Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Verschiebung von Dateien geschieht sehr langsam

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.03.2013, 14:42   #1
Lilhomer
 
Verschiebung von Dateien geschieht sehr langsam - Standard

Verschiebung von Dateien geschieht sehr langsam



Vor nicht mal 2Stunden, hat das verschieben von Daten auf einmal sehr lange gedauert.
Ebenso bis die Dateien im Papierkorb landeten usw.

Nun möchte ich einfach mal checken lassen ob das eventuell ein Virus sein kann.
Ich wäre sehr dankbar, wenn mir hier geholfen werden könnte

Extra.logfile
Code:
ATTFilter
OTL Extras logfile created on: 30.03.2013 13:37:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,98 Gb Total Physical Memory | 14,27 Gb Available Physical Memory | 89,34% Memory free
31,95 Gb Paging File | 30,09 Gb Available in Paging File | 94,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 21,10 Gb Free Space | 18,89% Space Free | Partition Type: NTFS
Drive D: | 630,24 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 100,00 Mb Total Space | 65,84 Mb Free Space | 65,84% Space Free | Partition Type: NTFS
Drive G: | 931,41 Gb Total Space | 372,08 Gb Free Space | 39,95% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "G:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "G:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1452A6D2-D8DC-49E2-90D3-C3280D59A53D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2074BA0E-124D-4E81-A93E-CC5049BF8399}" = rport=139 | protocol=6 | dir=out | app=system | 
"{39B7D0D9-992F-468A-94E0-5C920C18A8B1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3BB397B4-96F1-4BB0-A63B-9CBA3D00E700}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3F50C8AE-B4E2-4AD6-AE4D-7C5A4D50F48C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{540CAE1D-BE9E-4FB3-96D6-284AAF902FC2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5B0AC2A0-AE21-40EB-A28B-41016D9BF60F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5C960D43-D1B0-4542-85C6-0010DC729EEB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{65B210C9-7145-48A3-8944-581FA5D2F775}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6C35C6DD-43A4-4CED-94DE-2F1050AD6C52}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{70617BF2-58EC-426F-B092-8B6C80C2B6F5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{830A57C5-B709-4134-8614-9893A8F34298}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{847545C4-95E9-440A-828E-5EA1A1BC5C33}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{86D067DC-50CE-4765-BBE9-0536AB230DFD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{9A4BB342-DE35-42FA-BD34-B53315EC9EAF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A61A9034-A6DF-4B18-A1A8-4CAE00728D60}" = lport=137 | protocol=17 | dir=in | app=system | 
"{AEDB7691-0F95-460C-A35D-791029B58732}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C19D44FA-3D69-4676-8DF4-4693D503CC01}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E829CAC8-C89D-4AE4-AA71-28BCA5540D45}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F95F6FB9-4492-4E0E-B24F-57BB5E3E26B4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FF8F7EB5-2E54-4C7D-B3DB-839DD1838DA9}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AF1B38-3AE0-4EC5-A26A-3785EF5CC937}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{0214BD04-A61A-4B17-AD63-E25ED1D2EAAB}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steam.exe | 
"{026C403D-2DE8-4C6B-BB96-08801D7EA753}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{07002F48-CF80-415D-923A-DCBA63D99A9C}" = protocol=17 | dir=in | app=g:\games\fc3\bin\fc3updater.exe | 
"{0D291349-97B5-44FD-B583-8C5D6AABF828}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\magicka\magicka.exe | 
"{0DC84828-2193-4F1E-85B4-C69C8DD9A3A7}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\torchlight ii\torchlight2.exe | 
"{111C8314-04B6-4B52-A055-171F7C1CB4AF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe | 
"{145A4111-131E-489D-BAFA-C1658981D40F}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{1589BE9D-70A3-49D4-8463-E5666CF2C8C3}" = protocol=17 | dir=in | app=g:\program files (x86)\vivox\c3\c3.exe | 
"{17FFCE2C-1089-43C7-B1E5-E1DC2E8DD597}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\arma 3\arma3.exe | 
"{1F3CA22B-1FEE-4DC0-A6F0-154EB9CC51D3}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{25CEDEAB-92BC-435E-9BE1-711403E96745}" = protocol=17 | dir=in | app=g:\games\diablo iii\diablo iii.exe | 
"{26434D25-38A5-4572-BC6A-3C9699CA3F4B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{27AE3357-8FA2-4F4D-B1F8-46D399E2EE96}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\dota 2 beta\dota.exe | 
"{27F6FD26-785A-4453-9DE1-FC045C236A50}" = protocol=6 | dir=in | app=g:\games\diablo iii\diablo iii.exe | 
"{2949C427-68A0-49E3-AD56-07CD7534DE69}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\arma 2\arma2.exe | 
"{29B85969-91C0-4603-825B-E62530AAC0A4}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\painkiller hell & damnation\binaries\win32\pkhdgame-win32-shipping.exe | 
"{2B07B61B-4F28-46A0-A5FB-38B93CBC5C8B}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{2B0FE247-764F-4991-82A0-F4F0B3A450BD}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{2F3A4D74-20FD-4F96-A5D4-8707F015C8D0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{31323E6C-935B-4885-BC0D-6B09EEF9BAE4}" = protocol=17 | dir=in | app=g:\games\fc3\bin\fc3editor.exe | 
"{32534EA7-D487-4400-AFEC-0B689C6AE654}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{326BD33E-0864-41CE-954E-E90FBAFCCBD8}" = protocol=17 | dir=in | app=g:\games\fc3\bin\farcry3_d3d11.exe | 
"{327723C8-5B23-4568-9F55-D17AE075192D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{3A0762DD-D2C4-405C-8363-6F6B0D0246DC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{3D2DDB28-4AB4-48A4-9BC8-A1F8EF1F2B1E}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\arma 3 alpha lite\arma3demo.exe | 
"{3E7131BE-2B5B-4D26-9545-F2DE2462783F}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steam.exe | 
"{40E186AD-8710-43F9-B89F-F3ABF4F9B15E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe | 
"{40E414EC-429C-445D-8895-082B13E8B332}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{43B190D4-78BA-4579-A81F-012421258ED8}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{447F25A9-CBBA-4318-A80F-E287163D51E2}" = dir=in | app=g:\program files (x86)\the war z\warz.exe | 
"{450353D7-77A6-4DE7-B679-76929556C366}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{47003DE7-F59B-42DD-8A29-5909C5A344FE}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{47BDCC1F-515A-4EBF-8D03-182F9A0384D4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\anno4.exe | 
"{4A8CE146-DDB2-4956-8E56-09A18A598339}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{4BE192C4-8384-4A74-97F6-18675021F85C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{4F906F4D-2362-4040-B93D-536794DE1CFC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\benchmark.exe | 
"{5BCAB434-8734-489B-BECB-E0C4F3B92B72}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{5CDA4351-B725-43C9-9D09-D7A1A97EAF21}" = protocol=6 | dir=in | app=g:\games\fc3\bin\farcry3.exe | 
"{5D7E3B89-2194-4B79-B3AB-0B30A23509E0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{5F2B2123-C634-4348-963A-975F40C8AC84}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe | 
"{62040EDB-2BF5-4BAE-84D8-DEEB6C1045A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{64009B28-5724-4884-A075-63459B582265}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{66D09370-0383-4680-B3F0-29AE9DCAC59E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{678E6437-00E5-4B4C-9461-E58EA7306984}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\dota 2 beta\dota.exe | 
"{68A3DE2B-3C69-4CA3-87F4-5404BEA43314}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{69295413-6052-4BD9-AD2C-6B9EC464671A}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\magicka\magicka.exe | 
"{712DAC87-696E-4F41-B042-9C55B9E76E4A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\benchmark.exe | 
"{7254B17F-2270-49F8-BECE-3D985479E927}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{73417645-9845-43EF-82E0-87990724C47F}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe | 
"{74C13B84-E512-478D-A510-6E9862E3CFC2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7622442C-809B-4570-A24C-945B297AD302}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{76EB0C4D-C43D-422D-B8CB-557665175647}" = protocol=17 | dir=in | app=g:\games\fc3\bin\farcry3.exe | 
"{775CDEA4-4CF1-4B3C-9350-9D38944A5293}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\just cause 2\justcause2.exe | 
"{7A3408CF-B9D8-4100-81C0-9690EFFBE9E5}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\arma 2\arma2.exe | 
"{7A42326F-F625-4E9A-AA9E-767A04DC17AD}" = protocol=6 | dir=in | app=g:\games\fc3\bin\fc3updater.exe | 
"{7DC16C7C-3E21-41E2-B6BF-C3F376711A04}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{7E5E2F73-F703-463D-9FE7-FB23A9E153E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8001B480-4408-45C7-BC59-24C39EB6E0A7}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{815DD436-1B86-44E2-9189-D35F2E98EDCA}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{817EB6B2-2C56-4482-8702-3BDCA3545639}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{833FFED1-1766-4391-BEE8-B8651684DDEB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{84A97355-54E4-46E9-8EE7-911FEB88D351}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\addon.exe | 
