AC5627AAD104}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA6528FA-E55C-4529-B49F-18BEB4FEBA1F}" = rport=139 | protocol=6 | dir=out | app=system |
"{BC7F96F9-16CC-402F-8C15-30510D3F19FF}" = lport=138 | protocol=17 | dir=in | app=system |
"{CBFC5665-EE09-4905-B224-BEAD57958338}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DA9D0921-8AEC-47CC-A2DA-B9D6AA07E8FF}" = lport=137 | protocol=17 | dir=in | app=system |
"{FB6309C2-7F8F-42AF-B56E-5871535C3F99}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC80ABEC-C19D-4443-AC85-C8FE039DC0A2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B3985D7-9827-4F09-8388-5A29CB5CC828}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{17D877A8-FC90-41A2-8667-ED43D011F80C}" = protocol=6 | dir=out | app=system |
"{3473CF7C-E652-43CB-8739-0DA6757B7101}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3E21C3E6-8D88-46A8-A033-DB94C44F17E8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{40BF2530-3EF0-4FE9-A85B-0ECC77971543}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{44F31021-C1DA-4355-B496-48280CA69891}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4F881EE8-D50A-44B9-B5D0-0408F4596FED}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{55F222F4-618F-4207-A14F-27BCA8BA4AFB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{58D5B35A-91C9-4DCA-8A2B-C9E6A329941B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5A513833-9EEF-4A17-90E1-D0CBB98C4AB5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5E1A4FC2-317E-4EAF-8D57-3979A6292C4A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{64C73237-CDF7-414C-A860-A22FC97110DB}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{758B626E-D8B2-467A-A8FB-6CBF96792583}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7A802480-B652-4824-82E7-047F31EC16AF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7FD3D271-A7F8-4E68-98A2-89B224AF5C8A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{810AB955-F317-484F-8776-BA07C1033452}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9CC53E37-5A81-4E40-9FCB-2E6AC8BA1059}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9E08BC08-F65C-4267-BA26-3DD0E07F0CAD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A703BD11-592E-4D73-BB30-97C2145D2914}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BB10A1CB-7224-4590-AECE-B2F1161007E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C20A25FC-B0F0-4385-A4CB-E0E7E0BF4C5E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C7A08FD2-74C5-4B7E-B93C-A484C87563FF}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{CEA5BBF2-2462-4261-A6DE-7CBF95911ABE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DAE29556-7362-4E25-9EAB-13AE634520CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DB5886C8-2EB5-420D-85A0-9F2DDB2B4D74}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DDD1AFEE-2B0E-486F-9496-BA27EA0CAA73}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E6E5E2C8-2E2F-44B2-9150-5C254D38F69D}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{EEA3B187-5D5F-42E9-A8E7-DDF52CD3219E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F36D0CBC-C527-4933-821F-0FD3174C336B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F51658F7-E5B9-4DB5-9690-E12AA8BEC9AB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F5AA6CEC-898B-40EA-BF58-F05B8C186699}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{FC49B618-E374-493F-8C05-03E583C01096}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0CEDEF16-BF87-4042-ACC5-BCBB03A46801}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{13EAAE74-AC52-4447-8115-E55F611F653D}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{18A5D014-E9AD-DEFE-FAFE-A409612F51B4}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{50BD00DC-127E-BF00-FDD5-E1A93AB3507C}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A44D35BC-F2DF-00E9-79BF-34967DF0E4E8}" = AMD Drag and Drop Transcoding
"{BB009B20-0BA0-ABDF-1947-4D56639214C7}" = AMD Accelerated Video Transcoding
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E85D1C80-28C4-76B8-5A5A-2C8D8B38D5D9}" = AMD Catalyst Install Manager
"{ECFFD23C-3111-4685-8118-E1F79644203F}" = HP Deskjet 1000 J110 series - Grundlegende Software für das Gerät
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"DesktopIconAmazon" = Desktop Icon für Amazon
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"{03AEAB60-A7B3-A8DB-468B-EB30FB4B40B0}" = CCC Help German
"{06A60F3C-B270-42FE-B49E-244657482573}" = MAGIX Screenshare
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{162ABED6-E60C-6CFF-100E-43C16ABBC5BE}" = CCC Help Chinese Standard
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1CB724FF-D18C-8FFB-E7C9-0A09CF8EC066}" = CCC Help Japanese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG CyberLink Media Suite
"{20C14CC3-5E3B-D39A-5B37-B15E59785063}" = CCC Help Chinese Traditional
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2632A2C0-ECF4-7F79-7136-9FEA4C253A4C}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = LG CyberLink BD Advisor
"{30F712DA-64FE-5DBE-AE76-3F8EA3F8223C}" = CCC Help French
"{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}" = TL-WN721N/TL-WN722N Driver
"{3C39B3CC-4EC8-C756-AF4B-72366504FCA5}" = CCC Help Hungarian
"{3E8A20E1-223F-11E2-9116-B8AC6F98CCE3}" = Google Earth
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG Burning Tool
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CC9D761-A9B6-D8EA-D2A9-B74B5A90B108}" = CCC Help Norwegian
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{54B227A6-BDBE-69FA-D450-B99609063044}" = CCC Help Greek
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C587778-C433-980E-F3C1-203890DC4FBE}" = CCC Help Polish
"{7DC3EABF-66A2-6D79-B485-6328525CA387}" = CCC Help Swedish
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = LG CyberLink MediaShow
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{843603C6-75B7-BAB5-80DE-E76FB28DEEF2}" = CCC Help Finnish
"{876C2B35-5C72-4E21-8BAA-67BAE24E35E2}" = MAGIX Video deluxe MX Plus Sonderedition
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8BBC66FD-0195-29B4-5A58-E0B0554E8F42}" = Catalyst Control Center
"{8D9EEAC7-42D5-3951-612A-EAA7B684C592}" = CCC Help Italian
"{9791DAED-B734-2835-988B-157BDA087496}" = CCC Help Dutch
"{98B740C3-FAA4-C523-7478-4DBCAB7B27D1}" = Catalyst Control Center Graphics Previews Common
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F0CAC6D-9B0D-A95F-CF61-6E88952D6181}" = CCC Help Thai
"{A625DB70-98D5-16FD-C49D-4B8B1B2304A4}" = CCC Help Spanish
"{A90214C3-3A0C-2F05-6083-E1A4BAD9E30D}" = CCC Help Danish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA123216-6DE0-E57C-DC57-4FECEACB482F}" = CCC Help Russian
"{AB4633CC-E18D-44E0-BFAE-A08704564FDF}" = MAGIX Speed burnR (MSI)
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"{D0837A59-83E6-3392-1BD9-86D3445676DB}" = CCC Help Korean
"{D70AB273-113B-D7DE-5C8D-82CABA7CB0AF}" = Catalyst Control Center Localization All
"{DC8772D4-C75F-5235-63E2-BBC73F909B7A}" = CCC Help Czech
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Hilfe
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = LG CyberLink PowerDVD
"{DED7FD3C-DDD2-43BB-B0F5-B07F9D0430D3}" = CCC Help Portuguese
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E157F2EB-E06F-B57F-9105-68F348DB2EAD}" = CCC Help English
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = LG CyberLink MediaEspresso
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = Babylon Chrome Toolbar
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EF036F44-A287-BC23-3F6E-AAE6FDEF47EF}" = Catalyst Control Center InstallProxy
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.81
"avast" = avast! Free Antivirus
"BabylonToolbar" = Babylon toolbar
"Free Screen To Video_is1" = Free Screen To Video V 2.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG CyberLink Media Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG Burning Tool
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = LG CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = LG CyberLink PowerDVD
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = LG CyberLink MediaEspresso
"MAGIX_{06A60F3C-B270-42FE-B49E-244657482573}" = MAGIX Screenshare
"MAGIX_{876C2B35-5C72-4E21-8BAA-67BAE24E35E2}" = MAGIX Video deluxe MX Plus Sonderedition
"MAGIX_{AB4633CC-E18D-44E0-BFAE-A08704564FDF}" = MAGIX Speed burnR (MSI)
"PokerStars.eu" = PokerStars.eu
"PokerTracker3" = PokerTracker 3 (remove only)
"Route Generator" = Route Generator
"TuneUp Utilities 2013" = TuneUp Utilities 2013
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.11.2012 03:45:40 | Computer Name = Hagemann-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 19.11.2012 07:17:53 | Computer Name = Hagemann-PC | Source = VSS | ID = 13
Description =
 
Error - 19.11.2012 07:17:53 | Computer Name = Hagemann-PC | Source = VSS | ID = 12292
Description =
 
Error - 19.11.2012 14:09:29 | Computer Name = Hagemann-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 20.11.2012 06:14:17 | Computer Name = Hagemann-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 20.11.2012 06:23:48 | Computer Name = Hagemann-PC | Source = VSS | ID = 13
Description =
 
Error - 20.11.2012 06:23:48 | Computer Name = Hagemann-PC | Source = VSS | ID = 12292
Description =
 
Error - 20.11.2012 06:23:48 | Computer Name = Hagemann-PC | Source = VSS | ID = 8193
Description =
 
Error - 20.11.2012 06:23:48 | Computer Name = Hagemann-PC | Source = System Restore | ID = 8193
Description =
 
Error - 20.11.2012 06:40:23 | Computer Name = Hagemann-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 19.11.2012 14:16:59 | Computer Name = Hagemann-PC | Source = WMPNetworkSvc | ID = 866300
Description =
 
Error - 20.11.2012 06:12:35 | Computer Name = Hagemann-PC | Source = WMPNetworkSvc | ID = 866300
Description =
 
Error - 20.11.2012 06:12:35 | Computer Name = Hagemann-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 20.11.2012 06:12:40 | Computer Name = Hagemann-PC | Source = WMPNetworkSvc | ID = 866300
Description =
 
Error - 20.11.2012 06:14:30 | Computer Name = Hagemann-PC | Source = WMPNetworkSvc | ID = 866300
Description =
 
Error - 20.11.2012 06:37:13 | Computer Name = Hagemann-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Browser Manager" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 20.11.2012 06:38:40 | Computer Name = Hagemann-PC | Source = WMPNetworkSvc | ID = 866300
Description =
 
Error - 20.11.2012 06:38:41 | Computer Name = Hagemann-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 20.11.2012 06:38:46 | Computer Name = Hagemann-PC | Source = WMPNetworkSvc | ID = 866300
Description =
 
Error - 20.11.2012 06:40:42 | Computer Name = Hagemann-PC | Source = WMPNetworkSvc | ID = 866300
Description =
 
 
< End of report >
--- --- ---

cosinus 20.11.2012 18:54
Hallo und :hallo:

Zitat:
. Da die Problemlösung recht kompliziert scheint öffne ich mal einen eigenen Beitrag damit es übersichtlich bleibt. ( Hoffe das ist zulässig?)
Hast du die ähnlichen Fälle denn richtig gelesen oder das was ich meine nicht gelesen? (also den Thread den ich meine)

Da ging es um Adressfälschung und dagagen kann man genau nichts tun außer solche Mails einfach zu ignorieren
Bei der Adressfälschung spamt irgendein Rechner der im Botnetz ist irgendwo hin und kann als Absendeadresse für seinen Werbemüll etwas (fast) x-beliebiges eintragen. So du wie einen Brief abschicken könntest und als Absender auch eine beliebe Adresse draufkritzeln kannst.

