| magic24v | 03.08.2012 15:57 |
GVU Malewarebytes Log
Hallo hier mein Malewarelog.
Anleitung hat super Funktioniert. Zitat:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Datenbank Version: v2012.08.03.05
Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Randell :: RANDELL-PC [Administrator]
03.08.2012 16:39:34
mbam-log-2012-08-03 (16-39-34).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 208745
Laufzeit: 50 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 2
C:\Users\Randell\AppData\Local\Temp\deo0_sar.exe (Exploit.Drop.GS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Randell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
| Hier die OTL log´s vor dem Scann:
OTL Logfile: Code:
OTL logfile created on: 03.08.2012 15:43:13 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
16,00 Gb Total Physical Memory | 14,20 Gb Available Physical Memory | 88,79% Memory free
31,99 Gb Paging File | 30,15 Gb Available in Paging File | 94,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,53 Gb Total Space | 2,90 Gb Free Space | 4,87% Space Free | Partition Type: NTFS
Drive D: | 186,31 Gb Total Space | 135,24 Gb Free Space | 72,59% Space Free | Partition Type: NTFS
Drive E: | 298,08 Gb Total Space | 201,64 Gb Free Space | 67,65% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 868,34 Gb Free Space | 93,22% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Randell\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe (Wajam)
PRC - C:\Programme\My Lockbox\mylbx.exe (FSPro Labs)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\GMX\GMX Upload-Manager\DAVSRV.EXE (1&1 Mail & Media GmbH)
PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Windows\DAODx.exe ()
PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
PRC - D:\Install Verzeichnis\Programme x86\Nero 8\Nero BackItUp\NBService.exe (Nero AG)
========== Modules (No Company Name) ==========
MOD - C:\Programme\My Lockbox\FSPFlt.dll ()
MOD - C:\Windows\DAODx.exe ()
========== Win32 Services (SafeList) ==========
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (WajamUpdater) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe (Wajam)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (TuneUp.UtilitiesSvc) -- D:\Install Verzeichnis\Programme x86\TuneUp12\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 3) -- D:\Install Verzeichnis\Programme x86\Nero 8\Nero BackItUp\NBService.exe (Nero AG)
========== Driver Services (SafeList) ==========
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (uigxrdr) -- C:\Windows\SysNative\drivers\uigxrdr.SYS (1&1 Mail & Media GmbH)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (FSProFilter) -- C:\Windows\SysNative\drivers\FSPFltd.sys (FSPro Labs)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (TuneUpUtilitiesDrv) -- D:\Install Verzeichnis\Programme x86\TuneUp12\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1449064110-2082962008-3710358234-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
IE - HKU\S-1-5-21-1449064110-2082962008-3710358234-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1449064110-2082962008-3710358234-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKU\S-1-5-21-1449064110-2082962008-3710358234-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1449064110-2082962008-3710358234-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1449064110-2082962008-3710358234-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\S-1-5-21-1449064110-2082962008-3710358234-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.07.17 14:44:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.03 13:25:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 16:07:26 | 000,000,000 | ---D | M]
[2012.06.13 10:46:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Randell\AppData\Roaming\mozilla\Extensions
[2012.07.30 19:35:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Randell\AppData\Roaming\mozilla\Firefox\Profiles\vzg5g203.default\extensions
[2012.06.30 01:17:51 | 000,000,853 | ---- | M] () -- C:\Users\Randell\AppData\Roaming\Mozilla\Firefox\Profiles\vzg5g203.default\searchplugins\11-suche.xml
[2012.06.06 10:40:30 | 000,000,917 | ---- | M] () -- C:\Users\Randell\AppData\Roaming\Mozilla\Firefox\Profiles\vzg5g203.default\searchplugins\conduit.xml
[2012.06.30 01:17:51 | 000,002,209 | ---- | M] () -- C:\Users\Randell\AppData\Roaming\Mozilla\Firefox\Profiles\vzg5g203.default\searchplugins\englische-ergebnisse.xml
[2012.06.30 01:17:51 | 000,010,506 | ---- | M] () -- C:\Users\Randell\AppData\Roaming\Mozilla\Firefox\Profiles\vzg5g203.default\searchplugins\gmx-suche.xml
[2012.06.30 01:17:51 | 000,002,368 | ---- | M] () -- C:\Users\Randell\AppData\Roaming\Mozilla\Firefox\Profiles\vzg5g203.default\searchplugins\lastminute.xml
[2012.06.30 01:17:51 | 000,005,489 | ---- | M] () -- C:\Users\Randell\AppData\Roaming\Mozilla\Firefox\Profiles\vzg5g203.default\searchplugins\webde-suche.xml
[2012.06.13 10:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.24 12:06:29 | 000,276,167 | ---- | M] () (No name found) -- C:\USERS\RANDELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZG5G203.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