"{85EC9E4A-6233-49C3-B802-4F0C35611979}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"{87135DE2-B4C0-4BF3-BC6B-8D6B6960AA51}" = protocol=17 | dir=in | app=g:\games\dragon next install\dragon nest europe\dragonnest.exe | 
"{87CD8A89-A5C2-4418-A331-676A27CE4E71}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{89324F4A-2652-4447-9817-CE18F7FF3710}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{8AE0E40F-D26A-4503-AA5C-56019A731CE5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8B132B2D-06CD-4867-B2EF-1F02ABFC07DB}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{8B32BF4F-7D72-4A04-BA88-ABDD4BB2B583}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{8C5E8241-C81B-47B9-8FAF-9C51733B240F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{8CB71F4A-CF6D-49D5-9BAA-B822C50C8B2D}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{8D20D1F8-0104-4440-B0CB-96A1BAFAB70E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9006F142-A30A-40D1-999F-0C28C7AFCE02}" = protocol=6 | dir=in | app=g:\games\fc3\bin\fc3editor.exe | 
"{90E581BF-199E-4AE5-93C6-D13D3FAB3758}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{96292F44-51A7-4752-9E1D-80535A1DF1CD}" = protocol=6 | dir=in | app=g:\games\stc2\starcraft ii\starcraft ii.exe | 
"{96F162EC-B284-4B92-91A3-5B857F0AFD30}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"{98737CD4-8A10-4AB0-8665-01A90A64A502}" = protocol=6 | dir=in | app=g:\program files (x86)\bf333\battlefield 3\bf3.exe | 
"{9915D028-8DF1-4503-AD38-89E73A0925FC}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\just cause 2\justcause2.exe | 
"{9FC8CED7-228A-41CB-B131-FB12C7F105D6}" = protocol=6 | dir=in | app=g:\games\utorrent\utorrent.exe | 
"{A0AD2568-60EE-4957-968D-275BB91E0828}" = protocol=17 | dir=in | app=g:\games\stc2\starcraft ii\starcraft ii public test.exe | 
"{A17476E2-98F3-46E7-AE61-5B186244268E}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{A45C413A-37B5-47B2-A733-E87AE2F390A0}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\anno4.exe | 
"{A472365A-4EFD-4CFC-91EC-9092C61072E3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{A4BABAFE-4695-4702-A734-6D2514A8758D}" = protocol=6 | dir=out | app=system | 
"{A6857A54-7D31-4A98-A210-822306BA11EB}" = protocol=6 | dir=in | app=g:\games\war thunder\launcher.exe | 
"{A9185D5A-105A-4529-BF80-F9672F443DE3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{ABB3E7F0-6A58-4523-BA5B-6F7DE10A91F1}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{B010A4E2-AA92-4513-ACD1-87E92C4C6891}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{B460B112-DDDC-4A76-B5AF-0E42A21C22FD}" = protocol=17 | dir=in | app=g:\games\stc2\starcraft ii\starcraft ii.exe | 
"{B6DE891F-34FF-4BB9-BF07-D26A5DF4B84F}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 
"{B8E4194C-CF7D-4848-BE73-A9E76E1B9DC4}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{B967BE3D-6563-4155-A07D-70F053099C70}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\arma 3 alpha lite\arma3demo.exe | 
"{BAB6B462-6CC5-4B1E-9F0C-42473ADE8403}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BD29D73E-3769-49DB-8E73-C9AD5F843DBF}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\torchlight ii\torchlight2.exe | 
"{BEC66D8A-DD3F-45A9-92E3-B1E2DB2C2297}" = protocol=6 | dir=in | app=g:\games\stc2\starcraft ii\starcraft ii public test.exe | 
"{C11B8BEB-8A46-4685-A3EE-0100F5119AA8}" = protocol=17 | dir=in | app=g:\program files (x86)\bf333\star wars - the old republic\launcher.exe | 
"{C2D249ED-B3EA-4842-BF8E-F20FA24B5B38}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C2F3CF3B-E258-46FE-B2BC-08C80F0905C8}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{C379AA5C-C587-46EE-B9B7-A526F8A04150}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C45C1833-900F-49AE-93AB-49C7BE747A64}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\arma 3\arma3.exe | 
"{C6EA3705-99F1-44BA-B1BF-18B4F420B59D}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\painkiller hell & damnation\binaries\win32\pkhdgame-win32-shipping.exe | 
"{CBD5EBE0-4E33-41CB-AA9F-06DFF43FFBA9}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{D230DBB5-4E2C-4CE2-A9DD-539729B7611C}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe | 
"{D641DE0F-D50E-40AE-A194-F5793127278A}" = protocol=17 | dir=in | app=g:\games\war thunder\launcher.exe | 
"{D8212FA8-7C37-4F93-A37D-021A9009C0A4}" = protocol=17 | dir=in | app=g:\program files (x86)\bf333\battlefield 3\bf3.exe | 
"{D96D1B66-DFC2-4BF1-BA75-BCA9174A3A76}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\addon.exe | 
"{DD5488E5-5348-44AF-B0BE-B7687892C299}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{DF79A960-3291-4313-8768-82E7C71D3106}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe | 
"{E2127ECB-A63F-4875-ABB1-102B8CF10335}" = protocol=6 | dir=in | app=g:\program files (x86)\bf333\star wars - the old republic\launcher.exe | 
"{E2FE1113-FD4C-4847-8986-970CF11593EB}" = protocol=17 | dir=in | app=g:\games\utorrent\utorrent.exe | 
"{E4407C54-7154-4D13-A7F2-C84FCD891101}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{E57F74F5-7ABD-4247-ADE2-EC2C46217101}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{E845612E-FC93-4687-824D-4CC8E4823FD5}" = protocol=6 | dir=in | app=g:\games\dragon next install\dragon nest europe\dragonnest.exe | 
"{E87451D5-C978-414A-A009-AA7DD6581B0E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{EF9BC9DC-9B62-48CD-8C10-739FE5F3EA84}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 
"{F01C534D-3B0A-40F1-AF0C-954CA138CF8B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{F3FDF440-9BC3-46C5-8A90-B0E0B646F218}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F422707A-59C9-43D4-B92F-31B62B69ECC7}" = protocol=6 | dir=in | app=g:\games\fc3\bin\farcry3_d3d11.exe | 
"{F5D067A5-4833-4D9C-BF33-F43B85D1F291}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{F9478A01-72A4-43B4-839D-23707B8B12E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FD8647D6-ECAB-426F-A8BC-CFDBB02DF2FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FFF53CE4-3036-45F8-9664-450453FDE77F}" = protocol=6 | dir=in | app=g:\program files (x86)\vivox\c3\c3.exe | 
"TCP Query User{1F43478D-CE58-4E72-BB8D-952E8D98A585}G:\program files (x86)\steam\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe | 
"TCP Query User{24F02338-7A82-442E-87C9-83971D44234A}G:\games\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=g:\games\borderlands 2\binaries\win32\borderlands2.exe | 
"TCP Query User{309C9187-F92F-4B24-8C1B-2AB409B0C07F}G:\program files (x86)\steam\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"TCP Query User{316508E5-06F6-4190-B483-3F3399968261}G:\games\guildwars2!\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=g:\games\guildwars2!\guild wars 2\gw2.exe | 
"TCP Query User{34729172-9BE2-4A5E-BCA2-9643F79C76D9}G:\games\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=g:\games\guild wars 2\gw2.exe | 
"TCP Query User{35A67D0F-6BC5-4A01-8478-F746983E59EE}C:\users\user\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\temp\gw2.exe | 
"TCP Query User{4B00B17E-8B50-45E9-9C57-C9FFBFF53821}G:\program files (x86)\steam\steam\steamapps\sgteaglegg\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\sgteaglegg\counter-strike source\hl2.exe | 
"TCP Query User{4E7F561F-7924-4031-9596-CF79C36AFF8D}C:\program files (x86)\network camera\ip discovery\ipdis.exe" = protocol=6 | dir=in | app=c:\program files (x86)\network camera\ip discovery\ipdis.exe | 
"TCP Query User{51E217A1-97FF-4091-A7D4-BE8B1862ADC8}G:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=g:\program files (x86)\lolreplay\lolreplay.exe | 
"TCP Query User{644D7C2C-074B-499A-B018-5AA0A720D773}G:\program files (x86)\steam\steam\steam.exe" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steam.exe | 
"TCP Query User{6C187D48-A837-4E22-9E65-D3AE9AEE10AA}G:\games\stc2\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=g:\games\stc2\starcraft ii\versions\base23260\sc2.exe | 
"TCP Query User{85BC4735-4E7A-4188-9641-2D54DD5FA846}G:\games\tera\tera-launcher.exe" = protocol=6 | dir=in | app=g:\games\tera\tera-launcher.exe | 
"TCP Query User{8FB08D29-410E-4FF3-BC5B-BF1B72C44ADB}G:\games\gps\pcgps.exe" = protocol=6 | dir=in | app=g:\games\gps\pcgps.exe | 
"TCP Query User{9D207DED-2DB3-4078-B62C-48CF8D7DD917}G:\program files (x86)\steam\steam\steamapps\sgteaglegg\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\sgteaglegg\team fortress 2\hl2.exe | 
"TCP Query User{A1A09623-2A31-41B5-8232-E89382329A2D}C:\program files (x86)\nvr\nvr\mainconsole.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nvr\nvr\mainconsole.exe | 
"TCP Query User{A5884FF5-7BA0-496F-8CF8-BBBC39921085}C:\program files (x86)\network camera\ip discovery\ipdis.exe" = protocol=6 | dir=in | app=c:\program files (x86)\network camera\ip discovery\ipdis.exe | 