BieneTVB 20.11.2012 19:28
Danke schonmal für die schnelle Antwort.

Also ich habe diesen Threat gelesen:

http://www.trojaner-board.de/125295-...ir-web-de.html

hier wird dem user empfohlen mit mehreren Programmen dagegen vorzugehen.

Ist dies denn nicht nötig?

Habe Angst das mein e-mail Konto gehackt wurde und gefahr für meinen PC besteht bzw. andere Passwörter usw. nicht mehr sicher sind.

cosinus 20.11.2012 19:51
Dazu müsste ich erstmal die Kopfzeilen so einer Mail sehen
Die hast du nämlich nicht gepostet

BieneTVB 20.11.2012 20:03
so sehen die e-mails aus:


Zitat:
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of
its recipients. This is a permanent error. The following address
failed:

"nyo_molina@yahoo.com":
SMTP error from remote server in greeting:
host: mta5.am0.yahoodns.net:
5.7.1 [BL21] Connections will not be accepted from 82.165.159.2, because the ip is in Spamhaus's list; see hxxp://postmaster.yahoo.com/550-bl23.html


--- The header of the original message is following. ---

Received: from serversima ([95.224.62.76]) by smtp.web.de (mrweb002) with
ESMTPA (Nemesis) id 0Mb8h9-1Tphhb2pAZ-00K8nn for =?utf-8?q?<nyo=5fmolina@?=
=?utf-8?q?yahoo.com>;?= Tue, 20 Nov 2012 04:50:48 +0100
MIME-Version: 1.0
Date: Tue, 20 Nov 2012 04:50:49 +0100
X-Priority: 3 (Normal)
X-Mailer: Microsoft Office Outlook, Build 09.6.6782
Subject: Dirty Talks & Dirty Answers. Ask me now!
From: svenhagemanntvb@web.de
Reply-To: liepinsoskars@inbox.lv
To: "nyonyo24" <nyo_molina@yahoo.com>
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
Message-ID: <OUTLOOK-IDM-f5cf94b0-db8f-89cc-7839-9bd634a78396@serversima>
X-Provags-ID: V02:K0:uq2XPLeC/OVj+zQaN4ZkCbJ59WR4XWjP2IkOVnFktdk
LXRPLJHJQzZTrGEJspiYJEauJX5a9voGqQhtsbCntFL6eX8YN8
skT4EUgwI3Eb5apEyFINxvQBBwGTSizcZhL5pglIXPQ9KIhbmD
sU56ZuPylh2sjFHzxoxzqN6YH7hsHcjrgQw9UMNEX15WII2jFa
rzBQMK22uHQJy5G+Al+tQ==

cosinus 20.11.2012 20:13
Code:
Received: from serversima ([95.224.62.76]) by smtp.web.de (mrweb002) with
Edit: ich bin mir nicht ganz sicher ob das hier vollständig steht, aber 95.224.62.76 hat tatsächlich über smtp.web.de gesendet...

BieneTVB 20.11.2012 20:21
OK danke für deine Antwort.

Ich kann das also einfach ignorieren und brauch mir keine Sorgen zu machen das was ernstes passieren kann?

Würde die Mail vom Mailserver von web.de kommen hätte ich ein Problem?

Worauf muss ich achten bzw. wie erkenne ich jetzt ob das gefährlich ist oder nicht?

cosinus 20.11.2012 20:37
warte mal, ich glaub ich hab da gerade Quatsch erzählt :balla: (habs mal vorsichtshalber editiert)

Nutzt du web.de über einen Mailclient wie Outlook oder machst du es per Webmail?
Wie ist denn das Passwort zu deinem Web.de Konto gestrickt?

BieneTVB 20.11.2012 20:43
Ich nutze web.de über webmail, also über google chrome oder firefox.

Das Passwort war voher ein Wort+ 2 Ziffern, hab ich heute geändert

auf 4 Ziffern, 3 Buchstaben, 3 Ziffern.

cosinus 20.11.2012 20:48
Kannst du mir mal so eine Mail weiterleiten? Am besten die Mail die du oeben als Beispiel angegeben hast) Ich möchte sehen was in den Kopfdaten der Statusmail steht, die Kopfdaten die in der Mail stehen betreffen nur diese Spammail, leite bitte an bienetvb.20.tbcosinus@spamgourmet.com weiter

BieneTVB 20.11.2012 21:43
hab dir die e-mail weitergeleitet.

cosinus 20.11.2012 22:20
Danke, hab sie bekommen. Hat das denn schlagartig aufgehört als du das Passwort geändert hast?

BieneTVB 20.11.2012 22:22
ja bis jetzt ist keine neue gekommen.

cosinus 20.11.2012 22:25
Dann war vllt keine Adressfälschung im Spiel :( häufig ist es aber so, dass bei diesen delivery fail Mails gefälschte Adressen die Ursache sind
Hast du ein viel zu einfaches PW gehabt? Nur ein Wort plus zwei Ziffern sagtest du? Ein sehr einfaches/kurzes Wort?

BieneTVB 20.11.2012 22:31
ein Name (nicht meiner) direkt gefolgt von 3 willkürlichen Buchstaben und 2 Ziffern. Also erraten konnte man das nicht.

cosinus 20.11.2012 22:55
Irgendwie scheint die Nachricht wohl aber doch über web.de geschickt worden zu sein, irgendwie hab ich das zuerst falsch gesehen

