| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: web.de "mail deliver failed..."Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.11.2012, 12:28
| #1 | |
 |  web.de "mail deliver failed..." Hallo, ich habe das selbe Problem mit web.de wie schon von einigen Usern hier beschrieben. Da die Problemlösung recht kompliziert scheint öffne ich mal einen eigenen Beitrag damit es übersichtlich bleibt. ( Hoffe das ist zulässig?) Also ich bekomme täglich ca.30 Meldungen von zurückgesendeten spammails, die aus irgend einem grund über meine web.de Adresse verschickt werden. da steht keineantwortadresse@web.de und darunter "mail delivery failes:returning massage to sender" Als Antivirus Programm nutze ich Avast. Der Scan hat nichts gefunden. Habe bereits alle wichtigen Passwörter geändert. Wie soll ich vorgehen? hier die Angaben die in der Anleitung zum Forum verlangt werden: Zitat:
OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.11.2012 12:44:17 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hagemann\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,97 Gb Total Physical Memory | 6,51 Gb Available Physical Memory | 81,64% Memory free 15,93 Gb Paging File | 14,45 Gb Available in Paging File | 90,70% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 49,10 Gb Free Space | 41,21% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 912,66 Gb Free Space | 97,98% Space Free | Partition Type: NTFS Drive I: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: HAGEMANN-PC | User Name: Hagemann | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.20 12:35:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hagemann\Desktop\OTL.exe PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.10.11 12:17:59 | 002,312,216 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2012.02.07 17:53:34 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.02.07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.02.07 17:52:04 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2011.09.28 01:37:56 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe PRC - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2009.12.10 03:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe PRC - [2009.12.10 03:37:16 | 003,690,496 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe ========== Modules (No Company Name) ========== MOD - [2012.10.11 12:17:59 | 002,312,216 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe MOD - [2012.10.11 12:17:06 | 002,069,528 | ---- | M] () -- c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2011.03.04 12:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll MOD - [2011.03.04 12:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2011.03.04 12:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.09.28 02:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.11.02 10:26:42 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.10.19 16:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.11 12:17:59 | 002,312,216 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager) SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.09.19 11:29:44 | 002,365,792 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.02.07 17:53:34 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.02.07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.02.07 17:52:04 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.02.02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2011.04.20 09:57:02 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.10 03:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012.09.28 03:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.09.28 02:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.03 14:01:20 | 000,677,480 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.11.10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.11.03 11:10:42 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.11.03 11:10:42 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011.04.20 03:07:48 | 001,930,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur) DRV:64bit: - [2011.03.23 15:41:28 | 000,036,448 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012.09.19 10:50:50 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=109727&tt=311012_niche_4412_4&babsrc=HP_ss&mntrId=721a3d7b00000000000090f652e6eb59 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=109727&tt=311012_niche_4412_4&babsrc=HP_ss&mntrId=721a3d7b00000000000090f652e6eb59 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 AB 93 38 3D B7 CD 01 [binary data] IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109727&tt=311012_niche_4412_4&babsrc=SP_ss&mntrId=721a3d7b00000000000090f652e6eb59 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.11.02 17:46:23 | 000,000,000 | ---D | M] [2012.11.02 17:46:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== CHR - homepage: hxxp://search.babylon.com/?affID=109727&tt=311012_niche_4412_4&babsrc=HP_ss&mntrId=721a3d7b00000000000090f652e6eb59 CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://search.babylon.com/?affID=109727&tt=311012_niche_4412_4&babsrc=HP_ss&mntrId=721a3d7b00000000000090f652e6eb59 CHR - Extension: No name found = C:\Users\Hagemann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: No name found = C:\Users\Hagemann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: No name found = C:\Users\Hagemann\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\ CHR - Extension: No name found = C:\Users\Hagemann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\ CHR - Extension: No name found = C:\Users\Hagemann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\ CHR - Extension: No name found = C:\Users\Hagemann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found. O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Plus_Sonderedition\TrayServer_de.exe (MAGIX AG) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [GoogleChromeAutoLaunch_BFF1274CEC412B4E702C782D380CCB14] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) O4 - Startup: C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Hagemann\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Hagemann\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe (PokerStars) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AACC0C1-6273-4F0F-938B-58BD3476DED7}: DhcpNameServer = 192.168.10.4 192.168.10.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E53FDE10-D543-4BA8-A460-B483277A1286}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - AppInit_DLLs: (c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\labelprint.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\power2go.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\power2goexpress.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\producer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\ps.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\youcam.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\labelprint.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\power2go.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\power2goexpress.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\producer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\ps.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\youcam.