[2012.07.30 19:35:27 | 000,177,486 | ---- | M] () (No name found) -- C:\USERS\RANDELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZG5G203.DEFAULT\EXTENSIONS\{FAE08409-991D-414C-8113-68F37760339A}.XPI
[2012.06.30 01:17:50 | 000,575,217 | ---- | M] () (No name found) -- C:\USERS\RANDELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VZG5G203.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
[2012.07.19 16:07:26 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012.07.01 14:05:40 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 secure.tune-up.com
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NBKeyScan] D:\Install Verzeichnis\Programme x86\Nero 8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1449064110-2082962008-3710358234-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1449064110-2082962008-3710358234-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1449064110-2082962008-3710358234-1000..\Run: [GMX_GMX Upload-Manager] C:\Program Files (x86)\GMX\GMX Upload-Manager\DAVSRV.EXE (1&1 Mail & Media GmbH)
O4 - HKU\S-1-5-21-1449064110-2082962008-3710358234-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1449064110-2082962008-3710358234-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1449064110-2082962008-3710358234-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.08.03 15:34:07 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Randell\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.03 15:34:07 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Randell\Desktop\OTL.exe
[2012.08.02 14:50:22 | 000,000,000 | ---D | C] -- C:\Users\Randell\Application Data
[2012.08.02 14:32:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2012.07.26 21:35:06 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.07.21 01:03:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012.07.20 19:01:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.07.20 18:59:23 | 025,743,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.07.20 18:59:23 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.07.20 18:59:23 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.07.20 18:59:23 | 018,044,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.07.20 18:59:23 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.07.20 18:59:23 | 015,322,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012.07.20 18:59:23 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.07.20 18:59:23 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.07.20 18:59:23 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.07.20 18:59:23 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.07.20 18:59:23 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.07.20 18:59:23 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.07.20 18:59:23 | 002,368,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012.07.20 18:59:23 | 001,451,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2012.07.20 18:59:23 | 000,949,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2012.07.20 18:59:23 | 000,818,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012.07.20 18:59:23 | 000,364,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2012.07.20 18:59:23 | 000,301,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2012.07.20 18:59:23 | 000,246,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012.07.20 18:59:23 | 000,202,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012.07.20 18:59:23 | 000,188,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012.07.20 18:59:23 | 000,031,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012.07.19 19:06:58 | 000,000,000 | ---D | C] -- C:\Users\Randell\AppData\Local\Nero
[2012.07.19 19:06:58 | 000,000,000 | ---D | C] -- C:\Users\Randell\AppData\Local\Ahead
[2012.07.19 19:06:55 | 000,000,000 | ---D | C] -- C:\Users\Randell\AppData\Roaming\Nero
[2012.07.19 18:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8
[2012.07.19 18:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012.07.19 18:58:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2012.07.18 15:41:07 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.07.17 14:44:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012.07.13 16:28:29 | 000,000,000 | ---D | C] -- C:\Users\Randell\Documents\Broken Sword II - Remastered
[2012.07.13 16:27:38 | 002,887,680 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\libmmd.dll
[2012.07.13 16:27:38 | 002,666,500 | ---- | C] (Red Hat) -- C:\Windows\SysWow64\cygwin1.dll
[2012.07.13 16:27:38 | 001,100,288 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll
[2012.07.13 16:27:38 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2012.07.13 16:27:38 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71u.dll
[2012.07.13 16:27:38 | 001,024,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70.dll
[2012.07.13 16:27:38 | 001,017,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70u.dll
[2012.07.13 16:27:38 | 000,898,048 | ---- | C] (GNU <www.gnu.org>) -- C:\Windows\SysWow64\libiconv2.dll
[2012.07.13 16:27:38 | 000,799,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdia100.dll