Edit: hab mich verklickt

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

BieneTVB 20.11.2012 23:15
Code:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-20 23:05:41
-----------------------------
23:05:41.770    OS Version: Windows x64 6.1.7601 Service Pack 1
23:05:41.770    Number of processors: 4 586 0x2A07
23:05:41.770    ComputerName: HAGEMANN-PC  UserName: Hagemann
23:05:41.880    Initialize success
23:05:41.920    AVAST engine defs: 12112000
23:05:57.802    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
23:05:57.812    Disk 0 Vendor: SAMSUNG_SSD_830_Series CXM03B1Q Size: 122104MB BusType: 11
23:05:57.812    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-10
23:05:57.812    Disk 1 Vendor: Hitachi_HDS721010DLE630 MS2OA610 Size: 953869MB BusType: 11
23:05:57.812    Disk 0 MBR read successfully
23:05:57.812    Disk 0 MBR scan
23:05:57.812    Disk 0 Windows 7 default MBR code
23:05:57.822    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
23:05:57.822    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      122002 MB offset 206848
23:05:57.822    Disk 0 scanning C:\Windows\system32\drivers
23:05:58.720    Service scanning
23:06:01.190    Modules scanning
23:06:01.190    Disk 0 trace - called modules:
23:06:01.190    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll asahci64.sys
23:06:01.200    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006f08060]
23:06:01.200    3 CLASSPNP.SYS[fffff88001ba543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8006cfe060]
23:06:01.320    AVAST engine scan C:\Windows
23:06:01.510    AVAST engine scan C:\Windows\system32
23:06:19.131    AVAST engine scan C:\Windows\system32\drivers
23:06:20.271    AVAST engine scan C:\Users\Hagemann
23:06:23.691    AVAST engine scan C:\ProgramData
23:06:28.871    Scan finished successfully
23:08:47.070    Disk 0 MBR has been saved successfully to "C:\Users\Hagemann\Desktop\MBR.dat"
23:08:47.070    The log file has been saved successfully to "C:\Users\Hagemann\Desktop\aswMBR.txt"
Code:
23:09:21.0630 6020  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:09:21.0890 6020  ============================================================
23:09:21.0890 6020  Current date / time: 2012/11/20 23:09:21.0890
23:09:21.0890 6020  SystemInfo:
23:09:21.0890 6020 
23:09:21.0890 6020  OS Version: 6.1.7601 ServicePack: 1.0
23:09:21.0890 6020  Product type: Workstation
23:09:21.0890 6020  ComputerName: HAGEMANN-PC
23:09:21.0890 6020  UserName: Hagemann
23:09:21.0890 6020  Windows directory: C:\Windows
23:09:21.0890 6020  System windows directory: C:\Windows
23:09:21.0890 6020  Running under WOW64
23:09:21.0890 6020  Processor architecture: Intel x64
23:09:21.0890 6020  Number of processors: 4
23:09:21.0890 6020  Page size: 0x1000
23:09:21.0890 6020  Boot type: Normal boot
23:09:21.0890 6020  ============================================================
23:09:22.0080 6020  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:09:27.0730 6020  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:09:27.0750 6020  ============================================================
23:09:27.0750 6020  \Device\Harddisk0\DR0:
23:09:27.0750 6020  MBR partitions:
23:09:27.0750 6020  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:09:27.0750 6020  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
23:09:27.0750 6020  \Device\Harddisk1\DR1:
23:09:27.0760 6020  MBR partitions:
23:09:27.0760 6020  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
23:09:27.0760 6020  ============================================================
23:09:27.0760 6020  C: <-> \Device\Harddisk0\DR0\Partition2
23:09:27.0770 6020  D: <-> \Device\Harddisk1\DR1\Partition1
23:09:27.0770 6020  ============================================================
23:09:27.0770 6020  Initialize success
23:09:27.0770 6020  ============================================================
23:10:02.0661 6132  ============================================================
23:10:02.0661 6132  Scan started
23:10:02.0661 6132  Mode: Manual; SigCheck; TDLFS;
23:10:02.0661 6132  ============================================================
23:10:02.0771 6132  ================ Scan system memory ========================
23:10:02.0771 6132  System memory - ok
23:10:02.0771 6132  ================ Scan services =============================
23:10:02.0802 6132  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
23:10:02.0842 6132  1394ohci - ok
23:10:02.0842 6132  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:10:02.0852 6132  ACPI - ok
23:10:02.0862 6132  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
23:10:02.0872 6132  AcpiPmi - ok
23:10:02.0872 6132  [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:10:02.0882 6132  AdobeARMservice - ok
23:10:02.0902 6132  [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:10:02.0912 6132  AdobeFlashPlayerUpdateSvc - ok
23:10:02.0912 6132  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
23:10:02.0932 6132  adp94xx - ok
23:10:02.0932 6132  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\drivers\adpahci.sys
23:10:02.0942 6132  adpahci - ok
23:10:02.0952 6132  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
23:10:02.0952 6132  adpu320 - ok
23:10:02.0962 6132  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
23:10:02.0982 6132  AeLookupSvc - ok
23:10:02.0992 6132  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\Windows\system32\drivers\afd.sys
23:10:03.0002 6132  AFD - ok
23:10:03.0002 6132  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
23:10:03.0012 6132  agp440 - ok
23:10:03.0012 6132  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
23:10:03.0022 6132  ALG - ok
23:10:03.0032 6132  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:10:03.0032 6132  aliide - ok
23:10:03.0042 6132  [ 4C1E3649C89C7D542CD18ECC5210099D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:10:03.0052 6132  AMD External Events Utility - ok
23:10:03.0052 6132  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
23:10:03.0062 6132  amdide - ok
23:10:03.0062 6132  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
23:10:03.0072 6132  AmdK8 - ok
23:10:03.0142 6132  [ A3C0A15B39F979E8F3EABA901D72ECD7 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
23:10:03.0252 6132  amdkmdag - ok
23:10:03.0252 6132  [ 20F3CD38B107C1BD747C0EA37D450165 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
23:10:03.0272 6132  amdkmdap - ok
23:10:03.0272 6132  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
23:10:03.0282 6132  AmdPPM - ok
23:10:03.0282 6132  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
23:10:03.0292 6132  amdsata - ok
23:10:03.0292 6132  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
23:10:03.0302 6132  amdsbs - ok
23:10:03.0302 6132  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
23:10:03.0312 6132  amdxata - ok
23:10:03.0312 6132  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\Windows\system32\drivers\appid.sys
23:10:03.0332 6132  AppID - ok
23:10:03.0342 6132  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:10:03.0362 6132  AppIDSvc - ok
23:10:03.0362 6132  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo        C:\Windows\System32\appinfo.dll
23:10:03.0382 6132  Appinfo - ok
23:10:03.0392 6132  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:10:03.0392 6132  Apple Mobile Device - ok
23:10:03.0402 6132  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\drivers\arc.sys
23:10:03.0402 6132  arc - ok
23:10:03.0412 6132  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
23:10:03.0412 6132  arcsas - ok
23:10:03.0422 6132  [ D7989234601A2DE9A1801F4ED9533B6E ] asahci64        C:\Windows\system32\DRIVERS\asahci64.sys
23:10:03.0432 6132  asahci64 - ok
23:10:03.0432 6132  [ 22842362DF890F5492F85AA60916A697 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
23:10:03.0442 6132  asmthub3 - ok
23:10:03.0452 6132  [ 08E2D77766CC05E75A0707207D9FC684 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
23:10:03.0462 6132  asmtxhci - ok
23:10:03.0462 6132  [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
23:10:03.0472 6132  aswFsBlk - ok
23:10:03.0472 6132  [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt      C:\Windows\system32\drivers\aswMonFlt.sys
23:10:03.0482 6132  aswMonFlt - ok
23:10:03.0482 6132  [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
23:10:03.0492 6132  aswRdr - ok
23:10:03.0502 6132  [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
23:10:03.0512 6132  aswSnx - ok
23:10:03.0522 6132  [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP          C:\Windows\system32\drivers\aswSP.sys
23:10:03.0532 6132  aswSP - ok
23:10:03.0532 6132  [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
23:10:03.0542 6132  aswTdi - ok
23:10:03.0542 6132  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:10:03.0562 6132  AsyncMac - ok
23:10:03.0562 6132  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\drivers\atapi.sys
23:10:03.0572 6132  atapi - ok
23:10:03.0592 6132  [ EA0AF9B866DF07E8FE6C2342585788B0 ] athur          C:\Windows\system32\DRIVERS\athurx.sys
23:10:03.0612 6132  athur - ok
23:10:03.0612 6132  [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
23:10:03.0622 6132  AtiHDAudioService - ok
23:10:03.0632 6132  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:10:03.0662 6132  AudioEndpointBuilder - ok
23:10:03.0662 6132  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
23:10:03.0692 6132  AudioSrv - ok
23:10:03.0692 6132  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
23:10:03.0702 6132  avast! Antivirus - ok
23:10:03.0702 6132  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:10:03.0722 6132  AxInstSV - ok
23:10:03.0722 6132  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\drivers\bxvbda.sys
23:10:03.0732 6132  b06bdrv - ok
23:10:03.0742 6132  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
23:10:03.0752 6132  b57nd60a - ok
23:10:03.0752 6132  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:10:03.0762 6132  BDESVC - ok
23:10:03.0762 6132  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:10:03.0792 6132  Beep - ok
23:10:03.0792 6132  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\Windows\System32\bfe.dll
23:10:03.0822 6132  BFE - ok
23:10:03.0832 6132  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
23:10:03.0862 6132  BITS - ok
23:10:03.0872 6132  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:10:03.0872 6132  blbdrive - ok
23:10:03.0882 6132  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:10:03.0892 6132  Bonjour Service - ok
23:10:03.0892 6132  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:10:03.0902 6132  bowser - ok
23:10:03.0902 6132  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
23:10:03.0912 6132  BrFiltLo - ok
23:10:03.0922 6132  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
23:10:03.0932 6132  BrFiltUp - ok
23:10:03.0932 6132  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\Windows\System32\browser.dll
23:10:03.0942 6132  Browser - ok
23:10:03.0942 6132  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
23:10:03.0952 6132  Brserid - ok
23:10:03.0962 6132  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:10:03.0972 6132  BrSerWdm - ok
23:10:03.0972 6132  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:10:03.0982 6132  BrUsbMdm - ok
23:10:03.0982 6132  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:10:03.0992 6132  BrUsbSer - ok
23:10:03.0992 6132  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
23:10:04.0002 6132  BTHMODEM - ok
23:10:04.0002 6132  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
23:10:04.0032 6132  bthserv - ok
23:10:04.0032 6132  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:10:04.0052 6132  cdfs - ok
23:10:04.0062 6132  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
23:10:04.0072 6132  cdrom - ok
23:10:04.0072 6132  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\Windows\System32\certprop.dll
23:10:04.0092 6132  CertPropSvc - ok
23:10:04.0092 6132  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
23:10:04.0102 6132  circlass - ok
23:10:04.0112 6132  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
23:10:04.0122 6132  CLFS - ok
23:10:04.0132 6132  [ 524DC3807CB1746225F9D26ADD19C319 ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
23:10:04.0142 6132  CLKMSVC10_38F51D56 - ok
23:10:04.0152 6132  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:10:04.0152 6132  clr_optimization_v2.0.50727_32 - ok
23:10:04.0162 6132  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:10:04.0172 6132  clr_optimization_v2.0.50727_64 - ok
23:10:04.0182 6132  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:10:04.0182 6132  clr_optimization_v4.0.30319_32 - ok
23:10:04.0192 6132  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:10:04.0202 6132  clr_optimization_v4.0.30319_64 - ok
23:10:04.0202 6132  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
23:10:04.0212 6132  CmBatt - ok
23:10:04.0212 6132  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:10:04.0222 6132  cmdide - ok
23:10:04.0222 6132  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG            C:\Windows\system32\Drivers\cng.sys
23:10:04.0242 6132  CNG - ok