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.11.15 10:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) - I:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2008.10.11 18:03:48 | 000,000,054 | R--- | M] () - I:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{84e48d4a-2321-11e2-a253-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{84e48d4a-2321-11e2-a253-806e6f6e6963}\Shell\AutoRun\command - "" = I:\Autorun.exe -- [2008.11.15 10:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.20 12:35:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hagemann\Desktop\OTL.exe [2012.11.19 09:50:51 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Diagnostics [2012.11.15 12:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.11.15 12:28:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.11.14 20:27:53 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\OpenOffice.org [2012.11.10 12:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2012.11.10 12:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2012.11.10 12:45:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2012.11.10 12:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2012.11.10 12:44:29 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\HP [2012.11.10 12:43:09 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\ElevatedDiagnostics [2012.11.08 17:45:53 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\Desktop\Neuer Ordner [2012.11.08 17:29:52 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\Desktop\CAM_SD [2012.11.08 08:48:17 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2012.11.08 08:48:17 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2012.11.08 08:48:17 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2012.11.08 08:48:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 [2012.11.08 08:48:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013 [2012.11.08 08:48:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2012.11.05 17:06:11 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\Desktop\Miami AHCV [2012.11.05 15:43:59 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\DVDVideoSoftIEHelpers [2012.11.05 15:43:59 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\DVDVideoSoft [2012.11.05 15:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2012.11.05 15:43:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2012.11.05 15:43:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2012.11.05 15:28:56 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\Desktop\Miami 12 [2012.11.05 15:23:47 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\Desktop\Pics für miami video [2012.11.05 15:21:23 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\Desktop\Route Miami [2012.11.05 14:47:06 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\MJProductions [2012.11.05 14:45:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Route Generator [2012.11.05 14:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2012.11.05 14:29:49 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\FreeScreenToVideo [2012.11.05 14:29:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Screen To Video [2012.11.05 14:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Screen To Video [2012.11.05 13:58:20 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\MAGIX_AG [2012.11.04 17:01:13 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\Skype [2012.11.04 17:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.11.04 17:01:08 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.11.04 17:01:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.11.04 17:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012.11.04 14:18:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [2012.11.04 14:05:39 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\Documents\Games for Windows - LIVE Demos [2012.11.04 14:03:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2012.11.04 13:46:43 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\Documents\Rockstar Games [2012.11.04 13:44:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2012.11.04 13:44:07 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Rockstar Games [2012.11.04 13:42:59 | 000,000,000 | RH-D | C] -- C:\Users\Hagemann\AppData\Roaming\SecuROM [2012.11.04 13:37:59 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2012.11.04 13:35:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2012.11.04 13:35:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2012.11.04 13:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games [2012.11.04 13:06:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games [2012.11.02 18:50:03 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Desktop\Programme [2012.11.02 18:36:21 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\Documents\MAGIX Downloads [2012.11.02 18:36:21 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\Documents\MAGIX [2012.11.02 18:35:03 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\Documents\MAGIX_MusicEditor [2012.11.02 18:35:02 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Xara [2012.11.02 18:35:01 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\MAGIX [2012.11.02 18:34:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Shared [2012.11.02 18:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX [2012.11.02 18:33:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX [2012.11.02 18:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX [2012.11.02 18:33:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Services [2012.11.02 18:33:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2012.11.02 18:29:47 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012.11.02 18:29:47 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012.11.02 18:29:47 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012.11.02 18:29:47 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012.11.02 18:29:47 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012.11.02 18:29:47 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2012.11.02 18:29:47 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012.11.02 18:29:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2012.11.02 18:29:33 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012.11.02 18:29:33 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2012.11.02 18:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012.11.02 18:29:24 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012.11.02 18:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.11.02 18:14:21 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\Apple Computer [2012.11.02 18:14:21 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Apple Computer [2012.11.02 18:14:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2012.11.02 18:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.11.02 18:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.11.02 18:14:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.11.02 18:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.11.02 18:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012.11.02 18:13:58 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Apple [2012.11.02 18:13:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012.11.02 18:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012.11.02 18:13:49 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012.11.02 18:13:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2012.11.02 18:13:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012.11.02 18:13:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012.11.02 17:53:24 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\TuneUp Software [2012.11.02 17:47:29 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.11.02 17:47:26 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012.11.02 17:47:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.11.02 17:46:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2012.11.02 17:46:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2012.11.02 17:46:23 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager [2012.11.02 17:46:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2012.11.02 17:46:22 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\BabylonToolbar [2012.11.02 17:46:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar [2012.11.02 17:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.11.02 17:45:46 