"TCP Query User{A8591FEE-E4B7-4D09-95D3-045A1558BAED}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{B8B9CA81-E5DB-4FFF-9A50-BBF71E867FA2}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{BAE6A435-23F2-4133-914E-A443CEDCA98F}C:\program files (x86)\nvr\nvr\mainconsole.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nvr\nvr\mainconsole.exe | 
"TCP Query User{D1EBC4FF-ECB5-44CA-AB4E-663577EEB84B}G:\users\user\desktop\desktop [2]\some games\empire earth\empire earth.exe" = protocol=6 | dir=in | app=g:\users\user\desktop\desktop [2]\some games\empire earth\empire earth.exe | 
"TCP Query User{E5A1A435-0DCF-46B7-BF75-D5EABDD0A875}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{EBC849D0-5ABA-4075-8F11-88EC0D4B65D4}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{EC75AEE8-3927-4698-BFB5-8C5AA2867CF5}G:\program files (x86)\vivox\c3\c3.exe" = protocol=6 | dir=in | app=g:\program files (x86)\vivox\c3\c3.exe | 
"UDP Query User{051315FE-F483-4ECB-9BB8-406109D39ACA}C:\program files (x86)\nvr\nvr\mainconsole.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nvr\nvr\mainconsole.exe | 
"UDP Query User{058F100F-8550-4AE8-B5A7-12A19998CD10}C:\program files (x86)\network camera\ip discovery\ipdis.exe" = protocol=17 | dir=in | app=c:\program files (x86)\network camera\ip discovery\ipdis.exe | 
"UDP Query User{0B714DD4-3DF2-45B0-80AA-43104F030597}G:\program files (x86)\steam\steam\steamapps\sgteaglegg\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\sgteaglegg\team fortress 2\hl2.exe | 
"UDP Query User{0DBA3891-29F9-4103-A07F-4C5625E0BA07}G:\games\tera\tera-launcher.exe" = protocol=17 | dir=in | app=g:\games\tera\tera-launcher.exe | 
"UDP Query User{19DC92FB-A597-4D5F-A361-C9083B780AF4}G:\games\guildwars2!\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=g:\games\guildwars2!\guild wars 2\gw2.exe | 
"UDP Query User{1F206595-4719-47D5-B577-A8B59FA1D598}C:\program files (x86)\network camera\ip discovery\ipdis.exe" = protocol=17 | dir=in | app=c:\program files (x86)\network camera\ip discovery\ipdis.exe | 
"UDP Query User{210F348E-B671-4DB6-A0F1-A9C00C0D9C7D}G:\users\user\desktop\desktop [2]\some games\empire earth\empire earth.exe" = protocol=17 | dir=in | app=g:\users\user\desktop\desktop [2]\some games\empire earth\empire earth.exe | 
"UDP Query User{24F7247B-27D5-482B-B7AD-3761962F22A1}G:\program files (x86)\steam\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe | 
"UDP Query User{3661B1D7-C572-4BFD-9E4C-F2DAC4E7AA08}C:\users\user\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\temp\gw2.exe | 
"UDP Query User{3BB4445B-51B6-4BA6-AEE9-D78B78191060}G:\program files (x86)\steam\steam\steamapps\sgteaglegg\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\sgteaglegg\counter-strike source\hl2.exe | 
"UDP Query User{4B087C21-F2B0-410D-BC91-A08FD189D474}G:\program files (x86)\steam\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"UDP Query User{4F25392B-89BA-4B31-9CD0-92AE5FF78AC1}G:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=g:\program files (x86)\lolreplay\lolreplay.exe | 
"UDP Query User{55984343-603F-46BA-859E-985A84608496}G:\games\stc2\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=g:\games\stc2\starcraft ii\versions\base23260\sc2.exe | 
"UDP Query User{6382E31E-4A82-45B3-81A5-AFCCEAA4AD3E}G:\games\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=g:\games\borderlands 2\binaries\win32\borderlands2.exe | 
"UDP Query User{63B0CEA8-1851-437F-96F2-B6224166233F}G:\program files (x86)\steam\steam\steam.exe" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steam.exe | 
"UDP Query User{75DAEFCF-E575-42C2-BD9F-B2E6C64B8D79}C:\program files (x86)\nvr\nvr\mainconsole.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nvr\nvr\mainconsole.exe | 
"UDP Query User{9A2FE63A-27FB-4CD0-A1F1-931B8991540D}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{AE0A6914-525D-4446-A280-FF4FC7365F12}G:\program files (x86)\vivox\c3\c3.exe" = protocol=17 | dir=in | app=g:\program files (x86)\vivox\c3\c3.exe | 
"UDP Query User{B12EAB14-F43C-4D75-8F88-E086DEDE387E}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{B5DC6EC8-56F3-4DF8-A95B-44FC65FEE1B5}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{D65F2702-3D53-4992-ADD0-F0BDDAFB3E29}G:\games\gps\pcgps.exe" = protocol=17 | dir=in | app=g:\games\gps\pcgps.exe | 
"UDP Query User{E278D0C8-51B4-44FD-B717-0460E4AE825A}G:\games\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=g:\games\guild wars 2\gw2.exe | 
"UDP Query User{ED053CD4-D2FA-48EA-AF6D-013E4AB7EE2F}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = ASUS Bluetooth Suite
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{91C4D79C-3579-48E8-ADFA-8818042AEB73}" = Logitech G930
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.0.1 (BETA)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 2.47.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24570B2F-3937-47F0-A16A-E82B480A7699}" = XSplit
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{2DB72FFA-884E-4BD6-B326-4F89865CB113}_is1" = CCleaner Business
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{30D6B6ED-E039-4D62-8E07-E058D17A9372}" = AVerMedia RECentral
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 - Königsedition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A62FED1-759A-11E0-8248-0013D3D69929}" = Vegas Movie Studio HD Platinum 11.0
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5B80AE2E-759D-11E0-A27D-005056C00008}" = MSVCRT Redists
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98CE8819-87AA-4814-8167-ADDDD513485F}" = PSE11 STI Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.10.29
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AEC41C2D-ED98-4D21-A354-05593C9D75BE}" = IP Discovery
"{aec97477-921a-4289-985a-9e29506625b6}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{B217B8BC-8543-46DB-B049-89660B8BFADD}_is1" = CCleaner Professional
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1" = The War Z version 1.0
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron Version SRWare Iron 18.0.1050.0
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D70F0FA2-DF44-48EF-949A-EDBE764DDBC9}" = NVR
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.164
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4D34EBA-83D6-49E3-A6D6-6889C4A639A3}" = DayZ Commander
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"A New Dawn" = NVIDIA A New Dawn demo
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"ASIO4ALL" = ASIO4ALL
"ATC_is1" = Advanced Tactical Center™ 1.12
"AVerMedia C985 PCIe Live Gamer HD" = AVerMedia C985 PCIe Live Gamer HD 3.3.64.20
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Blue Byte Game Channel" = Blue Byte Game Channel
"Borderlands 2_is1" = Borderlands 2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"CPUCooL" = CPUCooL (remove only)
"Crysis 3 incl. Update v1.1_is1" = Crysis 3
"Diablo III" = Diablo III
"ESN Sonar-0.70.4" = ESN Sonar
"FightMouse Elite 3" = FightMouse Elite
"Free FLV Converter_is1" = Free FLV Converter V 7.4.0
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.0.2
"Google Maps With GPS Tracker 38.0_is1" = 38.0
"Guild Wars" = GUILD WARS
"Guild Wars 2" = Guild Wars 2
"InstallShield_{30D6B6ED-E039-4D62-8E07-E058D17A9372}" = AVerMedia RECentral
"IrfanView" = IrfanView (remove only)
"LOLReplay" = LOLReplay
"MagniDriver" = marvell 91xx driver
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Network Camera Document" = Network Camera Document 2011-04-26
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"PrecisionX" = EVGA Precision X 3.0.2
"PunkBusterSvc" = PunkBuster Services
"S4Uninst" = Die Siedler IV
"ShiftWindow_is1" = ShiftWindow 1.02
"StarCraft II" = StarCraft II
"Steam App 107410" = Arma 3 Alpha
"Steam App 12210" = Grand Theft Auto IV
"Steam App 200710" = Torchlight II
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 214870" = Painkiller Hell & Damnation
"Steam App 219540" = Arma 2: Operation Arrowhead Beta
"Steam App 228800" = Arma 3 Alpha Lite
"Steam App 240" = Counter-Strike: Source
"Steam App 33905" = ARMA 2 Dedicated Server
"Steam App 33910" = Arma 2
"Steam App 33930" = Arma 2: Operation Arrowhead
"Steam App 42910" = Magicka
"Steam App 570" = Dota 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 745" = Counter-Strike: Global Offensive - SDK
"Steam App 8190" = Just Cause 2
"TeamViewer 8" = TeamViewer 8
"Tunngle beta_is1" = Tunngle beta
"Uplay" = Uplay
"uTorrent" = µTorrent
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 27.03.2013 04:33:19 | Computer Name = User-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "G:\Games\xSplit\XSplitBroadcasterSrc.exe".
Die
 abhängige Assemblierung "Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.03.2013 03:40:07 | Computer Name = User-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "G:\Games\xSplit\XSplitBroadcasterSrc.exe".
Die
 abhängige Assemblierung "Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.03.2013 23:36:04 | Computer Name = User-PC | Source = Application Hang | ID = 1002
Description = Programm arma2oa.exe, Version 1.62.102.591 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1fb0    Startzeit:
 01ce2c2e83db3460    Endzeit: 1    Anwendungspfad: G:\Program Files (x86)\Steam\Steam\SteamApps\common\arma
 2 operation arrowhead\expansion\beta\arma2oa.exe    Berichts-ID: c6822483-9821-11e2-a19e-0026832f02e6