[2012.07.13 16:27:38 | 000,722,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vb40032.dll
[2012.07.13 16:27:38 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp70.dll
[2012.07.13 16:27:38 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.07.13 16:27:38 | 000,398,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\vbrun300.dll
[2012.07.13 16:27:38 | 000,356,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\vbrun200.dll
[2012.07.13 16:27:38 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr70.dll
[2012.07.13 16:27:38 | 000,237,568 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Windows\SysWow64\ssleay32.dll
[2012.07.13 16:27:38 | 000,237,568 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Windows\SysWow64\libssl32.dll
[2012.07.13 16:27:38 | 000,131,072 | ---- | C] (Sereby Corporation) -- C:\Windows\SysWow64\AiORuntimes.dll
[2012.07.13 16:27:38 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\openal32.dll
[2012.07.13 16:27:38 | 000,101,888 | ---- | C] (GNU <www.gnu.org>) -- C:\Windows\SysWow64\libintl3.dll
[2012.07.13 16:27:38 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\atl71.dll
[2012.07.13 16:27:38 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\atl70.dll
[2012.07.13 16:27:38 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71DEU.dll
[2012.07.13 16:27:38 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71ITA.dll
[2012.07.13 16:27:38 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71FRA.dll
[2012.07.13 16:27:38 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71ESP.dll
[2012.07.13 16:27:38 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70ITA.dll
[2012.07.13 16:27:38 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70FRA.dll
[2012.07.13 16:27:38 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70ESP.dll
[2012.07.13 16:27:38 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70DEU.dll
[2012.07.13 16:27:38 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71ENU.dll
[2012.07.13 16:27:38 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70ENU.dll
[2012.07.13 16:27:38 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvci70.dll
[2012.07.13 16:27:38 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71KOR.dll
[2012.07.13 16:27:38 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71JPN.dll
[2012.07.13 16:27:38 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70KOR.dll
[2012.07.13 16:27:38 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70JPN.dll
[2012.07.13 16:27:38 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71CHT.dll
[2012.07.13 16:27:38 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70CHT.dll
[2012.07.13 16:27:38 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71CHS.dll
[2012.07.13 16:27:38 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70CHS.dll
[2012.07.13 16:27:37 | 001,069,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscomctl.ocx
[2012.07.13 16:27:37 | 001,066,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscomctl32.ocx
[2012.07.13 16:27:37 | 000,935,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\vb40016.dll
[2012.07.13 16:27:37 | 000,659,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscomct2.ocx
[2012.07.13 16:27:37 | 000,614,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comctl32.ocx
[2012.07.13 16:27:37 | 000,443,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MShflxgd.ocx
[2012.07.13 16:27:37 | 000,415,552 | ---- | C] (Microsoft Corporation ) -- C:\Windows\SysWow64\comct332.ocx
[2012.07.13 16:27:37 | 000,317,320 | ---- | C] (AutoIt Team) -- C:\Windows\SysWow64\AutoItX3.dll
[2012.07.13 16:27:37 | 000,278,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdatgrd.ocx
[2012.07.13 16:27:37 | 000,258,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msflxgrd.ocx
[2012.07.13 16:27:37 | 000,252,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdatlst.ocx
[2012.07.13 16:27:37 | 000,222,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dblist32.ocx
[2012.07.13 16:27:37 | 000,221,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tabctl32.ocx
[2012.07.13 16:27:37 | 000,218,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\richtx32.ocx
[2012.07.13 16:27:37 | 000,215,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mci32.ocx
[2012.07.13 16:27:37 | 000,178,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmask32.ocx
[2012.07.13 16:27:37 | 000,170,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comct232.ocx
[2012.07.13 16:27:37 | 000,155,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comdlg32.ocx
[2012.07.13 16:27:37 | 000,136,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msinet.ocx
[2012.07.13 16:27:37 | 000,129,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msstdfmt.dll
[2012.07.13 16:27:37 | 000,126,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mswinsck.ocx
[2012.07.13 16:27:37 | 000,119,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscomm32.ocx
[2012.07.13 16:27:37 | 000,107,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msstkprp.dll