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\Babylon [2012.11.02 17:45:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012.11.02 17:45:45 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\DesktopIconForAmazon [2012.11.02 17:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 8.3 [2012.11.02 17:39:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PostgreSQL [2012.11.02 17:34:27 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\PokerStars.EU [2012.11.02 17:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.EU [2012.11.02 17:34:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars.EU [2012.11.02 17:19:29 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerTracker 3 [2012.11.02 17:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerTracker 3 [2012.11.02 17:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerTracker 3 [2012.11.02 17:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.11.02 17:11:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012.11.02 17:11:40 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Google [2012.11.02 17:10:00 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Deployment [2012.11.02 17:10:00 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Apps [2012.11.02 17:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK [2012.11.02 17:03:48 | 001,930,240 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athurx.sys [2012.11.02 17:03:48 | 001,930,240 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athurx.sys [2012.11.02 17:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TP-LINK [2012.11.02 12:41:07 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Power2Go [2012.11.02 12:26:55 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite [2012.11.02 12:25:00 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\CyberLink [2012.11.02 12:25:00 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Cyberlink [2012.11.02 12:23:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling [2012.11.02 12:23:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe [2012.11.02 12:22:49 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite [2012.11.02 12:22:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink [2012.11.02 12:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2012.11.02 12:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2012.11.02 10:56:13 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2012.11.02 10:55:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3 [2012.11.02 10:52:12 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\WinRAR [2012.11.02 10:52:12 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.11.02 10:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.11.02 10:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2012.11.02 10:32:10 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\ashampoo [2012.11.02 10:32:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo [2012.11.02 10:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo [2012.11.02 10:32:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo [2012.11.02 10:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012.11.02 10:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012.11.02 10:29:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.11.02 10:29:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.11.02 10:29:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.11.02 10:27:54 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\Macromedia [2012.11.02 10:27:54 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\Adobe [2012.11.02 10:26:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2012.11.02 10:26:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.11.02 10:26:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2012.10.31 18:05:12 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\ATI [2012.10.31 18:05:12 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\ATI [2012.10.31 18:05:12 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.10.31 18:04:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2012.10.31 18:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2012.10.31 18:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2012.10.31 18:04:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2012.10.31 18:04:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.10.31 18:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012.10.31 18:03:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2012.10.31 18:02:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2012.10.31 18:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2012.10.31 18:02:29 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2012.10.31 08:57:30 | 000,000,000 | ---D | C] -- C:\Treiber [2012.10.31 08:53:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3 [2012.10.31 08:53:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2012.10.31 08:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2012.10.31 08:52:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent [2012.10.31 08:52:28 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\InstallShield [2012.10.31 08:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asmedia Technology [2012.10.31 08:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM106xSATA [2012.10.31 08:52:12 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2012.10.31 08:51:27 | 000,677,480 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys [2012.10.31 08:51:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2012.10.31 08:51:08 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2012.10.31 08:50:58 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2012.10.31 08:50:57 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2012.10.31 08:50:57 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll [2012.10.31 08:50:57 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2012.10.31 08:50:57 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2012.10.31 08:50:57 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2012.10.31 08:50:57 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll [2012.10.31 08:50:57 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll [2012.10.31 08:50:57 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2012.10.31 08:50:48 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2012.10.31 08:50:48 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2012.10.31 08:50:48 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2012.10.31 08:50:48 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2012.10.31 08:50:48 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2012.10.31 08:50:48 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2012.10.31 08:50:42 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll [2012.10.31 08:50:42 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll [2012.10.31 08:50:42 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll [2012.10.31 08:50:42 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll [2012.10.31 08:50:42 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll [2012.10.31 08:50:41 | 000,702,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek2.dll [2012.10.31 08:50:41 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll [2012.10.31 08:50:39 | 003,768,152 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll [2012.10.31 08:50:39 | 002,132,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2012.10.31 08:50:39 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll [2012.10.31 08:50:39 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2012.10.31 08:50:37 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll [2012.10.31 08:50:31 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2012.10.31 08:50:30 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2012.10.31 08:50:30 | 000,527,872 