 
Error - 28.03.2013 23:43:14 | Computer Name = User-PC | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 28.03.2013 23:43:15 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DayZCommander.exe, Version: 0.9.1.69,
 Zeitstempel: 0x512eb8e7  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015,
 Zeitstempel: 0x50b83c8a  Ausnahmecode: 0xe0434352  Fehleroffset: 0x0000c41f  ID des fehlerhaften
 Prozesses: 0x14a4  Startzeit der fehlerhaften Anwendung: 0x01ce2c2de8e4d1fe  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Dotjosh Studios\DayZ Commander\Temp\3628a073-682e-4a8e-8ce8-250788f37113\DayZCommander.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: c8ef4e40-9822-11e2-a19e-0026832f02e6
 
Error - 28.03.2013 23:45:19 | Computer Name = User-PC | Source = Application Hang | ID = 1002
Description = Programm arma2oa.exe, Version 1.62.102.591 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1a9c    Startzeit:
 01ce2c2fcf267cbe    Endzeit: 20    Anwendungspfad: G:\Program Files (x86)\Steam\Steam\SteamApps\common\arma
 2 operation arrowhead\expansion\beta\arma2oa.exe    Berichts-ID: 11b8f24a-9823-11e2-a19e-0026832f02e6

 
Error - 29.03.2013 02:45:47 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
 Zeitstempel: 0x4c00573a  Name des fehlerhaften Moduls: Air.dll, Version: 0.0.0.0,
 Zeitstempel: 0x511c7eb4  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000b027  ID des fehlerhaften
 Prozesses: 0x1fc4  Startzeit der fehlerhaften Anwendung: 0x01ce2c40e3bf924f  Pfad der
 fehlerhaften Anwendung: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.255\deploy\LolClient.exe
Pfad
 des fehlerhaften Moduls: G:\Program Files (x86)\LOLReplay\Air.dll  Berichtskennung:
 48d7cccd-983c-11e2-a19e-0026832f02e6
 
Error - 29.03.2013 11:35:10 | Computer Name = User-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "G:\Games\xSplit\XSplitBroadcasterSrc.exe".
Die
 abhängige Assemblierung "Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 30.03.2013 04:34:47 | Computer Name = User-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "G:\Games\xSplit\XSplitBroadcasterSrc.exe".
Die
 abhängige Assemblierung "Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 30.03.2013 08:31:47 | Computer Name = User-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1040    Startzeit:
 01ce2d3f309e279d    Endzeit: 49413    Anwendungspfad: C:\Users\User\Desktop\OTL.exe    Berichts-ID:
 aa1f22d8-9935-11e2-9a93-0026832f02e6  
 