[2012.07.13 16:27:37 | 000,100,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\picclp32.ocx
[2012.07.13 16:27:37 | 000,080,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sysinfo.ocx
[2012.07.13 16:27:37 | 000,032,768 | ---- | C] (Adobe Systems, Inc.) -- C:\Windows\System\plugin.dll
[2012.07.13 16:27:31 | 000,772,552 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.07.13 16:27:31 | 000,687,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.07.13 16:27:31 | 000,227,784 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.07.13 16:27:24 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.07.13 16:27:24 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.07.13 16:27:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.07.13 16:26:59 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2012.07.13 16:26:59 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2012.07.13 16:26:57 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2012.07.13 16:26:56 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_43.dll
[2012.07.13 16:26:53 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2012.07.13 16:26:53 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2012.07.13 16:26:53 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2012.07.13 16:26:52 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2012.07.13 16:26:48 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2012.07.13 16:26:48 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2012.07.13 16:26:48 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2012.07.13 16:26:46 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_43.dll
[2012.07.13 16:26:46 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2012.07.13 16:26:45 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2012.07.13 16:26:45 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2012.07.13 16:26:44 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2012.07.13 16:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broken Sword 2 Remastered
[2012.07.13 15:20:30 | 000,000,000 | ---D | C] -- C:\Users\Randell\AppData\Roaming\ScummVM
[2012.07.13 11:44:22 | 000,000,000 | ---D | C] -- C:\Users\Randell\AppData\Roaming\Broken Sword 2.5
[2012.07.13 11:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broken Sword 2.5
[2012.07.13 00:56:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012.07.13 00:56:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012.07.11 13:19:06 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.11 13:19:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.11 13:19:06 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.11 13:19:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.11 13:19:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.11 13:19:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.11 13:19:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.11 13:19:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.11 13:19:04 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.11 13:19:04 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.11 13:19:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.11 13:19:04 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.11 13:19:04 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.11 12:12:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.11 12:12:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.11 12:12:22 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.11 12:12:20 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.11 12:12:20 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.08 22:48:40 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll
[2012.07.08 22:48:40 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll
[2012.07.08 22:48:40 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2012.07.08 22:48:40 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll
[2012.07.08 22:48:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2012.07.08 22:45:58 | 000,327,749 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drvc.dll
[2012.07.08 22:45:58 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2012.07.08 22:45:58 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll
[2012.07.08 22:45:58 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax
[2012.07.08 22:45:58 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax
[2012.07.08 22:45:58 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\MatroskaDX.ax
[2012.07.08 22:45:58 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll
[2012.07.08 22:45:58 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax
[2012.07.08 22:45:58 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax
[2012.07.08 22:45:58 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax
[2012.07.08 22:45:58 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax
[2012.07.08 22:45:58 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax
[2012.07.08 22:45:58 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax
[2012.07.08 22:45:58 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll
[2012.07.08 22:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft
[2012.07.08 22:45:27 | 000,000,000 | ---D | C] -- C:\Users\Randell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
[2012.07.08 22:45:24 | 000,000,000 | ---D | C] -- C:\Users\Randell\AppData\Local\Wajam
[2012.07.08 22:45:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam
[2012.07.08 22:44:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft
[2012.07.06 13:54:11 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
========== Files - Modified Within 30 Days ==========
[2012.08.03 15:43:13 | 000,035,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.03 15:43:13 | 000,035,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.03 15:40:23 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.03 15:40:23 | 000,696,132 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.03 15:40:23 | 000,651,450 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.03 15:40:23 | 000,147,428 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.03 15:40:23 | 000,120,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.03 15:36:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.03 15:36:00 | 4293,533,694 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.03 15:34:06 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Randell\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.03 15:34:06 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Randell\Desktop\OTL.exe
[2012.08.03 15:19:22 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
[2012.08.03 14:33:49 | 000,001,889 | ---- | M] () -- C:\Users\Randell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.03 14:28:01 | 102,883,599 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.08.02 22:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.02 15:19:26 | 000,000,513 | ---- | M] () -- C:\Users\Randell\Desktop\Programme und Funktionen.lnk
[2012.08.02 15:14:32 | 000,000,486 | ---- | M] () -- C:\Users\Randell\Desktop\ANNO 2070.lnk
[2012.08.01 14:49:27 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.07.29 17:05:46 | 000,248,006 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012.07.27 12:09:19 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.27 12:09:19 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.23 23:17:15 | 000,000,146 | ---- | M] () -- C:\Users\Randell\Desktop\Sound - Verknüpfung.lnk
[2012.07.19 19:06:57 | 000,007,867 | ---- | M] () -- C:\Windows\Irremote.ini
[2012.07.19 18:59:53 | 000,001,708 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2012.07.17 14:44:49 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.07.14 18:19:19 | 000,027,520 | ---- | M] () -- C:\Users\Randell\AppData\Local\dt.dat
[2012.07.13 16:27:48 | 000,010,830 | ---- | M] () -- C:\Windows\unins001.dat
[2012.07.13 16:27:37 | 001,179,595 | ---- | M] () -- C:\Windows\unins001.exe
[2012.07.13 16:27:18 | 000,772,552 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.07.13 16:27:18 | 000,687,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.07.13 16:27:18 | 000,227,784 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.07.13 16:27:18 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.07.13 16:27:18 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.07.13 16:27:12 | 000,004,277 | ---- | M] () -- C:\Windows\unins000.dat
[2012.07.13 16:26:44 | 001,199,175 | ---- | M] () -- C:\Windows\unins000.exe
[2012.07.13 16:26:28 | 001,588,294 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.13 16:15:38 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\Broken Sword 2.lnk
[2012.07.13 15:20:38 | 000,001,532 | ---- | M] () -- C:\Users\Randell\Desktop\scummvm.lnk
[2012.07.13 11:43:54 | 000,000,892 | ---- | M] () -- C:\Users\Public\Desktop\Broken Sword 2.5.lnk
[2012.07.11 19:48:18 | 000,415,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.08 22:45:59 | 000,000,798 | ---- | M] () -- C:\Users\Public\Desktop\SUPER ©.lnk
========== Files Created - No Company Name ==========
[2012.08.03 14:33:49 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2012.08.03 14:33:49 | 000,001,889 | ---- | C] () -- C:\Users\Randell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.02 15:19:26 | 000,000,513 | ---- | C] () -- C:\Users\Randell\Desktop\Programme und Funktionen.lnk
[2012.08.02 15:14:32 | 000,000,486 | ---- | C] () -- C:\Users\Randell\Desktop\ANNO 2070.lnk
[2012.07.23 23:17:15 | 000,000,146 | ---- | C] () -- C:\Users\Randell\Desktop\Sound - Verknüpfung.lnk
[2012.07.20 19:01:01 | 002,621,723 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.07.20 18:40:57 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012.07.19 18:59:53 | 000,001,708 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2012.07.19 18:59:25 | 000,007,867 | ---- | C] () -- C:\Windows\Irremote.ini
[2012.07.14 18:19:19 | 000,027,520 | ---- | C] () -- C:\Users\Randell\AppData\Local\dt.dat
[2012.07.13 16:27:38 | 000,271,264 | ---- | C] () -- C:\Windows\System\vbrun100.dll
[2012.07.13 16:27:38 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\libpng13.dll
[2012.07.13 16:27:38 | 000,100,352 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2012.07.13 16:27:37 | 001,179,595 | ---- | C] () -- C:\Windows\unins001.exe