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll [2012.10.31 08:50:30 | 000,515,584 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll [2012.10.31 08:50:30 | 000,439,808 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll [2012.10.31 08:50:29 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2012.10.31 08:50:29 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2012.10.31 08:50:29 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll [2012.10.31 08:50:29 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2012.10.31 08:50:28 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2012.10.31 08:50:28 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2012.10.31 08:50:28 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2012.10.31 08:50:28 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2012.10.31 08:50:28 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2012.10.31 08:50:28 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll [2012.10.31 08:50:27 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2012.10.31 08:50:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2012.10.31 08:50:24 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2012.10.31 08:50:24 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2012.10.31 08:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2012.10.31 08:49:27 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2012.10.31 08:49:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2012.10.31 08:48:35 | 000,000,000 | ---D | C] -- C:\Windows\AsusInstAll [2012.10.31 07:41:20 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.10.31 07:41:20 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Searches [2012.10.31 07:41:20 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.10.31 07:41:15 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\Identities [2012.10.31 07:41:14 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Contacts [2012.10.31 07:41:13 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\VirtualStore [2012.10.31 07:41:11 | 000,000,000 | --SD | C] -- C:\Users\Hagemann\AppData\Roaming\Microsoft [2012.10.31 07:41:11 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Videos [2012.10.31 07:41:11 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Saved Games [2012.10.31 07:41:11 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Pictures [2012.10.31 07:41:11 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Music [2012.10.31 07:41:11 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.10.31 07:41:11 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Links [2012.10.31 07:41:11 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Favorites [2012.10.31 07:41:11 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Downloads [2012.10.31 07:41:11 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Documents [2012.10.31 07:41:11 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\Desktop [2012.10.31 07:41:11 | 000,000,000 | R--D | C] -- C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Vorlagen [2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\AppData\Local\Verlauf [2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\AppData\Local\Temporary Internet Files [2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Startmenü [2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\SendTo [2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Recent [2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Netzwerkumgebung [2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Lokale Einstellungen [2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Documents\Eigene Videos [2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Documents\Eigene Musik [2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Eigene Dateien [2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Documents\Eigene Bilder [2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Druckumgebung [2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Cookies [2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\AppData\Local\Anwendungsdaten [2012.10.31 07:41:11 | 000,000,000 | -HSD | C] -- C:\Users\Hagemann\Anwendungsdaten [2012.10.31 07:41:11 | 000,000,000 | -H-D | C] -- C:\Users\Hagemann\AppData [2012.10.31 07:41:11 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Temp [2012.10.31 07:41:11 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Local\Microsoft [2012.10.31 07:41:11 | 000,000,000 | ---D | C] -- C:\Users\Hagemann\AppData\Roaming\Media Center Programs [2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\Recovery [2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\Programme [2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2012.10.31 07:41:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2012.10.31 07:41:09 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012.10.31 07:09:36 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2012.10.31 07:09:27 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2012.10.31 07:08:58 | 000,000,000 | ---D | C] -- C:\Windows\Panther ========== Files - Modified Within 30 Days ========== [2012.11.20 12:35:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hagemann\Desktop\OTL.exe [2012.11.20 12:33:55 | 000,000,000 | ---- | M] () -- C:\Users\Hagemann\defogger_reenable [2012.11.20 12:32:17 | 000,050,477 | ---- | M] () -- C:\Users\Hagemann\Desktop\Defogger.exe [2012.11.20 12:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.20 11:47:44 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.20 11:47:44 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.20 11:44:26 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.20 11:44:26 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.20 11:44:26 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.20 11:44:26 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.20 11:44:26 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.20 11:38:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.20 11:38:26 | 2121,637,887 | -HS- | M] () -- C:\hiberfil.sys [2012.11.19 08:43:50 | 000,419,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.15 16:16:20 | 000,069,162 | ---- | M] () -- C:\Users\Hagemann\Desktop\clubmail_871948_att.jpg [2012.11.14 20:27:57 | 000,001,235 | ---- | M] () -- C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2012.11.10 12:36:09 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.10 12:36:09 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.08 20:45:09 | 1138,249,857 | ---- | M] () -- C:\Users\Hagemann\Desktop\Miami 2012HD.MP4 [2012.11.08 19:29:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.11.08 19:09:50 | 1237,983,469 | ---- | M] () -- C:\Users\Hagemann\Desktop\Miami 2012.mp4 [2012.11.08 19:09:50 | 000,000,108 | ---- | M] () -- C:\Users\Hagemann\Desktop\Miami 2012.mei [2012.11.08 17:43:13 | 000,001,701 | ---- | M] () -- C:\Users\Hagemann\Desktop\bus_icon.jpg [2012.11.08 17:40:22 | 000,002,359 | ---- | M] () -- C:\Users\Hagemann\Desktop\bus.jpg [2012.11.08 11:05:06 | 000,034,238 | ---- | M] () -- C:\Users\Hagemann\Desktop\MIAMI-SEAQUARIUM-LOGO.jpg [2012.11.08 08:48:16 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.11.08 08:48:16 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2012.11.08 08:38:37 | 000,000,224 | ---- | M] () -- C:\Users\Hagemann\Documents\Tune UP Produktschlüssel.rtf [2012.11.06 20:43:34 | 001,327,158 | ---- | M] () -- C:\Users\Hagemann\Desktop\key west.bmp [2012.11.06 20:42:17 | 001,327,158 | ---- | M] () -- C:\Users\Hagemann\Desktop\everglades.bmp [2012.11.06 19:00:33 | 013,957,525 | ---- | M] () -- C:\Users\Hagemann\Desktop\fotostream2.WMV [2012.11.05 16:54:15 | 000,437,143 | ---- | M] () -- C:\Users\Hagemann\Desktop\19(2).jpg [2012.11.05 16:52:45 | 001,013,460 | ---- | M] () -- C:\Users\Hagemann\Desktop\7(3).jpg [2012.11.05 16:51:20 | 001,603,643 | ---- | M] () -- C:\Users\Hagemann\Desktop\miami-heat-wallpaper-1.png [2012.11.05 16:34:44 | 039,733,591 | ---- | M] () -- C:\Users\Hagemann\Desktop\fotostram1 miami.WMV [2012.11.05 15:43:58 | 000,001,398 | ---- | M] () -- C:\Users\Hagemann\Desktop\Free YouTube to MP3 Converter.lnk [2012.11.05 15:14:08 | 000,427,851 | ---- | M] () -- C:\Users\Hagemann\Desktop\karte.png [2012.11.05 15:12:42 | 000,001,090 | ---- | M] () -- C:\Users\Hagemann\Desktop\images.jpg [2012.11.05 15:10:08 | 000,004,253 | ---- | M] () -- C:\Users\Hagemann\Desktop\images3.jpg [2012.11.05 15:09:38 | 000,002,344 | ---- | M] () -- C:\Users\Hagemann\Desktop\images2.jpg [2012.11.05 15:09:25 | 000,004,833 | ---- | M] () -- C:\Users\Hagemann\Desktop\images1.jpg [2012.11.05 15:07:33 | 000,020,243 | ---- | M] () -- C:\Users\Hagemann\Desktop\SYMBOL-HOPE-FREEDOM.jpg [2012.11.05 14:57:45 | 002,026,949 | ---- | M] () -- C:\Users\Hagemann\Desktop\politische_weltkarte_cia_2007.png [2012.11.05 14:53:57 | 001,327,158 | ---- | M] () -- C:\Users\Hagemann\Desktop\Map.bmp [2012.11.05 14:32:16 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012.11.05 14:29:49 | 000,001,126 | ---- | M] () -- C:\Users\Hagemann\Desktop\Free Screen To Video.lnk [2012.11.04 17:01:09 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.11.04 14:00:55 | 000,002,196 | ---- | M] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk [2012.11.04 13:37:59 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2012.11.02 18:35:23 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.11.02 18:34:59 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Video deluxe MX Plus Sonderedition.lnk [2012.11.02 18:29:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.11.02 18:14:21 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.11.02 17:35:43 | 000,001,069 | ---- | M] () -- C:\Users\Hagemann\Desktop\PokerTracker 3.lnk [2012.11.02 17:34:27 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.eu.lnk [2012.11.02 17:19:52 | 000,004,996 | ---- | M] () -- C:\ProgramData\bltofzsb.qlf [2012.11.02 17:13:40 | 000,002,247 | ---- | M] () -- C:\Users\Hagemann\Desktop\Google Chrome.lnk [2012.11.02 17:07:40 | 000,000,207 | ---- | M] () -- C:\Users\Hagemann\Documents\Heimnetz.rtf [2012.10.31 18:13:23 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2012.10.31 18:13:23 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2012.10.31 18:05:07 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2012.10.31 08:53:29 | 000,044,274 | ---- | M] () -- C:\Windows\Ascd_log.ini [2012.10.31 08:43:40 | 000,031,393 | ---- | M] () -- C:\Windows\Ascd_tmp.ini [2012.10.31 08:43:14 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini [2012.10.31 07:11:27 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2012.10.31 07:11:27 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2012.10.31 07:10:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012.10.30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2012.10.30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012.10.30 23:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012.10.29 15:28:32 | 001,845,296 | ---- | M] () -- C:\Users\Hagemann\Desktop\20121022_164720.jpg ========== Files Created - No Company Name ========== [2012.11.20 12:33:55 | 000,000,000 | ---- | C] () -- C:\Users\Hagemann\defogger_reenable [2012.11.20 12:32:16 | 000,050,477 | ---- | C] () -- C:\Users\Hagemann\Desktop\Defogger.exe [2012.11.19 00:24:08 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.19 00:21:27 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.15 16:16:20 | 000,069,162 | ---- | C] () -- C:\Users\Hagemann\Desktop\clubmail_871948_att.jpg [2012.11.14 20:27:57 | 000,001,235 | ---- | C] () -- C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2012.11.08 20:13:37 | 1138,249,857 | ---- | C] () -- C:\Users\Hagemann\Desktop\Miami 2012HD.MP4 [2012.11.08 19:29:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.11.08 19:09:50 | 000,000,108 | ---- | C] () -- C:\Users\Hagemann\Desktop\Miami 2012.mei [2012.11.08 18:25:15 | 1237,983,469 | ---- | C] () -- C:\Users\Hagemann\Desktop\Miami 2012.mp4 [2012.11.08 17:50:25 | 021,378,698 | ---- | C] () -- C:\Users\Hagemann\Desktop\Fritz & Paul Kalkbrenner - Sky and Sand (Original Mix).mp3 [2012.11.08 17:41:53 | 000,001,701 | ---- | C] () -- C:\Users\Hagemann\Desktop\bus_icon.jpg [2012.11.08 17:40:22 | 000,002,359 | ---- | C] () -- C:\Users\Hagemann\Desktop\bus.jpg [2012.11.08 11:11:32 | 005,021,359 | ---- | C] () -- C:\Users\Hagemann\Desktop\Simple Plan - Summer Paradise ft. Sean Paul (Official Audio).mp3 [2012.11.08 11:05:06 | 000,034,238 | ---- | C] () -- C:\Users\Hagemann\Desktop\MIAMI-SEAQUARIUM-LOGO.jpg [2012.11.08 08:48:16 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.11.08 08:48:16 | 000,002,201 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk [2012.11.08 08:48:16 | 000,002,189 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2012.11.08 08:38:37 | 000,000,224 | ---- | C] () -- C:\Users\Hagemann\Documents\Tune UP Produktschlüssel.rtf [2012.11.06 20:43:34 | 001,327,158 | ---- | C] () -- C:\Users\Hagemann\Desktop\key west.bmp [2012.11.06 20:42:17 | 001,327,158 | ---- | C] () -- C:\Users\Hagemann\Desktop\everglades.bmp [2012.11.06 18:59:52 | 013,957,525 | ---- | C] () -- C:\Users\Hagemann\Desktop\fotostream2.WMV [2012.11.05 16:54:15 | 000,437,143 | ---- | C] () -- C:\Users\Hagemann\Desktop\19(2).jpg [2012.11.05 16:52:45 | 001,013,460 | ---- | C] () -- C:\Users\Hagemann\Desktop\7(3).jpg [2012.11.05 16:51:20 | 001,603,643 | ---- | C] () -- C:\Users\Hagemann\Desktop\miami-heat-wallpaper-1.png [2012.11.05 16:33:24 | 039,733,591 | ---- | C] () -- C:\Users\Hagemann\Desktop\fotostram1 miami.WMV [2012.11.05 15:43:58 | 000,001,398 | ---- | C] () -- C:\Users\Hagemann\Desktop\Free YouTube to MP3 Converter.lnk [2012.11.05 15:28:56 | 001,845,296 | ---- | C] () -- C:\Users\Hagemann\Desktop\20121022_164720.jpg [2012.11.05 15:12:42 | 000,001,090 | ---- | C] () -- C:\Users\Hagemann\Desktop\images.jpg [2012.11.05 15:10:08 | 000,004,253 | ---- | C] () -- C:\Users\Hagemann\Desktop\images3.jpg [2012.11.05 15:09:38 | 000,002,344 | ---- | C] () -- C:\Users\Hagemann\Desktop\images2.jpg [2012.11.05 15:09:25 | 000,004,833 | ---- | C] () -- C:\Users\Hagemann\Desktop\images1.jpg [2012.11.05 15:07:13 | 000,020,243 | ---- | C] () -- C:\Users\Hagemann\Desktop\SYMBOL-HOPE-FREEDOM.jpg [2012.11.05 15:02:18 | 000,427,851 | ---- | C] () -- C:\Users\Hagemann\Desktop\karte.png [2012.11.05 14:55:16 | 002,026,949 | ---- | C] () -- C:\Users\Hagemann\Desktop\politische_weltkarte_cia_2007.png [2012.11.05 14:52:15 | 001,327,158 | ---- | C] () -- C:\Users\Hagemann\Desktop\Map.bmp [2012.11.05 14:32:16 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012.11.05 14:29:49 | 000,001,126 | ---- | C] () -- C:\Users\Hagemann\Desktop\Free Screen To Video.lnk [2012.11.04 17:01:09 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.11.04 14:03:41 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk [2012.11.04 13:34:33 | 000,002,196 | ---- | C] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk [2012.11.02 18:34:59 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Video deluxe MX Plus Sonderedition.lnk [2012.11.02 18:29:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2012.11.02 18:14:21 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.11.02 18:13:57 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.11.02 17:34:27 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.eu.lnk [2012.11.02 17:19:52 | 000,004,996 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf [2012.11.02 17:19:29 | 000,001,069 | ---- | C] () -- C:\Users\Hagemann\Desktop\PokerTracker 3.lnk [2012.11.02 17:13:40 | 000,002,247 | ---- | C] () -- C:\Users\Hagemann\Desktop\Google Chrome.lnk [2012.11.02 17:11:51 | 000,001,114 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.02 17:11:51 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.02 