23:10:04.0242 6132  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
23:10:04.0252 6132  Compbatt - ok
23:10:04.0252 6132  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
23:10:04.0262 6132  CompositeBus - ok
23:10:04.0272 6132  COMSysApp - ok
23:10:04.0272 6132  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
23:10:04.0282 6132  crcdisk - ok
23:10:04.0282 6132  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:10:04.0292 6132  CryptSvc - ok
23:10:04.0302 6132  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:10:04.0332 6132  DcomLaunch - ok
23:10:04.0332 6132  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
23:10:04.0362 6132  defragsvc - ok
23:10:04.0362 6132  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:10:04.0382 6132  DfsC - ok
23:10:04.0392 6132  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:10:04.0402 6132  Dhcp - ok
23:10:04.0402 6132  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
23:10:04.0422 6132  discache - ok
23:10:04.0432 6132  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
23:10:04.0432 6132  Disk - ok
23:10:04.0442 6132  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:10:04.0452 6132  Dnscache - ok
23:10:04.0452 6132  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\Windows\System32\dot3svc.dll
23:10:04.0482 6132  dot3svc - ok
23:10:04.0482 6132  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\Windows\system32\dps.dll
23:10:04.0502 6132  DPS - ok
23:10:04.0512 6132  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
23:10:04.0522 6132  drmkaud - ok
23:10:04.0532 6132  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
23:10:04.0542 6132  DXGKrnl - ok
23:10:04.0542 6132  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
23:10:04.0572 6132  EapHost - ok
23:10:04.0592 6132  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\drivers\evbda.sys
23:10:04.0632 6132  ebdrv - ok
23:10:04.0632 6132  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\Windows\System32\lsass.exe
23:10:04.0642 6132  EFS - ok
23:10:04.0652 6132  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
23:10:04.0672 6132  ehRecvr - ok
23:10:04.0672 6132  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\Windows\ehome\ehsched.exe
23:10:04.0682 6132  ehSched - ok
23:10:04.0692 6132  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\drivers\elxstor.sys
23:10:04.0692 6132  elxstor - ok
23:10:04.0692 6132  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:10:04.0708 6132  ErrDev - ok
23:10:04.0708 6132  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
23:10:04.0739 6132  EventSystem - ok
23:10:04.0739 6132  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
23:10:04.0770 6132  exfat - ok
23:10:04.0770 6132  Fabs - ok
23:10:04.0770 6132  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
23:10:04.0801 6132  fastfat - ok
23:10:04.0801 6132  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\Windows\system32\fxssvc.exe
23:10:04.0817 6132  Fax - ok
23:10:04.0817 6132  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\drivers\fdc.sys
23:10:04.0832 6132  fdc - ok
23:10:04.0832 6132  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
23:10:04.0864 6132  fdPHost - ok
23:10:04.0864 6132  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:10:04.0879 6132  FDResPub - ok
23:10:04.0879 6132  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:10:04.0895 6132  FileInfo - ok
23:10:04.0895 6132  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
23:10:04.0926 6132  Filetrace - ok
23:10:04.0942 6132  [ 5BD96D8C5411ACE71A7EAACAF0EF2903 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
23:10:04.0972 6132  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
23:10:04.0972 6132  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
23:10:04.0972 6132  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
23:10:04.0982 6132  flpydisk - ok
23:10:04.0992 6132  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:10:05.0002 6132  FltMgr - ok
23:10:05.0012 6132  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache      C:\Windows\system32\FntCache.dll
23:10:05.0022 6132  FontCache - ok
23:10:05.0032 6132  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:10:05.0032 6132  FontCache3.0.0.0 - ok
23:10:05.0032 6132  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
23:10:05.0042 6132  FsDepends - ok
23:10:05.0042 6132  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:10:05.0052 6132  Fs_Rec - ok
23:10:05.0052 6132  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:10:05.0062 6132  fvevol - ok
23:10:05.0072 6132  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
23:10:05.0072 6132  gagp30kx - ok
23:10:05.0082 6132  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:10:05.0082 6132  GEARAspiWDM - ok
23:10:05.0092 6132  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\Windows\System32\gpsvc.dll
23:10:05.0122 6132  gpsvc - ok
23:10:05.0122 6132  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:10:05.0132 6132  gupdate - ok
23:10:05.0132 6132  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:10:05.0142 6132  gupdatem - ok
23:10:05.0142 6132  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:10:05.0152 6132  hcw85cir - ok
23:10:05.0152 6132  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:10:05.0172 6132  HdAudAddService - ok
23:10:05.0172 6132  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:10:05.0182 6132  HDAudBus - ok
23:10:05.0182 6132  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\drivers\HidBatt.sys
23:10:05.0192 6132  HidBatt - ok
23:10:05.0192 6132  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
23:10:05.0202 6132  HidBth - ok
23:10:05.0212 6132  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\drivers\hidir.sys
23:10:05.0222 6132  HidIr - ok
23:10:05.0222 6132  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\system32\hidserv.dll
23:10:05.0242 6132  hidserv - ok
23:10:05.0242 6132  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:10:05.0252 6132  HidUsb - ok
23:10:05.0252 6132  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:10:05.0282 6132  hkmsvc - ok
23:10:05.0282 6132  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:10:05.0292 6132  HomeGroupListener - ok
23:10:05.0302 6132  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:10:05.0312 6132  HomeGroupProvider - ok
23:10:05.0312 6132  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:10:05.0322 6132  HpSAMD - ok
23:10:05.0332 6132  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:10:05.0362 6132  HTTP - ok
23:10:05.0362 6132  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:10:05.0362 6132  hwpolicy - ok
23:10:05.0372 6132  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:10:05.0382 6132  i8042prt - ok
23:10:05.0382 6132  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
23:10:05.0392 6132  iaStorV - ok
23:10:05.0402 6132  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:10:05.0422 6132  idsvc - ok
23:10:05.0422 6132  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
23:10:05.0432 6132  iirsp - ok
23:10:05.0442 6132  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
23:10:05.0472 6132  IKEEXT - ok
23:10:05.0502 6132  [ 150AC23F21DBDBF8488408BA944B0D65 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:10:05.0552 6132  IntcAzAudAddService - ok
23:10:05.0562 6132  [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
23:10:05.0572 6132  Intel(R) Capability Licensing Service Interface - ok
23:10:05.0572 6132  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
23:10:05.0582 6132  intelide - ok
23:10:05.0582 6132  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:10:05.0592 6132  intelppm - ok
23:10:05.0592 6132  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
23:10:05.0622 6132  IPBusEnum - ok
23:10:05.0622 6132  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:10:05.0642 6132  IpFilterDriver - ok
23:10:05.0652 6132  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:10:05.0662 6132  iphlpsvc - ok
23:10:05.0672 6132  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
23:10:05.0672 6132  IPMIDRV - ok
23:10:05.0682 6132  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
23:10:05.0702 6132  IPNAT - ok
23:10:05.0712 6132  [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:10:05.0732 6132  iPod Service - ok
23:10:05.0732 6132  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:10:05.0742 6132  IRENUM - ok
23:10:05.0742 6132  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:10:05.0752 6132  isapnp - ok
23:10:05.0752 6132  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23:10:05.0762 6132  iScsiPrt - ok
23:10:05.0772 6132  [ C44B44E24B929631D9D7368F5B2B40CF ] jhi_service    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
23:10:05.0782 6132  jhi_service - ok
23:10:05.0782 6132  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:10:05.0792 6132  kbdclass - ok
23:10:05.0792 6132  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:10:05.0802 6132  kbdhid - ok
23:10:05.0802 6132  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
23:10:05.0812 6132  KeyIso - ok
23:10:05.0812 6132  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:10:05.0822 6132  KSecDD - ok
23:10:05.0822 6132  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
23:10:05.0832 6132  KSecPkg - ok
23:10:05.0832 6132  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
23:10:05.0852 6132  ksthunk - ok
23:10:05.0862 6132  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
23:10:05.0882 6132  KtmRm - ok
23:10:05.0892 6132  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:10:05.0912 6132  LanmanServer - ok
23:10:05.0922 6132  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:10:05.0942 6132  LanmanWorkstation - ok
23:10:05.0952 6132  [ C34411A244029F1C08687F7C752C4563 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
23:10:05.0952 6132  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
23:10:05.0952 6132  LightScribeService - detected UnsignedFile.Multi.Generic (1)
23:10:05.0952 6132  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:10:05.0972 6132  lltdio - ok
23:10:05.0982 6132  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
23:10:06.0002 6132  lltdsvc - ok
23:10:06.0012 6132  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
23:10:06.0032 6132  lmhosts - ok
23:10:06.0042 6132  [ 75F29D77B0540FCF47EE3BE000BBABDA ] LMS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:10:06.0042 6132  LMS - ok
23:10:06.0052 6132  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
23:10:06.0062 6132  LSI_FC - ok
23:10:06.0062 6132  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
23:10:06.0072 6132  LSI_SAS - ok
23:10:06.0072 6132  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
23:10:06.0082 6132  LSI_SAS2 - ok
23:10:06.0082 6132  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
23:10:06.0092 6132  LSI_SCSI - ok
23:10:06.0092 6132  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
23:10:06.0112 6132  luafv - ok
23:10:06.0122 6132  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
23:10:06.0132 6132  Mcx2Svc - ok
23:10:06.0132 6132  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\drivers\megasas.sys
23:10:06.0142 6132  megasas - ok
23:10:06.0142 6132  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
23:10:06.0152 6132  MegaSR - ok
23:10:06.0152 6132  [ 6B01B7414A105B9E51652089A03027CF ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
23:10:06.0162 6132  MEIx64 - ok
23:10:06.0162 6132  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
23:10:06.0192 6132  MMCSS - ok
23:10:06.0192 6132  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
23:10:06.0212 6132  Modem - ok
23:10:06.0212 6132  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
23:10:06.0222 6132  monitor - ok
23:10:06.0222 6132  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:10:06.0232 6132  mouclass - ok
23:10:06.0232 6132  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:10:06.0242 6132  mouhid - ok
23:10:06.0252 6132  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:10:06.0252 6132  mountmgr - ok
23:10:06.0262 6132  [ 313265CF4F5F02ED927774DA1DB3FE00 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:10:06.0262 6132  MozillaMaintenance - ok
23:10:06.0272 6132  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:10:06.0272 6132  mpio - ok
23:10:06.0282 6132  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:10:06.0302 6132  mpsdrv - ok
23:10:06.0312 6132  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:10:06.0342 6132  MpsSvc - ok
23:10:06.0342 6132  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:10:06.0352 6132  MRxDAV - ok
23:10:06.0362 6132  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:10:06.0372 6132  mrxsmb - ok
23:10:06.0372 6132  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:10:06.0382 6132  mrxsmb10 - ok
23:10:06.0382 6132  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:10:06.0392 6132  mrxsmb20 - ok
23:10:06.0392 6132  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
23:10:06.0402 6132  msahci - ok
23:10:06.0402 6132  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
23:10:06.0412 6132  msdsm - ok