Error - 30.03.2013 08:34:19 | Computer Name = User-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1380    Startzeit:
 01ce2d429548486a    Endzeit: 54444    Anwendungspfad: C:\Users\User\Desktop\OTL.exe    Berichts-ID:
 00d91607-9936-11e2-9a93-0026832f02e6  
 
[ System Events ]
Error - 30.03.2013 08:50:22 | Computer Name = User-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 30.03.2013 08:50:25 | Computer Name = User-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 30.03.2013 08:50:29 | Computer Name = User-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 30.03.2013 08:50:32 | Computer Name = User-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 30.03.2013 08:50:35 | Computer Name = User-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 30.03.2013 08:50:39 | Computer Name = User-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 30.03.2013 08:50:48 | Computer Name = User-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 30.03.2013 08:50:57 | Computer Name = User-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 30.03.2013 08:51:06 | Computer Name = User-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 30.03.2013 08:51:15 | Computer Name = User-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
 
< End of report >
         
GMR.logfile (Wenn ich den Hacken bei "ShowAll" ran tue, stürzt das Programm nach einer kurzen Zeit des Scannes einfach ab)
Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-30 14:21:32
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 OCZ-AGILITY3 rev.2.15 111,79GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldapob.sys


---- User code sections - GMER 2.1 ----

.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtReadFile                                                   000000007720f8d0 5 bytes JMP 000000010051c520
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile                                                  000000007720f908 5 bytes JMP 000000010051ba10
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtClose                                                      000000007720f9c0 5 bytes JMP 000000010051c27c
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtQueryObject                                                000000007720f9d8 5 bytes JMP 000000010051bae4
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationFile                                       000000007720f9f0 5 bytes JMP 000000010051c468
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey                                                    000000007720fa08 5 bytes JMP 000000010051ae60
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey                                          000000007720fa20 5 bytes JMP 000000010051a580
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtQueryKey                                                   000000007720fa70 5 bytes JMP 000000010051a640
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey                                              000000007720fa88 5 bytes JMP 000000010051a6f8
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationProcess                                    000000007720fab8 5 bytes JMP 0000000100519eac
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey                                                  000000007720fb20 5 bytes JMP 000000010051ab3c
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile                                         000000007720fc18 5 bytes JMP 000000010051c3b0
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection                                           000000007720fc30 5 bytes JMP 000000010051c9d8
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection                                         000000007720fc60 5 bytes JMP 000000010051c844
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                           000000007720fc90 5 bytes JMP 000000010051b9a8
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateKey                                               000000007720fd2c 5 bytes JMP 000000010051a7dc
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile                                                   000000007720fd44 5 bytes JMP 000000010051cc88
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile                                         000000007720fd78 5 bytes JMP 000000010051bbc4
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection                                                000000007720fda8 5 bytes JMP 000000010051bcac
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtFsControlFile                                              000000007720fdd8 5 bytes JMP 000000010051a244
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject                                            000000007720fe24 5 bytes JMP 000000010051be3c
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile                                        000000007720fe3c 5 bytes JMP 000000010051ceac
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtQueryVolumeInformationFile                                 000000007720ff6c 5 bytes JMP 000000010051c048
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection                                              000000007720ff84 5 bytes JMP 000000010051cb60
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtFlushBuffersFile                                           000000007720ff9c 5 bytes JMP 000000010051a304
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx                                            000000007720ffcc 5 bytes JMP 0000000100519cdc
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                               000000007720ffe4 5 bytes JMP 0000000100519df0
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtQuerySection                                               0000000077210030 5 bytes JMP 000000010051c920
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                               0000000077210048 5 bytes JMP 0000000100519ecc
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile                                                 0000000077210094 5 bytes JMP 000000010051c5f8
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey                                                00000000772101a4 5 bytes JMP 000000010051a89c
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtAccessCheck                                                0000000077210208 5 bytes JMP 000000010051a4a8
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess                                              00000000772107f4 5 bytes JMP 0000000100519bc8
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess                                          00000000772108fc 5 bytes JMP 0000000100519f2c
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtDeleteFile                                                 00000000772109c4 5 bytes JMP 000000010051c100
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtDeleteKey                                                  00000000772109dc 5 bytes JMP 000000010051aa04
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey                                             0000000077210a24 5 bytes JMP 000000010051a960
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtExtendSection                                              0000000077210afc 5 bytes JMP 000000010051a3e4
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtFlushKey                                                   0000000077210b60 5 bytes JMP 000000010051aaa0
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtLoadKey                                                    0000000077210dec 5 bytes JMP 000000010051afdc
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtLoadKey2                                                   0000000077210e04 5 bytes JMP 000000010051b16c
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtLockFile                                                   0000000077210e34 5 bytes JMP 000000010051c110
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeDirectoryFile                                  0000000077210f38 5 bytes JMP 000000010051a134
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeKey                                            0000000077210f50 5 bytes JMP 000000010051b304
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx                                                  0000000077210ff8 5 bytes JMP 000000010051acdc
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile                                    000000007721131c 5 bytes JMP 000000010051d038
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey                                      000000007721145c 5 bytes JMP 000000010051b3e4
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtQuerySecurityObject                                        0000000077211508 5 bytes JMP 000000010051a068
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtReplaceKey                                                 0000000077211728 5 bytes JMP 000000010051b4a4
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtRestoreKey                                                 00000000772117c0 5 bytes JMP 000000010051b624
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtSaveKey                                                    0000000077211854 5 bytes JMP 000000010051b6cc
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationKey                                          0000000077211a38 5 bytes JMP 000000010051b770
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject                                          0000000077211b7c 5 bytes JMP 0000000100519f90
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtSetVolumeInformationFile                                   0000000077211c7c 5 bytes JMP 000000010051bf44
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtUnloadKey                                                  0000000077211e50 5 bytes JMP 000000010051b820
.text    G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtUnlockFile                                                 0000000077211e98 5 bytes JMP 000000010051c1d0
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1528] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                 0000000070ef1a22 2 bytes [EF, 70]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1528] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                 0000000070ef1ad0 2 bytes [EF, 70]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1528] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                 0000000070ef1b08 2 bytes [EF, 70]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1528] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                 0000000070ef1bba 2 bytes [EF, 70]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1528] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                 0000000070ef1bda 2 bytes [EF, 70]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                          0000000075971465 2 bytes [97, 75]
.text    C:\Windows\SysWOW64\PnkBstrA.exe[1528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                         00000000759714bb 2 bytes [97, 75]
.text    ...                                                                                                                     * 2
.text    C:\Users\User\AppData\Local\Akamai\netsession_win.exe[3148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69     0000000075971465 2 bytes [97, 75]
.text    C:\Users\User\AppData\Local\Akamai\netsession_win.exe[3148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155    00000000759714bb 2 bytes [97, 75]
.text    ...                                                                                                                     * 2
.text    C:\Users\User\AppData\Local\Akamai\netsession_win.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69     0000000075971465 2 bytes [97, 75]
.text    C:\Users\User\AppData\Local\Akamai\netsession_win.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155    00000000759714bb 2 bytes [97, 75]
.text    ...                                                                                                                     * 2

---- Threads - GMER 2.1 ----

Thread   C:\Windows\System32\svchost.exe [3812:1968]                                                                             000007fef2519688
---- Processes - GMER 2.1 ----

Library  C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1020]  00000000746e0000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026832f02e6                                             
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026832f02e6 (not active ControlSet)                         