[2012.07.13 16:27:37 | 000,210,944 | ---- | C] () -- C:\Windows\System\msvcrt10.dll
[2012.07.13 16:27:37 | 000,010,830 | ---- | C] () -- C:\Windows\unins001.dat
[2012.07.13 16:26:44 | 001,199,175 | ---- | C] () -- C:\Windows\unins000.exe
[2012.07.13 16:26:44 | 000,004,277 | ---- | C] () -- C:\Windows\unins000.dat
[2012.07.13 16:26:28 | 001,588,294 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.13 16:15:38 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\Broken Sword 2.lnk
[2012.07.13 15:20:38 | 000,001,532 | ---- | C] () -- C:\Users\Randell\Desktop\scummvm.lnk
[2012.07.13 11:43:54 | 000,000,892 | ---- | C] () -- C:\Users\Public\Desktop\Broken Sword 2.5.lnk
[2012.07.08 22:48:40 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.07.08 22:45:59 | 000,000,798 | ---- | C] () -- C:\Users\Public\Desktop\SUPER ©.lnk
[2012.07.08 22:45:58 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax
[2012.07.08 22:45:58 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax
[2012.07.08 22:45:58 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax
[2012.07.08 22:45:58 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax
[2012.07.08 22:45:58 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012.07.08 22:45:58 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax
[2012.07.08 22:45:58 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax
[2012.07.08 22:45:58 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax
[2012.07.08 22:45:58 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax
[2012.07.08 22:45:58 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax
[2012.07.01 13:38:51 | 000,003,584 | ---- | C] () -- C:\Users\Randell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.13 16:33:24 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ2414N.DAT
[2012.06.13 09:56:28 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.06.13 09:56:28 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD5240.DAT
[2012.06.13 09:54:19 | 000,014,496 | ---- | C] () -- C:\Windows\HL-5240.INI
[2012.06.13 09:54:19 | 000,000,151 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2012.06.13 09:54:19 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2012.06.13 09:54:19 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2012.06.13 09:53:31 | 000,000,091 | ---- | C] () -- C:\Windows\Brownie.ini
[2012.06.13 09:30:03 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.06.13 09:29:59 | 000,029,754 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
========== LOP Check ==========
[2012.06.22 16:39:58 | 000,000,000 | ---D | M] -- C:\Users\Randell\AppData\Roaming\.minecraft
[2012.06.21 00:15:56 | 000,000,000 | ---D | M] -- C:\Users\Randell\AppData\Roaming\aborange
[2012.06.13 10:39:32 | 000,000,000 | ---D | M] -- C:\Users\Randell\AppData\Roaming\AVG2012
[2012.07.15 16:16:58 | 000,000,000 | ---D | M] -- C:\Users\Randell\AppData\Roaming\Broken Sword 2.5
[2012.06.13 16:39:26 | 000,000,000 | ---D | M] -- C:\Users\Randell\AppData\Roaming\Canon
[2012.07.13 15:47:10 | 000,000,000 | ---D | M] -- C:\Users\Randell\AppData\Roaming\DAEMON Tools Lite
[2012.06.20 12:36:32 | 000,000,000 | ---D | M] -- C:\Users\Randell\AppData\Roaming\GHISLER
[2012.06.20 04:00:48 | 000,000,000 | ---D | M] -- C:\Users\Randell\AppData\Roaming\GMX
[2012.06.28 00:17:56 | 000,000,000 | ---D | M] -- C:\Users\Randell\AppData\Roaming\ImgBurn
[2012.06.13 09:56:29 | 000,000,000 | ---D | M] -- C:\Users\Randell\AppData\Roaming\Leadertech
[2012.06.14 09:36:55 | 000,000,000 | ---D | M] -- C:\Users\Randell\AppData\Roaming\loadtbs
[2012.06.15 10:44:37 | 000,000,000 | ---D | M] -- C:\Users\Randell\AppData\Roaming\MTE
[2012.06.13 11:37:28 | 000,000,000 | ---D | M] -- C:\Users\Randell\AppData\Roaming\Newshosting
[2012.06.28 00:29:00 | 000,000,000 | ---D | M] -- C:\Users\Randell\AppData\Roaming\OpenCandy
[2012.06.25 00:34:08 | 000,000,000 | ---D | M] -- C:\Users\Randell\AppData\Roaming\picpick
[2012.07.13 15:20:30 | 000,000,000 | ---D | M] -- C:\Users\Randell\AppData\Roaming\ScummVM
[2012.07.04 14:36:31 | 000,000,000 | ---D | M] -- C:\Users\Randell\AppData\Roaming\TuneUp Software
[2012.07.29 22:48:53 | 000,000,000 | ---D | M] -- C:\Users\Randell\AppData\Roaming\UseNeXT
[2009.07.14 07:08:49 | 000,031,374 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
--- --- ---
OTL Logfile: Code:
OTL Extras logfile created on: 03.08.2012 15:43:13 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Randell\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
16,00 Gb Total Physical Memory | 14,20 Gb Available Physical Memory | 88,79% Memory free
31,99 Gb Paging File | 30,15 Gb Available in Paging File | 94,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,53 Gb Total Space | 2,90 Gb Free Space | 4,87% Space Free | Partition Type: NTFS
Drive D: | 186,31 Gb Total Space | 135,24 Gb Free Space | 72,59% Space Free | Partition Type: NTFS
Drive E: | 298,08 Gb Total Space | 201,64 Gb Free Space | 67,65% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 868,34 Gb Free Space | 93,22% Space Free | Partition Type: NTFS