17:07:40 | 000,000,207 | ---- | C] () -- C:\Users\Hagemann\Documents\Heimnetz.rtf [2012.11.02 17:03:48 | 000,027,040 | ---- | C] () -- C:\Windows\SysNative\netathurx.inf [2012.11.02 17:03:48 | 000,008,820 | ---- | C] () -- C:\Windows\SysNative\athurextx.cat [2012.11.02 10:31:02 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012.11.02 10:26:42 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.02 10:25:59 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2012.10.31 18:13:23 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2012.10.31 18:13:23 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2012.10.31 18:05:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.10.31 08:53:04 | 000,015,128 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll [2012.10.31 08:50:48 | 000,200,468 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2012.10.31 08:48:21 | 000,044,274 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012.10.31 08:43:09 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.10.31 08:43:01 | 000,031,393 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.10.31 07:41:22 | 000,001,405 | ---- | C] () -- C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012.10.31 07:41:21 | 000,001,439 | ---- | C] () -- C:\Users\Hagemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.10.31 07:11:22 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012.10.31 07:11:22 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012.10.31 07:10:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.10.31 07:09:27 | 2121,637,887 | -HS- | C] () -- C:\hiberfil.sys [2012.09.28 02:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.09.28 02:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.02 17:45:46 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\Babylon [2012.11.02 17:46:23 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\BabylonToolbar [2012.11.02 17:45:45 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\DesktopIconForAmazon [2012.11.05 15:44:01 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\DVDVideoSoft [2012.11.05 15:43:59 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\DVDVideoSoftIEHelpers [2012.11.05 14:29:49 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\FreeScreenToVideo [2012.11.05 17:37:48 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\MAGIX [2012.11.14 20:27:53 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\OpenOffice.org [2012.11.08 08:48:14 | 000,000,000 | ---D | M] -- C:\Users\Hagemann\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.11.2012 12:44:17 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hagemann\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,97 Gb Total Physical Memory | 6,51 Gb Available Physical Memory | 81,64% Memory free
15,93 Gb Paging File | 14,45 Gb Available in Paging File | 90,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 49,10 Gb Free Space | 41,21% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 912,66 Gb Free Space | 97,98% Space Free | Partition Type: NTFS
Drive I: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: HAGEMANN-PC | User Name: Hagemann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01AC5E30-DAED-4329-A023-9856EAF46FD9}" = rport=137 | protocol=17 | dir=out | app=system |
"{0D826B92-0C1B-40B4-B76B-E6C5DED2D2A3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1AC58809-64AD-4F86-95FA-69671C644D05}" = rport=138 | protocol=17 | dir=out | app=system |
"{1C261AC8-AE52-4842-BC50-5FC38720E469}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{28060D3D-C7A5-4F5B-B9E5-CBFE97D3B2B6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{41B56195-28F7-4854-A8AC-DC1103603D90}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{457DC3E7-F9C3-4DCF-BF68-5F9A506A5BA1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5473ECC8-F1FB-4D53-A9C0-268BFB43F46C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{68109295-CB22-4889-87B5-FC11E76167CE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7288082E-0423-4EEE-89CD-51C927C81EF3}" = lport=445 | protocol=6 | dir=in | app=system |
"{795EF496-6D48-4DA9-932A-651EFE9432A2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8109CDF7-521C-4ABF-B81A-7D3812801402}" = lport=139 | protocol=6 | dir=in | app=system |
"{815F6C7C-E518-4EDD-8C90-D679046A72F0}" = rport=445 | protocol=6 | dir=out | app=system |
"{9B5691F5-E1AB-4E64-8B69-ED3075FBC74E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A145E050-C263-4C15-9280-AC5627AAD104}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA6528FA-E55C-4529-B49F-18BEB4FEBA1F}" = rport=139 | protocol=6 | dir=out | app=system |
"{BC7F96F9-16CC-402F-8C15-30510D3F19FF}" = lport=138 | protocol=17 | dir=in | app=system |
"{CBFC5665-EE09-4905-B224-BEAD57958338}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DA9D0921-8AEC-47CC-A2DA-B9D6AA07E8FF}" = lport=137 | protocol=17 | dir=in | app=system |
"{FB6309C2-7F8F-42AF-B56E-5871535C3F99}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC80ABEC-C19D-4443-AC85-C8FE039DC0A2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B3985D7-9827-4F09-8388-5A29CB5CC828}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{17D877A8-FC90-41A2-8667-ED43D011F80C}" = protocol=6 | dir=out | app=system |
"{3473CF7C-E652-43CB-8739-0DA6757B7101}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3E21C3E6-8D88-46A8-A033-DB94C44F17E8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{40BF2530-3EF0-4FE9-A85B-0ECC77971543}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{44F31021-C1DA-4355-B496-48280CA69891}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4F881EE8-D50A-44B9-B5D0-0408F4596FED}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{55F222F4-618F-4207-A14F-27BCA8BA4AFB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{58D5B35A-91C9-4DCA-8A2B-C9E6A329941B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5A513833-9EEF-4A17-90E1-D0CBB98C4AB5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5E1A4FC2-317E-4EAF-8D57-3979A6292C4A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{64C73237-CDF7-414C-A860-A22FC97110DB}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{758B626E-D8B2-467A-A8FB-6CBF96792583}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7A802480-B652-4824-82E7-047F31EC16AF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7FD3D271-A7F8-4E68-98A2-89B224AF5C8A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{810AB955-F317-484F-8776-BA07C1033452}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9CC53E37-5A81-4E40-9FCB-2E6AC8BA1059}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9E08BC08-F65C-4267-BA26-3DD0E07F0CAD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A703BD11-592E-4D73-BB30-97C2145D2914}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BB10A1CB-7224-4590-AECE-B2F1161007E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C20A25FC-B0F0-4385-A4CB-E0E7E0BF4C5E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C7A08FD2-74C5-4B7E-B93C-A484C87563FF}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{CEA5BBF2-2462-4261-A6DE-7CBF95911ABE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DAE29556-7362-4E25-9EAB-13AE634520CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DB5886C8-2EB5-420D-85A0-9F2DDB2B4D74}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DDD1AFEE-2B0E-486F-9496-BA27EA0CAA73}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E6E5E2C8-2E2F-44B2-9150-5C254D38F69D}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{EEA3B187-5D5F-42E9-A8E7-DDF52CD3219E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F36D0CBC-C527-4933-821F-0FD3174C336B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F51658F7-E5B9-4DB5-9690-E12AA8BEC9AB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F5AA6CEC-898B-40EA-BF58-F05B8C186699}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{FC49B618-E374-493F-8C05-03E583C01096}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0CEDEF16-BF87-4042-ACC5-BCBB03A46801}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{13EAAE74-AC52-4447-8115-E55F611F653D}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{18A5D014-E9AD-DEFE-FAFE-A409612F51B4}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{50BD00DC-127E-BF00-FDD5-E1A93AB3507C}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A44D35BC-F2DF-00E9-79BF-34967DF0E4E8}" = AMD Drag and Drop Transcoding