---- EOF - GMER 2.1 ----
         
OTL.logfile
Code:
ATTFilter
OTL logfile created on: 30.03.2013 13:37:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,98 Gb Total Physical Memory | 14,27 Gb Available Physical Memory | 89,34% Memory free
31,95 Gb Paging File | 30,09 Gb Available in Paging File | 94,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 21,10 Gb Free Space | 18,89% Space Free | Partition Type: NTFS
Drive D: | 630,24 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 100,00 Mb Total Space | 65,84 Mb Free Space | 65,84% Space Free | Partition Type: NTFS
Drive G: | 931,41 Gb Total Space | 372,08 Gb Free Space | 39,95% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.30 13:06:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.03.12 17:53:34 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.01.26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\User\AppData\Local\Akamai\netsession_win.exe
PRC - [2013.01.19 03:51:31 | 001,129,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012.08.08 15:24:41 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.31 03:08:58 | 000,339,456 | ---- | M] (AVerMedia) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe
PRC - [2012.05.08 15:23:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 15:23:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.12.01 17:11:48 | 000,743,936 | ---- | M] () -- G:\CPUCooL\CooLSRV.exe
PRC - [2011.10.31 19:30:00 | 000,167,936 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe
PRC - [2011.03.23 10:42:52 | 001,516,888 | ---- | M] (Logitech(c)) -- G:\Program Files (x86)\Logitech 930\G930.exe
PRC - [2010.06.09 05:36:50 | 001,273,856 | ---- | M] () -- G:\RazerMaus\Gaming 3.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.06.09 05:36:50 | 001,273,856 | ---- | M] () -- G:\RazerMaus\Gaming 3.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.15 17:29:10 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.03.13 15:53:18 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.12 17:53:34 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.03.09 12:21:57 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.04 10:02:07 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013.01.19 03:50:09 | 002,070,304 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.11.26 18:35:10 | 000,745,368 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012.07.31 03:08:58 | 000,339,456 | ---- | M] (AVerMedia) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe -- (AVerRECentral)
SRV - [2012.05.15 11:59:00 | 004,687,672 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2012.05.08 15:23:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 15:23:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.12.01 17:11:48 | 000,743,936 | ---- | M] () [Auto | Running] -- G:\CPUCooL\CooLSRV.exe -- (CPUCooLServer)
SRV - [2011.10.31 19:30:00 | 000,167,936 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Auto | Running] -- C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe -- (AVerUpdateServer)
SRV - [2011.05.31 08:42:06 | 000,210,024 | ---- | M] (DTS) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\DTSAudioService64.exe -- (DTSAudioService)
SRV - [2011.03.01 14:43:52 | 000,076,448 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.08.18 11:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.11 20:00:47 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.12.29 11:34:47 | 000,447,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2012.12.19 06:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.09 06:38:36 | 002,271,360 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer330.sys -- (AVer330)
DRV:64bit: - [2012.06.18 03:09:12 | 000,097,792 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2012.06.18 03:09:10 | 000,021,504 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzendpt.sys -- (rzendpt)
DRV:64bit: - [2012.05.08 15:23:01 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 15:23:01 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.09.16 15:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.06.02 09:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.06.02 09:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.05.16 22:15:12 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2011.03.18 16:20:22 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfBakerCamd64.sys -- (LADF_BakerCOnly)
DRV:64bit: - [2011.03.18 13:33:48 | 000,335,688 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfBakerRamd64.sys -- (LADF_BakerROnly)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.01 14:44:08 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011.03.01 14:44:06 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011.03.01 14:44:06 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011.03.01 14:44:06 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011.03.01 14:44:06 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011.03.01 14:44:06 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011.03.01 14:44:06 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011.03.01 14:44:04 | 000,051,872 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2010.11.22 08:09:06 | 000,303,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.11 20:12:02 | 000,019,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ntiopnp.sys -- (ntiopnp)
DRV:64bit: - [2010.10.19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009.09.16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8133db2e-151a-420a-aa91-6d77b94065c0&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8133db2e-151a-420a-aa91-6d77b94065c0&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8133db2e-151a-420a-aa91-6d77b94065c0&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://blekko.com/ws/?source=5f97ddbe&tbp=homepage&u=5c7151d600000000000000ffb4d425d0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 38 F8 25 4F 21 CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8133db2e-151a-420a-aa91-6d77b94065c0&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8133db2e-151a-420a-aa91-6d77b94065c0&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {8CC3E3A7-D488-4711-BA8C-0E800247F4C9}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8133db2e-151a-420a-aa91-6d77b94065c0&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112542&tt=010812_906_cln_3212_5&babsrc=SP_ss&mntrId=5c7151d60000000000000026832f02e6
IE - HKCU\..\SearchScopes\{8CC3E3A7-D488-4711-BA8C-0E800247F4C9}: "URL" = hxxp://blekko.com/ws/?source=5f97ddbe&tbp=rbox&u=5c7151d600000000000000ffb4d425d0&q={searchTerms}&r=446
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: G:\Flyff\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.13 21:03:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 12:21:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 12:21:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.11.11 07:01:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2013.02.13 14:00:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\pqxy4g0i.default\extensions
[2013.02.13 14:00:26 | 000,001,435 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\pqxy4g0i.default\searchplugins\spamfreesearch.xml
[2013.03.09 12:21:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.09 12:21:57 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.12.31 22:54:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.12.31 22:54:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.12.31 22:54:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.12.31 22:54:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.12.31 22:54:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.12.31 22:54:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2013.01.03 18:32:47 | 000,000,905 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com 3dns.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.adobe.com activate.wip.adobe.com activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com adobe-dns-4.adobe.com adobe-dns.adobe.com adobeereg.com crl.verisign.net ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com ood.opsource.net practivate.adobe practivate.adobe.com 
O1 - Hosts: 127.0.0.1 practivate.adobe.ipp practivate.adobe.newoa practivate.adobe.ntp wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com wwis-dubc1-vip60.adobe.com www.adobeereg.com www.wip.adobe.com www.wip1.adobe.com www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com 
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Gaming 3] G:\RazerMaus\Gaming 3.exe ()
O4 - HKLM..\Run: [Logitech G930] G:\Program Files (x86)\Logitech 930\G930.exe (Logitech(c))
O4 - HKLM..\Run: [NVR] C:\Program Files (x86)\NVR\NVR\MainConsole.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\User\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {1384A8DE-7296-49DA-B7F8-8A9A5984BE52} hxxp://192.168.178.30/AxRTSP.cab (RTSPCtl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4D425D0-3865-43DF-AF2B-E731192CCD1C}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C778B360-3265-47DB-B2D9-8D29735EF536}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C778B360-3265-47DB-B2D9-8D29735EF536}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (G:\Games\Sopho2\Sophos Anti-Virus\sophos_detoured_x64.dll) -  File not found
O20:64bit: - AppInit_DLLs: (G:\Games\Sopho2\Sophos Anti-Virus\sophos_detoured_x64.dll) -  File not found
O20 - AppInit_DLLs: (G:\Games\Sopho2\Sophos Anti-Virus\sophos_detoured.dll) -  File not found
O20 - AppInit_DLLs: (G:\Games\Sopho2\Sophos Anti-Virus\sophos_detoured.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003.10.21 12:05:21 | 000,000,000 | ---D | M] - D:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2002.11.12 16:39:16 | 000,258,048 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2002.01.29 10:43:23 | 000,000,096 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{1fe80fb0-20cb-11e2-9a5a-0026832f02e6}\Shell - "" = AutoRun
O33 - MountPoints2\{1fe80fb0-20cb-11e2-9a5a-0026832f02e6}\Shell\AutoRun\command - "" = L:\Setup.exe
O33 - MountPoints2\{922771af-63e4-11e2-9ce4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{922771af-63e4-11e2-9ce4-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2002.11.12 16:39:16 | 000,258,048 | R--- | M] ()
O33 - MountPoints2\{9c93de7d-8a19-11e2-8550-0026832f02e6}\Shell - "" = AutoRun