Computer Name: RANDELL-PC | User Name: Randell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1449064110-2082962008-3710358234-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "D:\Install Verzeichnis\Programme x86\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "D:\Install Verzeichnis\Programme x86\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "D:\Install Verzeichnis\Programme x86\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "D:\Install Verzeichnis\Programme x86\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015B525B-8BE8-489A-A03A-3C868FF4B33C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{05CDAB4D-04A9-42EB-97C7-D3B0C2A7C891}" = lport=2869 | protocol=6 | dir=in | app=system |
"{10F7DA0E-0E38-4FDE-BD71-68AB287D2A17}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{184B6861-9F46-4B41-B72B-02B74A87B2A3}" = rport=138 | protocol=17 | dir=out | app=system |
"{23E2E5B8-FE58-4AD9-8CA2-39F5667A4E43}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3CB205B1-65D6-4823-BCCB-2B5ADE753ED8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3DFF1DCF-A465-41C9-B949-84982E477F54}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4D3830DE-68D8-4F39-A156-41085061EF94}" = rport=137 | protocol=17 | dir=out | app=system |
"{63BAD456-73E2-4324-BFF2-155192352E51}" = lport=137 | protocol=17 | dir=in | app=system |
"{65277235-AD25-4895-8596-95AE21959096}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{72C55C8C-7C5E-4104-B261-F56488A7E975}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{762093C5-6C14-48AC-89CF-F5A888638A27}" = lport=139 | protocol=6 | dir=in | app=system |
"{7FB7EB51-D5C4-4749-B47B-7EEC149318B9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{80D962FC-428E-40B3-B89B-50F77254ECDC}" = rport=445 | protocol=6 | dir=out | app=system |
"{83546833-43B7-4968-BCA3-DBFAF4537491}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8383577D-27BA-44C0-9F4F-A661F4343C5F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8AB2D3D2-FB35-4E97-ADD7-4DBED8FAA6D0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{927ECA28-FC88-4D4F-A854-207219D36C64}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{92B4E2AF-379B-4F28-B5DF-0A0C3AEE2555}" = lport=445 | protocol=6 | dir=in | app=system |
"{B1F949F7-11C0-491A-85B8-AED9DDF87486}" = lport=138 | protocol=17 | dir=in | app=system |
"{CBF1DE17-8268-4AE4-9732-40E7B10BF939}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D194FC99-47FF-4505-85A9-480B33351B71}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D88A9CDE-E284-47E5-93A1-D235FB58DAFB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E3382BA0-39EA-4A42-BF11-1B187A7C0968}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F380EE0E-DF08-4A65-97F9-DEEB19815FD0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FB327F96-790A-4E51-B8B1-053556C5DB70}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0216B5F7-EB8C-474D-852C-0CCFFAC7DBBB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{03882291-0AA2-42DF-9755-D64B03B946BA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{0628978A-6B61-482F-9624-0C7BC001306D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{09711CAA-1252-4F1F-90E1-29A3F553534C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0F62C5BF-BFBF-41AF-8A7E-1769A21C61C2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{2268EDC6-FFAD-4012-9480-032B4A2CAEC8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2DED909B-71B1-48A8-8A5C-295DB18AC066}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3079A899-695E-4354-8722-FD0D42DBA263}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3542AC66-CA74-4781-80F1-B8F4D62206A4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{383435A0-EB15-498F-90D9-556993D104FF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{395666DC-13C7-411D-8A0D-8585E7796834}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{42D19EB9-5585-434E-8039-E11885F3313E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{45C5D8A5-8CEF-4F21-8C98-D22068D6236F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{55EA055F-01F8-4122-BAF4-A6C6BA452358}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{56555B61-0F60-417F-AE58-FE63960B94EE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5ED41C1A-0E37-45F4-ADB4-D36A3D255627}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{6117610E-2DBD-4446-9D13-945DE717E01C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{62F41E31-14BE-40A5-8D5E-28A265DF5F23}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{64EBDEEA-EDD8-49CA-A38D-012C0DC0AAF7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{6C290B63-F6DF-4D28-9061-791533C10A11}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{8CDDEA35-16A8-4282-AC44-845ABA3015E1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8D99E6D4-6D4E-4FD4-A9A5-692E738E064A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{94D2A323-D8C1-429C-81B7-4BF16FD3BE00}" = protocol=6 | dir=out | app=system |