"{BB009B20-0BA0-ABDF-1947-4D56639214C7}" = AMD Accelerated Video Transcoding
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E85D1C80-28C4-76B8-5A5A-2C8D8B38D5D9}" = AMD Catalyst Install Manager
"{ECFFD23C-3111-4685-8118-E1F79644203F}" = HP Deskjet 1000 J110 series - Grundlegende Software für das Gerät
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"DesktopIconAmazon" = Desktop Icon für Amazon
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"{03AEAB60-A7B3-A8DB-468B-EB30FB4B40B0}" = CCC Help German
"{06A60F3C-B270-42FE-B49E-244657482573}" = MAGIX Screenshare
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{162ABED6-E60C-6CFF-100E-43C16ABBC5BE}" = CCC Help Chinese Standard
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1CB724FF-D18C-8FFB-E7C9-0A09CF8EC066}" = CCC Help Japanese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG CyberLink Media Suite
"{20C14CC3-5E3B-D39A-5B37-B15E59785063}" = CCC Help Chinese Traditional
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2632A2C0-ECF4-7F79-7136-9FEA4C253A4C}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = LG CyberLink BD Advisor
"{30F712DA-64FE-5DBE-AE76-3F8EA3F8223C}" = CCC Help French
"{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}" = TL-WN721N/TL-WN722N Driver
"{3C39B3CC-4EC8-C756-AF4B-72366504FCA5}" = CCC Help Hungarian
"{3E8A20E1-223F-11E2-9116-B8AC6F98CCE3}" = Google Earth
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG Burning Tool
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CC9D761-A9B6-D8EA-D2A9-B74B5A90B108}" = CCC Help Norwegian
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{54B227A6-BDBE-69FA-D450-B99609063044}" = CCC Help Greek
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C587778-C433-980E-F3C1-203890DC4FBE}" = CCC Help Polish
"{7DC3EABF-66A2-6D79-B485-6328525CA387}" = CCC Help Swedish
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = LG CyberLink MediaShow
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{843603C6-75B7-BAB5-80DE-E76FB28DEEF2}" = CCC Help Finnish
"{876C2B35-5C72-4E21-8BAA-67BAE24E35E2}" = MAGIX Video deluxe MX Plus Sonderedition
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8BBC66FD-0195-29B4-5A58-E0B0554E8F42}" = Catalyst Control Center
"{8D9EEAC7-42D5-3951-612A-EAA7B684C592}" = CCC Help Italian
"{9791DAED-B734-2835-988B-157BDA087496}" = CCC Help Dutch
"{98B740C3-FAA4-C523-7478-4DBCAB7B27D1}" = Catalyst Control Center Graphics Previews Common
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F0CAC6D-9B0D-A95F-CF61-6E88952D6181}" = CCC Help Thai
"{A625DB70-98D5-16FD-C49D-4B8B1B2304A4}" = CCC Help Spanish
"{A90214C3-3A0C-2F05-6083-E1A4BAD9E30D}" = CCC Help Danish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA123216-6DE0-E57C-DC57-4FECEACB482F}" = CCC Help Russian
"{AB4633CC-E18D-44E0-BFAE-A08704564FDF}" = MAGIX Speed burnR (MSI)
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"{D0837A59-83E6-3392-1BD9-86D3445676DB}" = CCC Help Korean
"{D70AB273-113B-D7DE-5C8D-82CABA7CB0AF}" = Catalyst Control Center Localization All
"{DC8772D4-C75F-5235-63E2-BBC73F909B7A}" = CCC Help Czech
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Hilfe
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = LG CyberLink PowerDVD
"{DED7FD3C-DDD2-43BB-B0F5-B07F9D0430D3}" = CCC Help Portuguese
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E157F2EB-E06F-B57F-9105-68F348DB2EAD}" = CCC Help English
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = LG CyberLink MediaEspresso
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = Babylon Chrome Toolbar
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EF036F44-A287-BC23-3F6E-AAE6FDEF47EF}" = Catalyst Control Center InstallProxy
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.81
"avast" = avast! Free Antivirus
"BabylonToolbar" = Babylon toolbar
"Free Screen To Video_is1" = Free Screen To Video V 2.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG CyberLink Media Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG Burning Tool
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = LG CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = LG CyberLink PowerDVD
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = LG CyberLink MediaEspresso
"MAGIX_{06A60F3C-B270-42FE-B49E-244657482573}" = MAGIX Screenshare
"MAGIX_{876C2B35-5C72-4E21-8BAA-67BAE24E35E2}" = MAGIX Video deluxe MX Plus Sonderedition
"MAGIX_{AB4633CC-E18D-44E0-BFAE-A08704564FDF}" = MAGIX Speed burnR (MSI)
"PokerStars.eu" = PokerStars.eu
"PokerTracker3" = PokerTracker 3 (remove only)
"Route Generator" = Route Generator
"TuneUp Utilities 2013" = TuneUp Utilities 2013
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.11.2012 03:45:40 | Computer Name = Hagemann-PC | Source = WinMgmt | ID = 10
Description =
Error - 19.11.2012 07:17:53 | Computer Name = Hagemann-PC | Source = VSS | ID = 13
Description =
Error - 19.11.2012 07:17:53 | Computer Name = Hagemann-PC | Source = VSS | ID = 12292
Description =
Error - 19.11.2012 14:09:29 | Computer Name = Hagemann-PC | Source = WinMgmt | ID = 10
Description =
Error - 20.11.2012 06:14:17 | Computer Name = Hagemann-PC | Source = WinMgmt | ID = 10
Description =
Error - 20.11.2012 06:23:48 | Computer Name = Hagemann-PC | Source = VSS | ID = 13
Description =
Error - 20.11.2012 06:23:48 | Computer Name = Hagemann-PC | Source = VSS | ID = 12292
Description =
Error - 20.11.2012 06:23:48 | Computer Name = Hagemann-PC | Source = VSS | ID = 8193
Description =
Error - 20.11.2012 06:23:48 | Computer Name = Hagemann-PC | Source = System Restore | ID = 8193
Description =
Error - 20.11.2012 06:40:23 | Computer Name = Hagemann-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 19.11.2012 14:16:59 | Computer Name = Hagemann-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 20.11.2012 06:12:35 | Computer Name = Hagemann-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 20.11.2012 06:12:35 | Computer Name = Hagemann-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 20.11.2012 06:12:40 | Computer Name = Hagemann-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 20.11.2012 06:14:30 | Computer Name = Hagemann-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 20.11.2012 06:37:13 | Computer Name = Hagemann-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Browser Manager" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 20.11.2012 06:38:40 | Computer Name = Hagemann-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 20.11.2012 06:38:41 | Computer Name = Hagemann-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 20.11.2012 06:38:46 | Computer Name = Hagemann-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 20.11.2012 06:40:42 | Computer Name = Hagemann-PC | Source = WMPNetworkSvc | ID = 866300
Description =
< End of report >
Geändert von BieneTVB (20.11.2012 um 12:49 Uhr) |
|
20.11.2012, 18:54
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | web.de "mail deliver failed..." Hallo und
__________________ Zitat:
Da ging es um Adressfälschung und dagagen kann man genau nichts tun außer solche Mails einfach zu ignorieren Bei der Adressfälschung spamt irgendein Rechner der im Botnetz ist irgendwo hin und kann als Absendeadresse für seinen Werbemüll etwas (fast) x-beliebiges eintragen. So du wie einen Brief abschicken könntest und als Absender auch eine beliebe Adresse draufkritzeln kannst.