O33 - MountPoints2\{9c93de7d-8a19-11e2-8550-0026832f02e6}\Shell\AutoRun\command - "" = H:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.30 13:36:44 | 000,000,000 | R--D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013.03.30 13:06:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.03.30 13:03:58 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\System!
[2013.03.26 10:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\TERA
[2013.03.26 10:44:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
[2013.03.26 07:55:55 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\DragonNest
[2013.03.26 07:07:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eFusion
[2013.03.15 13:24:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Sophos
[2013.03.15 13:20:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013.03.15 13:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2013.03.14 13:07:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubi Soft
[2013.03.14 13:06:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blue Byte
[2013.03.14 13:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Byte
[2013.03.13 20:19:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2013.03.12 14:37:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crysis 3
[2013.03.12 14:31:29 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Programs
[2013.03.12 13:14:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\EA Games
[2013.03.11 20:10:46 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\ANNO 1404 Venedig
[2013.03.11 20:07:31 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Tunngle
[2013.03.11 20:06:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Ubisoft
[2013.03.11 20:03:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2013.03.11 10:01:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2013.03.09 12:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.06 18:14:47 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Arma 3 Alpha - Other Profiles
[2013.03.06 18:06:58 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Arma 3 Alpha
[2013.03.06 18:06:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Arma 3 Alpha
[2013.03.06 07:53:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.03.04 22:07:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\WarThunder
[2013.03.04 22:07:58 | 000,000,000 | ---D | C] -- C:\ProgramData\WarThunder
[2013.03.04 22:07:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\War Thunder
[2012.08.16 10:51:01 | 001,178,624 | ---- | C] (CPUID) -- C:\Users\User\AppData\Roaming\siw_sdk.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.30 13:43:44 | 000,023,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.30 13:43:44 | 000,023,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.30 13:40:47 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.30 13:40:47 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.30 13:40:47 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.30 13:40:47 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.30 13:40:47 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.30 13:36:39 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2013.03.30 13:36:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.30 13:36:28 | 4276,682,750 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.30 13:06:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013.03.30 13:05:40 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable
[2013.03.30 12:54:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1669887493-268872783-2900105303-1000UA.job
[2013.03.30 12:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.30 09:54:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1669887493-268872783-2900105303-1000Core.job
[2013.03.27 10:40:40 | 000,000,719 | ---- | M] () -- C:\Users\User\Desktop\TERA.lnk
[2013.03.15 13:21:47 | 000,000,142 | ---- | M] () -- C:\Windows\ODBC.INI
[2013.03.15 06:53:06 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013.03.14 17:00:03 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.03.14 17:00:03 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.03.14 16:38:35 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.03.14 13:14:19 | 000,000,643 | ---- | M] () -- C:\Users\User\Desktop\S4.exe.lnk
[2013.03.12 17:53:34 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.03.12 14:37:39 | 000,000,799 | ---- | M] () -- C:\Users\Public\Desktop\Crysis 3.lnk
[2013.03.11 20:00:47 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013.03.11 20:00:41 | 000,000,898 | ---- | M] () -- C:\Users\User\Desktop\DAEMON Tools Lite.lnk
[2013.03.11 19:19:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2013.03.10 11:45:21 | 000,000,099 | ---- | M] () -- C:\Users\User\Desktop\Reiseapotheke für Südafrika - Checkliste für Ihre Reise.url
[2013.03.06 17:57:32 | 000,000,228 | ---- | M] () -- C:\Users\User\Desktop\Arma 3 Alpha.url
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.30 13:05:40 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable
[2013.03.26 10:44:33 | 000,000,719 | ---- | C] () -- C:\Users\User\Desktop\TERA.lnk
[2013.03.15 13:21:47 | 000,000,142 | ---- | C] () -- C:\Windows\ODBC.INI
[2013.03.14 13:14:19 | 000,000,643 | ---- | C] () -- C:\Users\User\Desktop\S4.exe.lnk
[2013.03.14 13:07:07 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2013.03.14 13:07:07 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2013.03.14 13:07:07 | 000,035,840 | R--- | C] () -- C:\Windows\SysWow64\comdlg32.oca
[2013.03.14 13:07:06 | 000,029,184 | R--- | C] () -- C:\Windows\SysWow64\MSINET.oca
[2013.03.12 17:49:15 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.03.12 17:49:15 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.03.12 17:49:14 | 000,839,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013.03.12 14:37:39 | 000,000,799 | ---- | C] () -- C:\Users\Public\Desktop\Crysis 3.lnk
[2013.03.11 20:00:37 | 000,000,898 | ---- | C] () -- C:\Users\User\Desktop\DAEMON Tools Lite.lnk
[2013.03.11 19:19:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2013.03.10 11:45:21 | 000,000,099 | ---- | C] () -- C:\Users\User\Desktop\Reiseapotheke für Südafrika - Checkliste für Ihre Reise.url
[2013.03.06 17:57:32 | 000,000,228 | ---- | C] () -- C:\Users\User\Desktop\Arma 3 Alpha.url
[2013.01.16 18:57:15 | 000,614,400 | ---- | C] () -- C:\Windows\SysWow64\sptlib21.dll
[2013.01.16 18:57:15 | 000,421,888 | ---- | C] () -- C:\Windows\SysWow64\sptlib02.dll
[2013.01.16 18:57:15 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\sptlib01.dll
[2013.01.16 18:57:15 | 000,307,200 | ---- | C] () -- C:\Windows\SysWow64\sptlib22.dll
[2013.01.16 18:57:15 | 000,307,200 | ---- | C] () -- C:\Windows\SysWow64\sptlib03.dll
[2013.01.16 18:57:15 | 000,294,912 | ---- | C] () -- C:\Windows\SysWow64\sptlib11.dll
[2013.01.16 18:57:15 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\sptlib12.dll
[2012.10.30 19:48:08 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll
[2012.08.15 20:08:17 | 000,000,413 | ---- | C] () -- C:\Users\User\AppData\Roaming\All CPU Meter_Settings.ini
[2012.06.14 20:12:19 | 000,007,604 | ---- | C] () -- C:\Users\User\AppData\Local\resmon.resmoncfg
[2012.06.07 16:11:46 | 000,004,436 | ---- | C] () -- C:\Windows\jqxf_mg16.ini
[2012.06.07 16:11:46 | 000,001,441 | ---- | C] () -- C:\Windows\cvww-tmr24.ini
[2012.05.21 10:15:11 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012.04.23 14:24:44 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.23 10:52:03 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.04.23 10:51:53 | 000,032,187 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.31 18:39:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.minecraft
[2012.07.16 16:38:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Aeria Games & Entertainment
[2012.05.14 14:47:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Babylon
[2013.03.11 20:03:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
[2013.01.26 23:19:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Downloaded Installations
[2012.08.09 13:59:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FOG Downloader
[2012.05.06 14:46:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FreeFLVConverter
[2012.12.08 20:29:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GetRightToGo
[2012.07.26 21:50:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gslist
[2012.05.04 17:02:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\KeePass
[2013.01.16 18:46:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\KillProcess
[2012.07.28 18:30:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2012.04.23 16:06:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient
[2012.05.24 16:56:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient2
[2013.03.30 13:52:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NetSpeedMonitor
[2012.04.26 07:11:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Notepad++
[2012.10.28 14:04:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenCandy
[2012.12.02 15:05:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Origin
[2012.12.26 18:17:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PDAppFlex
[2012.05.08 13:54:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Publish Providers
[2012.08.24 15:16:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\RotMG.Production
[2012.07.15 11:06:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\runic games
[2012.07.22 13:59:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\six-zsync
[2012.05.08 13:54:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sony
[2012.08.05 20:12:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spirited Machine
[2012.04.25 08:55:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SplitMediaLabs
[2012.07.13 14:22:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013.02.08 16:19:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TeamViewer
[2012.07.19 22:27:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Teeworlds
[2012.05.07 21:14:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Thunderbird
[2013.03.30 12:02:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TS3Client
[2013.03.11 22:22:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Tunngle
[2013.03.11 20:34:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ubisoft
[2013.02.28 08:13:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Unity
[2013.02.26 14:06:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
[2013.01.10 08:22:52 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Wacom
 