"{94D95BD3-8945-4ADB-AB13-E1A0C85ED6CB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B15E28BE-CCC8-4B35-A03E-AA27ACE718A8}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{B5C564CD-5666-4827-8B75-18AE71A162B3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C3DE0F41-F3FA-414F-86D0-AD9D88D6D9C7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{D7350617-88DE-4A86-B67A-EBA425E8D422}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D76E0717-34D5-4CED-BF27-82D00204CD03}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{DF01FCFD-DA4F-4C6A-8E69-46A4F89BE60E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E566E149-595C-46DE-B3CF-DF1EBACCB761}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E89314A2-A234-48ED-8F32-C8BCCE981DD4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{F69EF5B0-2303-477C-94D1-955EC8B17162}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FEF08F46-4C86-4CF4-929D-F9609E90EB62}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"TCP Query User{7D8CAAE6-06B0-4D4D-9FB3-188E1883182C}D:\install verzeichnis\spiele x86\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=d:\install verzeichnis\spiele x86\fifa 12\game\fifa.exe |
"UDP Query User{AF7C333B-8ED8-4AB1-AD13-38B6476C89BF}D:\install verzeichnis\spiele x86\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=d:\install verzeichnis\spiele x86\fifa 12\game\fifa.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414" = CanoScan LiDE 110 Scanner Driver
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1" = DirectX 9.0c Extra Files (x86, x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"My Lockbox_is1" = My Lockbox 2.8.5
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"sp6" = Logitech SetPoint 6.32
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3BB70E64-28C9-4FA9-B702-C30D29CC7B74}_is1" = Broken Sword 2 Remastered version 1.0
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.07.14
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B14BB2ED-CBEE-4F83-94B7-13DD86051550}" = Brother HL-5240
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.51 (April 7, 2012) Version v2012.build.51
"{B944FA21-81AF-4A77-8328-CE4F4CC51031}" = Nero 8
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Broken Sword 2.5_is1" = Broken Sword 2.5
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CrystalDiskInfo_is1" = CrystalDiskInfo 5.0.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"dm-Fotowelt" = dm-Fotowelt
"Fifa 12 (c) Electronic Arts_is1" = Fifa 12 (c) Electronic Arts version 1
"GMX Upload-Manager" = GMX Upload-Manager
"ImgBurn" = ImgBurn
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 1.1.11
"Wajam" = Wajam
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1449064110-2082962008-3710358234-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FIFA 12 CAREER MODE EDITOR V. 1.0 BY DOCTOR+ PRODUCTIONS" = FIFA 12 CAREER MODE EDITOR V. 1.0 BY DOCTOR+ PRODUCTIONS
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.08.2012 09:19:53 | Computer Name = Randell-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.08.2012 12:34:40 | Computer Name = Randell-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "D:\Install Verzeichnis\Programme
x86\Nero 8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 02.08.2012 12:34:41 | Computer Name = Randell-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "D:\Install Verzeichnis\Programme
x86\Nero 8\Nero PhotoSnap\PhotoSnap.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 02.08.2012 12:34:41 | Computer Name = Randell-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "D:\Install Verzeichnis\Programme
x86\Nero 8\Nero PhotoSnap\PhotoSnapViewer.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 03.08.2012 08:24:16 | Computer Name = Randell-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.08.2012 08:38:07 | Computer Name = Randell-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.08.2012 08:45:34 | Computer Name = Randell-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.08.2012 08:52:22 | Computer Name = Randell-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.08.2012 09:11:16 | Computer Name = Randell-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.08.2012 09:37:48 | Computer Name = Randell-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 20.07.2012 09:00:14 | Computer Name = Randell-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 20.07.2012 13:27:46 | Computer Name = Randell-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 21.07.2012 20:04:50 | Computer Name = Randell-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 23.07.2012 16:26:39 | Computer Name = Randell-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 25.07.2012 16:19:00 | Computer Name = Randell-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 27.07.2012 05:44:00 | Computer Name = Randell-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 28.07.2012 17:10:25 | Computer Name = Randell-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 30.07.2012 13:33:08 | Computer Name = Randell-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 01.08.2012 08:50:29 | Computer Name = Randell-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 03.08.2012 08:27:57 | Computer Name = Randell-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
< End of report >
--- --- ---
:party:
Danke! |