__________________ |
|
20.11.2012, 19:28
| #3 |
| | web.de "mail deliver failed..." Danke schonmal für die schnelle Antwort.
__________________Also ich habe diesen Threat gelesen: http://www.trojaner-board.de/125295-...ir-web-de.html hier wird dem user empfohlen mit mehreren Programmen dagegen vorzugehen. Ist dies denn nicht nötig? Habe Angst das mein e-mail Konto gehackt wurde und gefahr für meinen PC besteht bzw. andere Passwörter usw. nicht mehr sicher sind. |
|
20.11.2012, 19:51
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | web.de "mail deliver failed..." Dazu müsste ich erstmal die Kopfzeilen so einer Mail sehen Die hast du nämlich nicht gepostet
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
20.11.2012, 20:03
| #5 | |
| | web.de "mail deliver failed..." so sehen die e-mails aus: Zitat:
|
|
20.11.2012, 20:13
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | web.de "mail deliver failed..."Code:
ATTFilter Received: from serversima ([95.224.62.76]) by smtp.web.de (mrweb002) with
__________________ --> web.de "mail deliver failed..." Geändert von cosinus (20.11.2012 um 20:45 Uhr) |
|
20.11.2012, 20:21
| #7 |
| | web.de "mail deliver failed..." OK danke für deine Antwort. Ich kann das also einfach ignorieren und brauch mir keine Sorgen zu machen das was ernstes passieren kann? Würde die Mail vom Mailserver von web.de kommen hätte ich ein Problem? Worauf muss ich achten bzw. wie erkenne ich jetzt ob das gefährlich ist oder nicht? |
|
20.11.2012, 20:37
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | web.de "mail deliver failed..." warte mal, ich glaub ich hab da gerade Quatsch erzählt  (habs mal vorsichtshalber editiert)Nutzt du web.de über einen Mailclient wie Outlook oder machst du es per Webmail? Wie ist denn das Passwort zu deinem Web.de Konto gestrickt?
__________________ Logfiles bitte immer in CODE-Tags posten Geändert von cosinus (20.11.2012 um 20:46 Uhr) |
|
20.11.2012, 20:43
| #9 |
| | web.de "mail deliver failed..." Ich nutze web.de über webmail, also über google chrome oder firefox. Das Passwort war voher ein Wort+ 2 Ziffern, hab ich heute geändert auf 4 Ziffern, 3 Buchstaben, 3 Ziffern. |
|
20.11.2012, 20:48
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | web.de "mail deliver failed..." Kannst du mir mal so eine Mail weiterleiten? Am besten die Mail die du oeben als Beispiel angegeben hast) Ich möchte sehen was in den Kopfdaten der Statusmail steht, die Kopfdaten die in der Mail stehen betreffen nur diese Spammail, leite bitte an bienetvb.20.tbcosinus@spamgourmet.com weiter
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.11.2012, 21:43
| #11 |
| | web.de "mail deliver failed..." hab dir die e-mail weitergeleitet. |
|
20.11.2012, 22:20
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | web.de "mail deliver failed..." Danke, hab sie bekommen. Hat das denn schlagartig aufgehört als du das Passwort geändert hast?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.11.2012, 22:22
| #13 |
| | web.de "mail deliver failed..." ja bis jetzt ist keine neue gekommen. |
|
20.11.2012, 22:25
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | web.de "mail deliver failed..." Dann war vllt keine Adressfälschung im Spiel  häufig ist es aber so, dass bei diesen delivery fail Mails gefälschte Adressen die Ursache sindHast du ein viel zu einfaches PW gehabt? Nur ein Wort plus zwei Ziffern sagtest du? Ein sehr einfaches/kurzes Wort?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.11.2012, 22:31
| #15 |
| | web.de "mail deliver failed..." ein Name (nicht meiner) direkt gefolgt von 3 willkürlichen Buchstaben und 2 Ziffern. Also erraten konnte man das nicht. |
|
| Themen zu web.de "mail deliver failed..." |
| adresse, antivirus, babylontoolbar, beitrag, bereits, browser manager, focus, gefunde, grand theft auto, grund, hoffe, install.exe, irgend, keineantwortadresse@web.de, mail, mail delivery, meldungen, nichts, nutze, passwörter, plug-in, problem, programm, recht, scan, schei, spammails, täglich, usb 3.0, usern, verschickt, vorgehen, wichtige, zulässig |
Linear-Darstellung