23:10:06.0422 6132  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
23:10:06.0432 6132  MSDTC - ok
23:10:06.0432 6132  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:10:06.0452 6132  Msfs - ok
23:10:06.0462 6132  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
23:10:06.0482 6132  mshidkmdf - ok
23:10:06.0482 6132  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:10:06.0492 6132  msisadrv - ok
23:10:06.0492 6132  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
23:10:06.0512 6132  MSiSCSI - ok
23:10:06.0522 6132  msiserver - ok
23:10:06.0522 6132  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
23:10:06.0542 6132  MSKSSRV - ok
23:10:06.0542 6132  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:10:06.0562 6132  MSPCLOCK - ok
23:10:06.0572 6132  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
23:10:06.0592 6132  MSPQM - ok
23:10:06.0592 6132  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
23:10:06.0602 6132  MsRPC - ok
23:10:06.0612 6132  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
23:10:06.0612 6132  mssmbios - ok
23:10:06.0622 6132  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
23:10:06.0642 6132  MSTEE - ok
23:10:06.0642 6132  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
23:10:06.0652 6132  MTConfig - ok
23:10:06.0652 6132  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
23:10:06.0662 6132  Mup - ok
23:10:06.0662 6132  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
23:10:06.0692 6132  napagent - ok
23:10:06.0702 6132  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
23:10:06.0712 6132  NativeWifiP - ok
23:10:06.0722 6132  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:10:06.0742 6132  NDIS - ok
23:10:06.0742 6132  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
23:10:06.0762 6132  NdisCap - ok
23:10:06.0772 6132  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:10:06.0792 6132  NdisTapi - ok
23:10:06.0792 6132  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
23:10:06.0812 6132  Ndisuio - ok
23:10:06.0822 6132  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
23:10:06.0842 6132  NdisWan - ok
23:10:06.0842 6132  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
23:10:06.0862 6132  NDProxy - ok
23:10:06.0862 6132  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
23:10:06.0892 6132  NetBIOS - ok
23:10:06.0892 6132  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
23:10:06.0912 6132  NetBT - ok
23:10:06.0922 6132  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
23:10:06.0922 6132  Netlogon - ok
23:10:06.0932 6132  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
23:10:06.0962 6132  Netman - ok
23:10:06.0962 6132  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
23:10:06.0987 6132  netprofm - ok
23:10:06.0987 6132  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:10:07.0003 6132  NetTcpPortSharing - ok
23:10:07.0003 6132  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
23:10:07.0003 6132  nfrd960 - ok
23:10:07.0018 6132  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:10:07.0018 6132  NlaSvc - ok
23:10:07.0018 6132  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:10:07.0050 6132  Npfs - ok
23:10:07.0050 6132  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
23:10:07.0081 6132  nsi - ok
23:10:07.0081 6132  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:10:07.0096 6132  nsiproxy - ok
23:10:07.0112 6132  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:10:07.0143 6132  Ntfs - ok
23:10:07.0143 6132  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
23:10:07.0159 6132  Null - ok
23:10:07.0174 6132  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:10:07.0174 6132  nvraid - ok
23:10:07.0174 6132  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:10:07.0190 6132  nvstor - ok
23:10:07.0190 6132  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:10:07.0200 6132  nv_agp - ok
23:10:07.0200 6132  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:10:07.0210 6132  ohci1394 - ok
23:10:07.0220 6132  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:10:07.0230 6132  p2pimsvc - ok
23:10:07.0230 6132  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:10:07.0250 6132  p2psvc - ok
23:10:07.0250 6132  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
23:10:07.0260 6132  Parport - ok
23:10:07.0260 6132  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
23:10:07.0270 6132  partmgr - ok
23:10:07.0270 6132  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:10:07.0290 6132  PcaSvc - ok
23:10:07.0290 6132  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\Windows\system32\drivers\pci.sys
23:10:07.0300 6132  pci - ok
23:10:07.0300 6132  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
23:10:07.0310 6132  pciide - ok
23:10:07.0310 6132  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
23:10:07.0320 6132  pcmcia - ok
23:10:07.0320 6132  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
23:10:07.0330 6132  pcw - ok
23:10:07.0340 6132  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:10:07.0360 6132  PEAUTH - ok
23:10:07.0380 6132  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
23:10:07.0390 6132  PerfHost - ok
23:10:07.0400 6132  [ ACC93675D78D1C07DAD09D7837F2397A ] pgsql-8.3      C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
23:10:07.0400 6132  pgsql-8.3 ( UnsignedFile.Multi.Generic ) - warning
23:10:07.0400 6132  pgsql-8.3 - detected UnsignedFile.Multi.Generic (1)
23:10:07.0420 6132  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\Windows\system32\pla.dll
23:10:07.0450 6132  pla - ok
23:10:07.0460 6132  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:10:07.0470 6132  PlugPlay - ok
23:10:07.0470 6132  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
23:10:07.0480 6132  PNRPAutoReg - ok
23:10:07.0490 6132  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
23:10:07.0500 6132  PNRPsvc - ok
23:10:07.0500 6132  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
23:10:07.0530 6132  PolicyAgent - ok
23:10:07.0530 6132  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
23:10:07.0560 6132  Power - ok
23:10:07.0560 6132  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:10:07.0580 6132  PptpMiniport - ok
23:10:07.0590 6132  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\drivers\processr.sys
23:10:07.0600 6132  Processor - ok
23:10:07.0600 6132  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc        C:\Windows\system32\profsvc.dll
23:10:07.0610 6132  ProfSvc - ok
23:10:07.0610 6132  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:10:07.0620 6132  ProtectedStorage - ok
23:10:07.0620 6132  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:10:07.0650 6132  Psched - ok
23:10:07.0660 6132  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
23:10:07.0680 6132  ql2300 - ok
23:10:07.0690 6132  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
23:10:07.0700 6132  ql40xx - ok
23:10:07.0700 6132  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
23:10:07.0710 6132  QWAVE - ok
23:10:07.0720 6132  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:10:07.0730 6132  QWAVEdrv - ok
23:10:07.0730 6132  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:10:07.0750 6132  RasAcd - ok
23:10:07.0760 6132  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
23:10:07.0780 6132  RasAgileVpn - ok
23:10:07.0780 6132  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
23:10:07.0810 6132  RasAuto - ok
23:10:07.0810 6132  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
23:10:07.0830 6132  Rasl2tp - ok
23:10:07.0840 6132  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
23:10:07.0860 6132  RasMan - ok
23:10:07.0860 6132  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:10:07.0890 6132  RasPppoe - ok
23:10:07.0890 6132  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
23:10:07.0910 6132  RasSstp - ok
23:10:07.0920 6132  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
23:10:07.0940 6132  rdbss - ok
23:10:07.0940 6132  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
23:10:07.0950 6132  rdpbus - ok
23:10:07.0960 6132  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:10:07.0980 6132  RDPCDD - ok
23:10:07.0980 6132  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:10:08.0000 6132  RDPENCDD - ok
23:10:08.0010 6132  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:10:08.0030 6132  RDPREFMP - ok
23:10:08.0030 6132  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
23:10:08.0040 6132  RDPWD - ok
23:10:08.0040 6132  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:10:08.0050 6132  rdyboost - ok
23:10:08.0060 6132  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:10:08.0080 6132  RemoteAccess - ok
23:10:08.0080 6132  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:10:08.0110 6132  RemoteRegistry - ok
23:10:08.0110 6132  [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo      C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
23:10:08.0120 6132  RichVideo ( UnsignedFile.Multi.Generic ) - warning
23:10:08.0120 6132  RichVideo - detected UnsignedFile.Multi.Generic (1)
23:10:08.0120 6132  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:10:08.0150 6132  RpcEptMapper - ok
23:10:08.0150 6132  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
23:10:08.0160 6132  RpcLocator - ok
23:10:08.0160 6132  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\Windows\system32\rpcss.dll
23:10:08.0190 6132  RpcSs - ok
23:10:08.0190 6132  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:10:08.0210 6132  rspndr - ok
23:10:08.0220 6132  [ 8181B5E7BFC040E0B26349C73E719335 ] RTL8167        C:\Windows\system32\DRIVERS\Rt64win7.sys
23:10:08.0240 6132  RTL8167 - ok
23:10:08.0240 6132  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\Windows\system32\lsass.exe
23:10:08.0250 6132  SamSs - ok
23:10:08.0250 6132  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:10:08.0260 6132  sbp2port - ok
23:10:08.0260 6132  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:10:08.0280 6132  SCardSvr - ok
23:10:08.0290 6132  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:10:08.0310 6132  scfilter - ok
23:10:08.0320 6132  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
23:10:08.0350 6132  Schedule - ok
23:10:08.0360 6132  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\Windows\System32\certprop.dll
23:10:08.0380 6132  SCPolicySvc - ok
23:10:08.0380 6132  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:10:08.0390 6132  SDRSVC - ok
23:10:08.0390 6132  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:10:08.0420 6132  secdrv - ok
23:10:08.0420 6132  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
23:10:08.0440 6132  seclogon - ok
23:10:08.0440 6132  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
23:10:08.0470 6132  SENS - ok
23:10:08.0470 6132  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:10:08.0480 6132  SensrSvc - ok
23:10:08.0480 6132  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
23:10:08.0490 6132  Serenum - ok
23:10:08.0490 6132  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:10:08.0500 6132  Serial - ok
23:10:08.0510 6132  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
23:10:08.0510 6132  sermouse - ok
23:10:08.0520 6132  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:10:08.0540 6132  SessionEnv - ok
23:10:08.0550 6132  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
23:10:08.0560 6132  sffdisk - ok
23:10:08.0560 6132  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:10:08.0570 6132  sffp_mmc - ok
23:10:08.0570 6132  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
23:10:08.0580 6132  sffp_sd - ok
23:10:08.0580 6132  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
23:10:08.0590 6132  sfloppy - ok
23:10:08.0590 6132  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:10:08.0620 6132  SharedAccess - ok
23:10:08.0630 6132  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:10:08.0650 6132  ShellHWDetection - ok
23:10:08.0650 6132  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
23:10:08.0660 6132  SiSRaid2 - ok
23:10:08.0660 6132  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
23:10:08.0670 6132  SiSRaid4 - ok
23:10:08.0680 6132  [ B866E8C5ED1DCBEA72285BA4107892C2 ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
23:10:08.0680 6132  SkypeUpdate - ok
23:10:08.0690 6132  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
23:10:08.0710 6132  Smb - ok
23:10:08.0710 6132  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:10:08.0720 6132  SNMPTRAP - ok
23:10:08.0720 6132  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
23:10:08.0730 6132  spldr - ok
23:10:08.0740 6132  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler        C:\Windows\System32\spoolsv.exe
23:10:08.0750 6132  Spooler - ok
23:10:08.0780 6132  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
23:10:08.0830 6132  sppsvc - ok
23:10:08.0840 6132  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
23:10:08.0860 6132  sppuinotify - ok
23:10:08.0870 6132  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\Windows\system32\DRIVERS\srv.sys
23:10:08.0880 6132  srv - ok
23:10:08.0880 6132  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:10:08.0890 6132  srv2 - ok