========== Purity Check ==========
 
 

< End of report >
         

Alt 30.03.2013, 18:02   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschiebung von Dateien geschieht sehr langsam - Standard

Verschiebung von Dateien geschieht sehr langsam



Hallo,


Code:
ATTFilter
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com 3dns.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.adobe.com activate.wip.adobe.com activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com adobe-dns-4.adobe.com adobe-dns.adobe.com adobeereg.com crl.verisign.net ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com ood.opsource.net practivate.adobe practivate.adobe.com 
O1 - Hosts: 127.0.0.1 practivate.adobe.ipp practivate.adobe.newoa practivate.adobe.ntp wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com wwis-dubc1-vip60.adobe.com w*w.adobeereg.com w*w.wip.adobe.com w*w.wip1.adobe.com w*w.wip2.adobe.com w*w.wip3.adobe.com w*w.wip4.adobe.com
         
Sry aber hiermit ist das Thema beendet

Diese Einträge in der Hosts dienen dazu, raubkopierte (gecrackte) Software lauffähig zu machen

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________

__________________

Alt 30.03.2013, 18:43   #3
Lilhomer
 
Verschiebung von Dateien geschieht sehr langsam - Standard

Verschiebung von Dateien geschieht sehr langsam



w00t ?...
Das einzige was ich auf dem PC mache ist Spiele zocken ...
Gekaufte von Amazon =/

Verstehe ich jetzt nicht ganz die Antwort von dir.

Das einzige was ich an einer Host Datei wohl mal geändert war, war folgendes:.... und das war legal =/
hxxp://thewarz.eu/board4-the-war-z/board5-neuigkeiten-the-war-z/4282-launcher-server-down-lesen/

Code:
ATTFilter
Zitat:
If you are having trouble connecting to WarZ (launcher stuck) there was NOT an update patch notes are still at 12.21.2012, and you can still connect. your DNS is wrong, looks like someone over at thewarz messed up a setting, all the urls point to 127.0.0.1, you can correct them by changing your DNS or entering IP overrides manually in your hosts file the correct IPs are PHP Code: Zitat 108.162.203.133 thewarz.com 108.162.203.133 forums.thewarz.com 108.162.203.133 www.thewarz.com #216.250.117.112 account.thewarz.com #this one throws a malware error... no clue, leave it out unless you really need 66.180.197.58 api.thewarz.com[q/uote] if you dont know how to do any of the above, google it - no need for spam. your DNS will update automatically, however it can take up to 72 hours, most update within an hour though.
__________________

Geändert von Lilhomer (30.03.2013 um 18:52 Uhr)

Alt 30.03.2013, 18:59   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschiebung von Dateien geschieht sehr langsam - Standard

Verschiebung von Dateien geschieht sehr langsam



Zitat:
Das einzige was ich auf dem PC mache ist Spiele zocken ...
Gekaufte von Amazon =/
Was hat das damit zu tun? Ob der PC von Amazon oder DELL kommt ist doch piepegal. Die Einträge sind drin. Und man sieht auch ein AdobeCS zB

Zitat:
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
Hilfe bekommst du noch bei Datensicherung und Neuinstallation von Windows
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 30.03.2013, 19:04   #5
Lilhomer
 
Verschiebung von Dateien geschieht sehr langsam - Standard

Verschiebung von Dateien geschieht sehr langsam



Die Spiele mein ich eig., aber k :>
Wusste nicht das es hier so zugeht, ist ja schon echt peinlich.

Muss ich wohl gescheitere Hilfe suchen... vor allem bei Leuten die ihr Leben genießen und nicht nur mit der Masse schwimmen.
Bye


Alt 30.03.2013, 19:09   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschiebung von Dateien geschieht sehr langsam - Standard

Verschiebung von Dateien geschieht sehr langsam



Zitat:
Die Spiele mein ich eig., aber k :>
Es geht hier aber nicht nur um deine angebliche Spiele

Zitat:
Wusste nicht das es hier so zugeht, ist ja schon echt peinlich.
Peinlich ist es eher mit gecrackter Software erwischt zu werden. Ebenso peinlich ist, dass man gepinnte Hinweise über illegale Software hier und wie wir damit umgehen nicht gelesen werden.
__________________
--> Verschiebung von Dateien geschieht sehr langsam

Antwort

Themen zu Verschiebung von Dateien geschieht sehr langsam
adobe reader xi, akamai, autorun, avira, battle.net, bho, black, checkliste, converter, error, fehler, flash player, format, google, grand theft auto, hacken, home, homepage, install.exe, langsam, mozilla, msvcrt, ntdll.dll, ntopenkeyex, origin, plug-in, realtek, registry, rundll, scan, security, sehr langsam, software, svchost.exe, teamspeak, tracker, uplay, virus, windows




Ähnliche Themen: Verschiebung von Dateien geschieht sehr langsam


  1. Arbeitsspeicher immer sehr hoch und PC reagiert sehr langsam
    Plagegeister aller Art und deren Bekämpfung - 24.10.2015 (13)
  2. Windows bzw. ganzer Rechner läuft sehr sehr langsam.....
    Plagegeister aller Art und deren Bekämpfung - 28.09.2015 (11)
  3. Windows 8: fremde Dateien beim surfen entpackt, System sehr langsam
    Plagegeister aller Art und deren Bekämpfung - 07.04.2015 (14)
  4. Mein Notebook arbeitet sehr sehr langsam evtl. virus?
    Plagegeister aller Art und deren Bekämpfung - 09.02.2015 (13)
  5. Ping sehr hoch,Downloadrate sehr langsam geworden
    Plagegeister aller Art und deren Bekämpfung - 16.08.2014 (3)
  6. Windows Vista fährt nur sehr langsam hoch und braucht sehr lange um Befehle auszufuehren.
    Mülltonne - 22.11.2013 (1)
  7. Programme starten sehr langsam / Windows allg. sehr lahm
    Log-Analyse und Auswertung - 18.05.2013 (2)
  8. Browser startet temporär nicht, Dateien lassen sich nur sehr langsam öffnen....
    Plagegeister aller Art und deren Bekämpfung - 30.04.2013 (9)
  9. Pc wird sehr sehr langsam, Virenscanner schlägt ständig Alarm
    Log-Analyse und Auswertung - 05.06.2012 (4)
  10. viele Internetseiten nicht mehr erreichbar oder sehr sehr langsam
    Plagegeister aller Art und deren Bekämpfung - 25.05.2012 (13)
  11. PC sehr langsam und Programme öffnen sich sehr langsam...
    Log-Analyse und Auswertung - 01.05.2012 (5)
  12. Prozesse doppelt, PC sehr sehr langsam, hängt sich auf, noch zu retten?
    Log-Analyse und Auswertung - 29.06.2010 (2)
  13. Rechner sehr langsam, Malwarebyte hat infizierte Dateien gefunden
    Log-Analyse und Auswertung - 08.06.2010 (2)
  14. Mein rechner ist seit eine viren attake sehr sehr langsam
    Log-Analyse und Auswertung - 10.02.2009 (0)
  15. Unter Vista Löschen/Umbennen von Dateien plötzlich sehr langsam
    Alles rund um Windows - 10.06.2008 (3)
  16. Virenupdates, was geschieht?
    Antiviren-, Firewall- und andere Schutzprogramme - 09.02.2005 (2)

Zum Thema Verschiebung von Dateien geschieht sehr langsam - Vor nicht mal 2Stunden, hat das verschieben von Daten auf einmal sehr lange gedauert. Ebenso bis die Dateien im Papierkorb landeten usw. Nun möchte ich einfach mal checken lassen ob - Verschiebung von Dateien geschieht sehr langsam...
Archiv
Du betrachtest: Verschiebung von Dateien geschieht sehr langsam auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.