23:10:08.0900 6132  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:10:08.0910 6132  srvnet - ok
23:10:08.0910 6132  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
23:10:08.0940 6132  SSDPSRV - ok
23:10:08.0940 6132  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
23:10:08.0960 6132  SstpSvc - ok
23:10:08.0970 6132  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
23:10:08.0970 6132  stexstor - ok
23:10:08.0980 6132  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
23:10:09.0000 6132  stisvc - ok
23:10:09.0000 6132  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
23:10:09.0010 6132  swenum - ok
23:10:09.0010 6132  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
23:10:09.0040 6132  swprv - ok
23:10:09.0060 6132  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\Windows\system32\sysmain.dll
23:10:09.0080 6132  SysMain - ok
23:10:09.0090 6132  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:10:09.0100 6132  TabletInputService - ok
23:10:09.0110 6132  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\Windows\System32\tapisrv.dll
23:10:09.0130 6132  TapiSrv - ok
23:10:09.0130 6132  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
23:10:09.0160 6132  TBS - ok
23:10:09.0170 6132  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
23:10:09.0200 6132  Tcpip - ok
23:10:09.0220 6132  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:10:09.0240 6132  TCPIP6 - ok
23:10:09.0250 6132  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:10:09.0260 6132  tcpipreg - ok
23:10:09.0260 6132  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:10:09.0270 6132  TDPIPE - ok
23:10:09.0270 6132  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
23:10:09.0280 6132  TDTCP - ok
23:10:09.0280 6132  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
23:10:09.0300 6132  tdx - ok
23:10:09.0300 6132  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
23:10:09.0310 6132  TermDD - ok
23:10:09.0320 6132  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\Windows\System32\termsrv.dll
23:10:09.0350 6132  TermService - ok
23:10:09.0350 6132  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
23:10:09.0360 6132  Themes - ok
23:10:09.0370 6132  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
23:10:09.0390 6132  THREADORDER - ok
23:10:09.0390 6132  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
23:10:09.0420 6132  TrkWks - ok
23:10:09.0420 6132  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:10:09.0440 6132  TrustedInstaller - ok
23:10:09.0450 6132  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:10:09.0470 6132  tssecsrv - ok
23:10:09.0470 6132  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:10:09.0480 6132  TsUsbFlt - ok
23:10:09.0480 6132  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD        C:\Windows\system32\drivers\TsUsbGD.sys
23:10:09.0490 6132  TsUsbGD - ok
23:10:09.0510 6132  [ 25E302D93CBDFA1D1269FE3C41B94390 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
23:10:09.0540 6132  TuneUp.UtilitiesSvc - ok
23:10:09.0540 6132  [ 7BC3381C0713F613B31ACDE38B71CB53 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
23:10:09.0550 6132  TuneUpUtilitiesDrv - ok
23:10:09.0550 6132  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:10:09.0580 6132  tunnel - ok
23:10:09.0580 6132  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
23:10:09.0580 6132  uagp35 - ok
23:10:09.0590 6132  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:10:09.0610 6132  udfs - ok
23:10:09.0620 6132  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
23:10:09.0630 6132  UI0Detect - ok
23:10:09.0630 6132  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:10:09.0640 6132  uliagpkx - ok
23:10:09.0640 6132  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
23:10:09.0650 6132  umbus - ok
23:10:09.0650 6132  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
23:10:09.0660 6132  UmPass - ok
23:10:09.0670 6132  [ 193AD338F2A64D17300AD640ADFA5D0A ] UNS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:10:09.0680 6132  UNS - ok
23:10:09.0680 6132  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
23:10:09.0710 6132  upnphost - ok
23:10:09.0710 6132  [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64      C:\Windows\system32\Drivers\usbaapl64.sys
23:10:09.0720 6132  USBAAPL64 - ok
23:10:09.0720 6132  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
23:10:09.0730 6132  usbccgp - ok
23:10:09.0730 6132  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:10:09.0740 6132  usbcir - ok
23:10:09.0750 6132  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci        C:\Windows\system32\drivers\usbehci.sys
23:10:09.0750 6132  usbehci - ok
23:10:09.0760 6132  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:10:09.0770 6132  usbhub - ok
23:10:09.0770 6132  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci        C:\Windows\system32\drivers\usbohci.sys
23:10:09.0780 6132  usbohci - ok
23:10:09.0780 6132  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:10:09.0790 6132  usbprint - ok
23:10:09.0800 6132  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
23:10:09.0810 6132  usbscan - ok
23:10:09.0810 6132  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:10:09.0820 6132  USBSTOR - ok
23:10:09.0820 6132  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
23:10:09.0830 6132  usbuhci - ok
23:10:09.0830 6132  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
23:10:09.0850 6132  UxSms - ok
23:10:09.0860 6132  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
23:10:09.0860 6132  VaultSvc - ok
23:10:09.0870 6132  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:10:09.0870 6132  vdrvroot - ok
23:10:09.0880 6132  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\Windows\System32\vds.exe
23:10:09.0910 6132  vds - ok
23:10:09.0910 6132  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
23:10:09.0920 6132  vga - ok
23:10:09.0920 6132  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
23:10:09.0950 6132  VgaSave - ok
23:10:09.0950 6132  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
23:10:09.0960 6132  vhdmp - ok
23:10:09.0960 6132  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
23:10:09.0970 6132  viaide - ok
23:10:09.0970 6132  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:10:09.0980 6132  volmgr - ok
23:10:09.0980 6132  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
23:10:09.0990 6132  volmgrx - ok
23:10:10.0000 6132  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap        C:\Windows\system32\drivers\volsnap.sys
23:10:10.0010 6132  volsnap - ok
23:10:10.0010 6132  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
23:10:10.0020 6132  vsmraid - ok
23:10:10.0030 6132  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\Windows\system32\vssvc.exe
23:10:10.0070 6132  VSS - ok
23:10:10.0070 6132  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
23:10:10.0080 6132  vwifibus - ok
23:10:10.0090 6132  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
23:10:10.0100 6132  vwififlt - ok
23:10:10.0100 6132  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
23:10:10.0130 6132  W32Time - ok
23:10:10.0130 6132  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
23:10:10.0140 6132  WacomPen - ok
23:10:10.0150 6132  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:10:10.0170 6132  WANARP - ok
23:10:10.0170 6132  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:10:10.0190 6132  Wanarpv6 - ok
23:10:10.0210 6132  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
23:10:10.0230 6132  wbengine - ok
23:10:10.0230 6132  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:10:10.0250 6132  WbioSrvc - ok
23:10:10.0250 6132  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\Windows\System32\wcncsvc.dll
23:10:10.0270 6132  wcncsvc - ok
23:10:10.0270 6132  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:10:10.0280 6132  WcsPlugInService - ok
23:10:10.0280 6132  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
23:10:10.0290 6132  Wd - ok
23:10:10.0300 6132  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:10:10.0310 6132  Wdf01000 - ok
23:10:10.0320 6132  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:10:10.0330 6132  WdiServiceHost - ok
23:10:10.0330 6132  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
23:10:10.0350 6132  WdiSystemHost - ok
23:10:10.0350 6132  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\Windows\System32\webclnt.dll
23:10:10.0370 6132  WebClient - ok
23:10:10.0370 6132  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:10:10.0400 6132  Wecsvc - ok
23:10:10.0400 6132  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
23:10:10.0420 6132  wercplsupport - ok
23:10:10.0430 6132  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:10:10.0450 6132  WerSvc - ok
23:10:10.0450 6132  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:10:10.0480 6132  WfpLwf - ok
23:10:10.0480 6132  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:10:10.0480 6132  WIMMount - ok
23:10:10.0490 6132  WinDefend - ok
23:10:10.0490 6132  WinHttpAutoProxySvc - ok
23:10:10.0500 6132  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
23:10:10.0520 6132  Winmgmt - ok
23:10:10.0540 6132  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\Windows\system32\WsmSvc.dll
23:10:10.0580 6132  WinRM - ok
23:10:10.0580 6132  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
23:10:10.0590 6132  WinUsb - ok
23:10:10.0600 6132  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
23:10:10.0630 6132  Wlansvc - ok
23:10:10.0650 6132  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:10:10.0680 6132  wlidsvc - ok
23:10:10.0680 6132  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
23:10:10.0690 6132  WmiAcpi - ok
23:10:10.0690 6132  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:10:10.0710 6132  wmiApSrv - ok
23:10:10.0710 6132  WMPNetworkSvc - ok
23:10:10.0710 6132  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:10:10.0720 6132  WPCSvc - ok
23:10:10.0720 6132  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:10:10.0730 6132  WPDBusEnum - ok
23:10:10.0740 6132  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
23:10:10.0760 6132  ws2ifsl - ok
23:10:10.0760 6132  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
23:10:10.0780 6132  wscsvc - ok
23:10:10.0780 6132  WSearch - ok
23:10:10.0800 6132  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:10:10.0830 6132  wuauserv - ok
23:10:10.0840 6132  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:10:10.0850 6132  WudfPf - ok
23:10:10.0850 6132  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:10:10.0860 6132  WUDFRd - ok
23:10:10.0860 6132  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
23:10:10.0870 6132  wudfsvc - ok
23:10:10.0880 6132  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc        C:\Windows\System32\wwansvc.dll
23:10:10.0890 6132  WwanSvc - ok
23:10:10.0900 6132  ================ Scan global ===============================
23:10:10.0900 6132  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:10:10.0900 6132  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
23:10:10.0910 6132  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
23:10:10.0910 6132  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:10:10.0920 6132  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:10:10.0920 6132  [Global] - ok
23:10:10.0920 6132  ================ Scan MBR ==================================
23:10:10.0920 6132  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:10:11.0010 6132  \Device\Harddisk0\DR0 - ok
23:10:11.0020 6132  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk1\DR1
23:10:11.0090 6132  \Device\Harddisk1\DR1 - ok
23:10:11.0090 6132  ================ Scan VBR ==================================
23:10:11.0090 6132  [ 69ECE193A03CC47601019C1E33096078 ] \Device\Harddisk0\DR0\Partition1
23:10:11.0090 6132  \Device\Harddisk0\DR0\Partition1 - ok
23:10:11.0090 6132  [ C8EBE3C303A0E4C60A83A87AB907696E ] \Device\Harddisk0\DR0\Partition2
23:10:11.0090 6132  \Device\Harddisk0\DR0\Partition2 - ok
23:10:11.0090 6132  [ 94338ACC1F3A45F8C7F9DF1BD7E9F3FD ] \Device\Harddisk1\DR1\Partition1
23:10:11.0090 6132  \Device\Harddisk1\DR1\Partition1 - ok
23:10:11.0100 6132  ============================================================
23:10:11.0100 6132  Scan finished
23:10:11.0100 6132  ============================================================
23:10:11.0100 3856  Detected object count: 4
23:10:11.0100 3856  Actual detected object count: 4
23:10:57.0540 3856  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
23:10:57.0540 3856  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:10:57.0540 3856  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
23:10:57.0540 3856  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:10:57.0540 3856  pgsql-8.3 ( UnsignedFile.Multi.Generic ) - skipped by user
23:10:57.0540 3856  pgsql-8.3 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:10:57.0540 3856  RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
23:10:57.0540 3856  RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:13:12.0111 5456  Deinitialize success

cosinus 21.11.2012 10:21
Mach bitte einen CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Code:
msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

BieneTVB 21.11.2012 12:39
Code:
OTL logfile created on: 21.11.2012 12:34:01 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Hagemann\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,97 Gb Total Physical Memory | 6,79 Gb Available Physical Memory | 85,22% Memory free
15,93 Gb Paging File | 14,69 Gb Available in Paging File | 92,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 56,14 Gb Free Space | 47,12% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 912,98 Gb Free Space | 98,01% Space Free | Partition Type: NTFS
Drive I: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: HAGEMANN-PC | User Name: Hagemann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.20 12:35:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hagemann\Desktop\OTL.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012.02.07 17:53:34 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.02.07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.02.07 17:52:04 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2011.09.28 01:37:56 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2009.12.10 03:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2009.12.10 03:37:16 | 003,690,496 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.03.04 12:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2011.03.04 12:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2011.03.04 12:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.09.28 02:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.11.20 19:46:26 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.20 07:16:13 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.10.19 16:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.09.19 11:29:44 | 002,365,792 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.02.07 17:53:34 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.02.07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.02.07 17:52:04 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.02.02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2011.04.20 09:57:02 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.10 03:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.09.28 03:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.09.28 02:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.03 14:01:20 | 000,677,480 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.11.10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.11.03 11:10:42 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.11.03 11:10:42 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.04.20 03:07:48 | 001,930,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2011.03.23 15:41:28 | 000,036,448 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.09.19 10:50:50 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4131250592-1838384388-922388214-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=109727&tt=311012_niche_4412_4&babsrc=HP_ss&mntrId=721a3d7b00000000000090f652e6eb59
IE - HKU\S-1-5-21-4131250592-1838384388-922388214-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4131250592-1838384388-922388214-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-4131250592-1838384388-922388214-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 AB 93 38 3D B7 CD 01  [binary data]
IE - HKU\S-1-5-21-4131250592-1838384388-922388214-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-4131250592-1838384388-922388214-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-4131250592-1838384388-922388214-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4131250592-1838384388-922388214-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109727&tt=311012_niche_4412_4&babsrc=SP_ss&mntrId=721a3d7b00000000000090f652e6eb59
IE - HKU\S-1-5-21-4131250592-1838384388-922388214-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4131250592-1838384388-922388214-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.02 18:29:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.20 19:18:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.11.20 19:19:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hagemann\AppData\Roaming\mozilla\Extensions
[2012.11.20 19:38:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hagemann\AppData\Roaming\mozilla\Firefox\Profiles\8aqu1nm7.default\extensions
[2012.11.20 19:38:03 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Hagemann\AppData\Roaming\mozilla\firefox\profiles\8aqu1nm7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.20 19:18:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.02 18:29:38 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.11.20 07:17:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4131250592-1838384388-922388214-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-4131250592-1838384388-922388214-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Hagemann\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Hagemann\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AACC0C1-6273-4F0F-938B-58BD3476DED7}: DhcpNameServer = 192.168.10.4 192.168.10.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E53FDE10-D543-4BA8-A460-B483277A1286}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\labelprint.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\power2go.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\power2goexpress.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\producer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\ps.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\youcam.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\labelprint.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\power2go.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\power2goexpress.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\producer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\ps.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\youcam.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.15 10:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) - I:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.10.11 18:03:48 | 000,000,054 | R--- | M] () - I:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{84e48d4a-2321-11e2-a253-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{84e48d4a-2321-11e2-a253-806e6f6e6963}\Shell\AutoRun\command - "" = I:\Autorun.exe -- [2008.11.15 10:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.20 23:43:55 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.11.20 23:33:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.20 23:32:10 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\Desktop\miami
[2012.11.20 23:07:44 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Hagemann\Desktop\tdsskiller.exe
[2012.11.20 22:58:49 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Hagemann\Desktop\aswMBR.exe
[2012.11.20 19:46:51 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Macromedia
[2012.11.20 19:18:56 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\Mozilla
[2012.11.20 19:18:56 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Mozilla
[2012.11.20 19:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.11.20 19:18:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.11.20 12:35:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hagemann\Desktop\OTL.exe
[2012.11.19 09:50:51 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Diagnostics
[2012.11.15 12:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.11.15 12:28:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.11.14 20:27:53 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\OpenOffice.org
[2012.11.10 12:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012.11.10 12:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012.11.10 12:45:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012.11.10 12:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012.11.10 12:44:29 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\HP
[2012.11.10 12:43:09 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\ElevatedDiagnostics
[2012.11.08 08:48:17 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.11.08 08:48:17 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.11.08 08:48:17 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.11.08 08:48:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2012.11.08 08:48:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013
[2012.11.08 08:48:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.11.05 15:43:59 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.11.05 15:43:59 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\DVDVideoSoft
[2012.11.05 15:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.11.05 15:43:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2012.11.05 15:43:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2012.11.05 14:47:06 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\MJProductions
[2012.11.05 14:45:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Route Generator
[2012.11.05 14:29:49 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\FreeScreenToVideo
[2012.11.05 14:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Screen To Video
[2012.11.05 13:58:20 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\MAGIX_AG
[2012.11.04 17:01:13 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\Skype
[2012.11.04 17:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.11.04 17:01:08 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.11.04 17:01:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.11.04 17:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.11.04 14:18:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2012.11.04 14:05:39 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\Documents\Games for Windows - LIVE Demos
[2012.11.04 14:03:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2012.11.04 13:46:43 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\Documents\Rockstar Games
[2012.11.04 13:44:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2012.11.04 13:44:07 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Rockstar Games
[2012.11.04 13:42:59 | 000,000,000 | RH-D | C] -- C:\Users\Hagemann\AppData\Roaming\SecuROM
[2012.11.04 13:37:59 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012.11.04 13:35:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2012.11.04 13:35:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2012.11.04 13:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2012.11.04 13:06:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2012.11.02 18:50:03 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Desktop\Programme
[2012.11.02 18:35:02 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Xara
[2012.11.02 18:35:01 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\MAGIX
[2012.11.02 18:34:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Shared
[2012.11.02 18:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2012.11.02 18:33:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Services
[2012.11.02 18:33:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012.11.02 18:29:47 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.11.02 18:29:47 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.11.02 18:29:47 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.11.02 18:29:47 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.11.02 18:29:47 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.11.02 18:29:47 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.11.02 18:29:47 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.11.02 18:29:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.11.02 18:29:33 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.11.02 18:29:33 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.11.02 18:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.11.02 18:29:24 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.11.02 18:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.11.02 18:14:21 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\Apple Computer
[2012.11.02 18:14:21 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Apple Computer
[2012.11.02 18:14:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012.11.02 18:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.11.02 18:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.11.02 18:14:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.11.02 18:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.11.02 18:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.11.02 18:13:58 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Apple
[2012.11.02 18:13:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012.11.02 18:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.11.02 18:13:49 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.11.02 18:13:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012.11.02 18:13:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012.11.02 18:13:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012.11.02 17:53:24 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\TuneUp Software
[2012.11.02 17:47:29 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.11.02 17:47:26 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.11.02 17:47:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.11.02 17:46:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2012.11.02 17:46:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2012.11.02 17:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.11.02 17:45:46 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\Babylon
[2012.11.02 17:45:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.11.02 17:45:45 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\DesktopIconForAmazon
[2012.11.02 17:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 8.3
[2012.11.02 17:39:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PostgreSQL
[2012.11.02 17:34:27 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\PokerStars.EU
[2012.11.02 17:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.EU
[2012.11.02 17:34:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars.EU
[2012.11.02 17:19:29 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerTracker 3
[2012.11.02 17:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerTracker 3
[2012.11.02 17:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerTracker 3
[2012.11.02 17:11:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.11.02 17:11:40 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Google
[2012.11.02 17:10:00 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Deployment
[2012.11.02 17:10:00 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Apps
[2012.11.02 17:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
[2012.11.02 17:03:48 | 001,930,240 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athurx.sys
[2012.11.02 17:03:48 | 001,930,240 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athurx.sys
[2012.11.02 17:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TP-LINK
[2012.11.02 12:41:07 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Power2Go
[2012.11.02 12:26:55 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
[2012.11.02 12:25:00 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\CyberLink
[2012.11.02 12:25:00 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Cyberlink
[2012.11.02 12:23:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2012.11.02 12:23:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2012.11.02 12:22:49 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
[2012.11.02 12:22:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2012.11.02 12:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012.11.02 12:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012.11.02 10:56:13 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2012.11.02 10:55:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2012.11.02 10:52:12 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\WinRAR
[2012.11.02 10:52:12 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.11.02 10:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.11.02 10:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012.11.02 10:32:10 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\ashampoo
[2012.11.02 10:32:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo
[2012.11.02 10:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012.11.02 10:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.11.02 10:29:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.11.02 10:29:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.11.02 10:29:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.11.02 10:27:54 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\Macromedia
[2012.11.02 10:27:54 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\Adobe
[2012.11.02 10:26:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012.11.02 10:26:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.11.02 10:26:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.10.31 18:05:12 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\ATI
[2012.10.31 18:05:12 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\ATI
[2012.10.31 18:05:12 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.10.31 18:04:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012.10.31 18:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012.10.31 18:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012.10.31 18:04:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012.10.31 18:04:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.10.31 18:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.10.31 18:03:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012.10.31 18:02:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.10.31 18:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012.10.31 18:02:29 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012.10.31 08:57:30 | 000,000,000 | ---D | C] -- C:\Treiber
[2012.10.31 08:53:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3
[2012.10.31 08:53:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2012.10.31 08:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012.10.31 08:52:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2012.10.31 08:52:28 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\InstallShield
[2012.10.31 08:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asmedia Technology
[2012.10.31 08:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM106xSATA
[2012.10.31 08:52:12 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012.10.31 08:51:27 | 000,677,480 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2012.10.31 08:51:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012.10.31 08:51:08 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.10.31 08:50:58 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012.10.31 08:50:57 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012.10.31 08:50:57 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2012.10.31 08:50:57 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012.10.31 08:50:57 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012.10.31 08:50:57 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012.10.31 08:50:57 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2012.10.31 08:50:57 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2012.10.31 08:50:57 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2012.10.31 08:50:48 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012.10.31 08:50:48 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012.10.31 08:50:48 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012.10.31 08:50:48 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012.10.31 08:50:48 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012.10.31 08:50:48 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012.10.31 08:50:42 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2012.10.31 08:50:42 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2012.10.31 08:50:42 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2012.10.31 08:50:42 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2012.10.31 08:50:42 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2012.10.31 08:50:41 | 000,702,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek2.dll
[2012.10.31 08:50:41 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2012.10.31 08:50:39 | 003,768,152 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2012.10.31 08:50:39 | 002,132,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012.10.31 08:50:39 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2012.10.31 08:50:39 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012.10.31 08:50:37 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2012.10.31 08:50:31 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012.10.31 08:50:30 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2012.10.31 08:50:30 | 000,527,872 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2012.10.31 08:50:30 | 000,515,584 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2012.10.31 08:50:30 | 000,439,808 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2012.10.31 08:50:29 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2012.10.31 08:50:29 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2012.10.31 08:50:29 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2012.10.31 08:50:29 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2012.10.31 08:50:28 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2012.10.31 08:50:28 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2012.10.31 08:50:28 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2012.10.31 08:50:28 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2012.10.31 08:50:28 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2012.10.31 08:50:28 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2012.10.31 08:50:27 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2012.10.31 08:50:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012.10.31 08:50:24 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012.10.31 08:50:24 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012.10.31 08:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012.10.31 08:49:27 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012.10.31 08:49:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012.10.31 08:48:35 | 000,000,000 | ---D | C] -- C:\Windows\AsusInstAll
[2012.10.31 07:41:20 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.10.31 07:41:20 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Searches
[2012.10.31 07:41:20 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.10.31 07:41:15 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\Identities
[2012.10.31 07:41:14 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Contacts
[2012.10.31 07:41:13 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\VirtualStore
[2012.10.31 07:41:11 | 000,000,000 | --SD | C] -- C:\Users\Hagemann\AppData\Roaming\Microsoft
[2012.10.31 07:41:11 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Videos
[2012.10.31 07:41:11 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Saved Games
[2012.10.31 07:41:11 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Pictures
[2012.10.31 07:41:11 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Music
[2012.10.31 07:41:11 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.10.31 07:41:11 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Links
[2012.10.31 07:41:11 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Favorites
[2012.10.31 07:41:11 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Downloads
[2012.10.31 07:41:11 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Documents
[2012.10.31 07:41:11 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Desktop
[2012.10.31 07:41:11 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Vorlagen
[2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\AppData\Local\Verlauf
[2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\AppData\Local\Temporary Internet Files
[2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Startmenü
[2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\SendTo
[2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Recent
[2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Netzwerkumgebung
[2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Lokale Einstellungen
[2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Documents\Eigene Videos
[2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Documents\Eigene Musik
[2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Eigene Dateien
[2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Documents\Eigene Bilder
[2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Druckumgebung
[2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Cookies
[2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\AppData\Local\Anwendungsdaten
[2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Anwendungsdaten
[2012.10.31 07:41:11 | 000,000,000 | -H-D | C] -- C:\Users\Hagemann\AppData
[2012.10.31 07:41:11 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Temp
[2012.10.31 07:41:11 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Microsoft
[2012.10.31 07:41:11 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\Media Center Programs
[2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.10.31 07:41:09 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.10.31 07:09:36 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012.10.31 07:09:27 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012.10.31 07:08:58 | 000,000,000 | ---D | C] -- C:\Windows\Panther
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.21 12:34:41 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.21 12:34:41 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.21 12:34:41 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.21 12:34:41 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.21 12:34:41 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.21 12:30:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.21 10:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.21 09:57:57 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.21 09:57:57 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.21 09:50:53 | 000,419,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.20 23:07:49 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Hagemann\Desktop\tdsskiller.exe
[2012.11.20 22:59:06 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Hagemann\Desktop\aswMBR.exe
[2012.11.20 20:31:33 | 000,001,069 | ---- | M] () -- C:\Users\Hagemann\Desktop\PokerTracker 3.lnk
[2012.11.20 19:18:54 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.20 12:35:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hagemann\Desktop\OTL.exe
[2012.11.20 12:33:55 | 000,000,000 | ---- | M] () -- C:\Users\Hagemann\defogger_reenable
[2012.11.20 12:32:17 | 000,050,477 | ---- | M] () -- C:\Users\Hagemann\Desktop\Defogger.exe
[2012.11.15 16:16:20 | 000,069,162 | ---- | M] () -- C:\Users\Hagemann\Desktop\clubmail_871948_att.jpg
[2012.11.14 20:27:57 | 000,001,235 | ---- | M] () -- C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012.11.10 12:36:09 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.10 12:36:09 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.08 19:29:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.11.08 08:38:37 | 000,000,224 | ---- | M] () -- C:\Users\Hagemann\Documents\Tune UP Produktschlüssel.rtf
[2012.11.05 15:43:58 | 000,001,398 | ---- | M] () -- C:\Users\Hagemann\Desktop\Free YouTube to MP3 Converter.lnk
[2012.11.04 17:01:09 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.11.04 14:00:55 | 000,002,196 | ---- | M] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk
[2012.11.04 13:37:59 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012.11.02 18:35:23 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.11.02 18:29:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.11.02 18:14:21 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.11.02 17:34:27 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.eu.lnk
[2012.11.02 17:19:52 | 000,004,996 | ---- | M] () -- C:\ProgramData\bltofzsb.qlf
[2012.11.02 17:07:40 | 000,000,207 | ---- | M] () -- C:\Users\Hagemann\Documents\Heimnetz.rtf
[2012.10.31 18:13:23 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.10.31 18:13:23 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.10.31 18:05:07 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012.10.31 08:53:29 | 000,044,274 | ---- | M] () -- C:\Windows\Ascd_log.ini
[2012.10.31 08:43:40 | 000,031,393 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2012.10.31 08:43:14 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2012.10.31 07:11:27 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.10.31 07:11:27 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012.10.31 07:10:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.10.30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.10.30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.10.30 23:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
 
========== Files Created - No Company Name ==========
 
[2012.11.21 09:50:49 | 000,419,608 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.20 19:18:54 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.11.20 19:18:54 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.20 12:33:55 | 000,000,000 | ---- | C] () -- C:\Users\Hagemann\defogger_reenable
[2012.11.20 12:32:16 | 000,050,477 | ---- | C] () -- C:\Users\Hagemann\Desktop\Defogger.exe
[2012.11.19 00:24:08 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.19 00:21:27 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.15 16:16:20 | 000,069,162 | ---- | C] () -- C:\Users\Hagemann\Desktop\clubmail_871948_att.jpg
[2012.11.14 20:27:57 | 000,001,235 | ---- | C] () -- C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012.11.08 19:29:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.11.08 17:50:25 | 021,378,698 | ---- | C] () -- C:\Users\Hagemann\Desktop\Fritz & Paul Kalkbrenner - Sky and Sand (Original Mix).mp3
[2012.11.08 11:11:32 | 005,021,359 | ---- | C] () -- C:\Users\Hagemann\Desktop\Simple Plan - Summer Paradise ft. Sean Paul (Official Audio).mp3
[2012.11.08 08:48:16 | 000,002,201 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2012.11.08 08:38:37 | 000,000,224 | ---- | C] () -- C:\Users\Hagemann\Documents\Tune UP Produktschlüssel.rtf
[2012.11.05 15:43:58 | 000,001,398 | ---- | C] () -- C:\Users\Hagemann\Desktop\Free YouTube to MP3 Converter.lnk
[2012.11.04 17:01:09 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.11.04 14:03:41 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2012.11.04 13:34:33 | 000,002,196 | ---- | C] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk
[2012.11.02 18:29:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012.11.02 18:14:21 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.11.02 18:13:57 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.11.02 17:34:27 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.eu.lnk
[2012.11.02 17:19:52 | 000,004,996 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2012.11.02 17:19:29 | 000,001,069 | ---- | C] () -- C:\Users\Hagemann\Desktop\PokerTracker 3.lnk
[2012.11.02 17:11:51 | 000,001,114 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.02 17:11:51 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.02 17:07:40 | 000,000,207 | ---- | C] () -- C:\Users\Hagemann\Documents\Heimnetz.rtf
[2012.11.02 17:03:48 | 000,027,040 | ---- | C] () -- C:\Windows\SysNative\netathurx.inf
[2012.11.02 17:03:48 | 000,008,820 | ---- | C] () -- C:\Windows\SysNative\athurextx.cat
[2012.11.02 10:31:02 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.11.02 10:26:42 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.02 10:25:59 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012.10.31 18:13:23 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.10.31 18:13:23 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.10.31 18:05:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.10.31 08:53:04 | 000,015,128 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
[2012.10.31 08:50:48 | 000,200,468 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2012.10.31 08:48:21 | 000,044,274 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.10.31 08:43:09 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.10.31 08:43:01 | 000,031,393 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.10.31 07:41:22 | 000,001,405 | ---- | C] () -- C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.10.31 07:41:21 | 000,001,439 | ---- | C] () -- C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.10.31 07:11:22 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.10.31 07:11:22 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.10.31 07:10:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.09.28 02:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.09.28 02:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.11.02 17:45:46 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\Babylon
[2012.11.20 19:34:48 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\DesktopIconForAmazon
[2012.11.05 15:44:01 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\DVDVideoSoft
[2012.11.05 15:43:59 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.11.20 23:38:24 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\FreeScreenToVideo
[2012.11.05 17:37:48 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\MAGIX
[2012.11.14 20:27:53 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\OpenOffice.org
[2012.11.08 08:48:14 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.10.31 07:41:14 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.11.21 09:50:47 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.10.31 07:41:10 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.11.10 12:44:59 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.11.20 23:35:00 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.11.21 09:50:47 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.10.31 07:41:10 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.10.31 07:41:10 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.11.08 19:38:22 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.11.20 23:43:55 | 000,000,000 | ---D | M] -- C:\TDSSKiller_Quarantine
[2012.10.31 18:01:16 | 000,000,000 | ---D | M] -- C:\Treiber
[2012.11.02 17:39:58 | 000,000,000 | R--D | M] -- C:\Users
[2012.11.21 09:50:52 | 000,000,000 | ---D | M] -- C:\Windows
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.11.02 10:27:54 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\Adobe
[2012.11.08 19:43:19 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\Apple Computer
[2012.10.31 18:05:12 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\ATI
[2012.11.02 17:45:46 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\Babylon
[2012.11.02 12:25:00 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\CyberLink
[2012.11.20 19:34:48 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\DesktopIconForAmazon
[2012.11.05 15:44:01 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\DVDVideoSoft
[2012.11.05 15:43:59 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.11.20 23:38:24 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\FreeScreenToVideo
[2012.10.31 07:41:15 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\Identities
[2012.10.31 08:52:28 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\InstallShield
[2012.11.02 10:27:54 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\Macromedia
[2012.11.05 17:37:48 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\MAGIX
[2011.04.12 08:54:43 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\Media Center Programs
[2012.11.21 09:51:36 | 000,000,000 | --SD | M] -- C:\Users\Hagemann\AppData\Roaming\Microsoft
[2012.11.20 19:19:04 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\Mozilla
[2012.11.14 20:27:53 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\OpenOffice.org
[2012.11.04 13:42:59 | 000,000,000 | RH-D | M] -- C:\Users\Hagemann\AppData\Roaming\SecuROM
[2012.11.08 08:15:59 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\Skype
[2012.11.08 08:48:14 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\TuneUp Software
[2012.11.02 18:32:56 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.11.02 17:45:45 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\Hagemann\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe
 
< %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles >
 
< %SYSTEMROOT%\System32\config\*.sav >
 
< %SYSTEMROOT%\*. /mp /s >
 
< %SYSTEMROOT%\system32\*.dll /lockedfiles >
 
<          >
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,012,978 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.11.02 10:26:42 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.11.02 17:11:51 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.11.02 17:11:51 | 000,001,114 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< End of report >

cosinus 21.11.2012 15:41
Ist unauffällig, sind aber ein paar Toolbars drin.
Die Mails bekommst du seit der Passwortänderung nicht mehr? Besonders Schwache Passwörter wurden erst letztens per Bruteforce geknackt. Zwar schon im Juli und das auch bei GMX, aber GMX und web.de gehören beide zur 1&1 Mail & Media GmbH

Sind dir mal irgenwann misslungene Loginversuche aufgefallen?

BieneTVB 21.11.2012 17:08
Die mails bekomm ich seit der Passwortänderung nicht mehr.

Mir ist vorher nichts aufgefallen.

cosinus 21.11.2012 17:13
Dann war echt dein Passwort zu schwach oder es wurde von einer anderen infizierten Maschine irgendwie ausgelesen

Code:
Received: from serversima ([95.224.62.76]) by smtp.web.de (mrweb002) with
Um da nochmal darauf zurückzukommen, "serversima" hat tatsächlich den SMTP-Server von web.de benutzt um seinen Spam abzuladen. Dafür musste der Spammer dein Kennwort kennen, völlig anonym bzw. ohne Login kann man bei web.de keine Mails schicken :eek:

BieneTVB 21.11.2012 17:26
OK dann werd ich in Zukunft bessere Passwörter nutzen.

Danke für deine Hilfe

cosinus 21.11.2012 17:28
Schau dir mal KeePass an, damit kann man auch viele und sehr komplexe Passwörter gut verwalten


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:31 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131