Geschwindigketseinbruch beim Browser

mppriest · 15.04.2013, 11:33

Hallo Leute,
surfen mit dem Opera ist nur noch mit viel Geduld möglich, die Seiten bauen sich extrem langsam bis gar nicht auf.
Daher hab ich Eure Schritte (hoffentlichg richtig) befolgt und hab hier nun drei Dateien, deren Inhalt ich nachfolgend schicke:

OTL:

OTL logfile created on: 15.04.2013 11:36:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Toms-Win7-Rechner\Downloads\Diverse
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,62 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 65,16% Memory free
7,25 Gb Paging File | 5,94 Gb Available in Paging File | 81,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 150,00 Gb Total Space | 38,03 Gb Free Space | 25,35% Space Free | Partition Type: NTFS
Drive E: | 128,00 Gb Total Space | 127,32 Gb Free Space | 99,47% Space Free | Partition Type: NTFS
Drive F: | 127,99 Gb Total Space | 3,46 Gb Free Space | 2,70% Space Free | Partition Type: NTFS
Drive G: | 337,76 Gb Total Space | 265,19 Gb Free Space | 78,51% Space Free | Partition Type: NTFS
Drive H: | 1735,02 Gb Total Space | 600,94 Gb Free Space | 34,64% Space Free | Partition Type: NTFS
Drive I: | 281,51 Gb Total Space | 276,90 Gb Free Space | 98,36% Space Free | Partition Type: NTFS
Drive J: | 500,00 Gb Total Space | 430,21 Gb Free Space | 86,04% Space Free | Partition Type: NTFS

Computer Name: TOMS-WIN7-RECHN | User Name: Toms-Win7-Rechner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.04.15 11:35:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Toms-Win7-Rechner\Downloads\Diverse\OTL.exe
PRC - [2013.01.18 15:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013.01.18 15:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.10.31 21:41:34 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2012.10.17 13:38:49 | 000,874,896 | ---- | M] (Opera Software) -- C:\Users\Toms-Win7-Rechner\opera.exe
PRC - [2012.02.21 19:39:30 | 002,043,904 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Programme\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 22:29:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.11.20 22:29:19 | 000,101,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
PRC - [2010.11.20 22:29:07 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010.04.16 16:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Programme\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
PRC - [2009.12.04 08:48:54 | 001,728,512 | R--- | M] (VIA) -- C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe

========== Modules (No Company Name) ==========

MOD - [2013.03.13 22:03:13 | 014,717,144 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2009.11.03 04:11:50 | 047,628,288 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\skin.dll
MOD - [2009.05.07 09:53:18 | 000,106,496 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
MOD - [2009.05.07 09:50:46 | 000,073,728 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\QsApoApi.dll
MOD - [2008.02.14 06:57:00 | 000,094,208 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\VMicApi.dll

========== Services (SafeList) ==========

SRV - [2013.03.29 20:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.13 22:03:25 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.29 11:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.12.19 10:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.10.31 21:41:34 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.04.16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Programme\REALTEK\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2013.04.15 09:18:10 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013.02.26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.11.09 16:33:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012.11.09 16:33:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2012.11.09 16:33:30 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012.11.09 16:33:30 | 000,018,560 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012.10.31 21:42:07 | 000,586,072 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012.10.17 14:53:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 15:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.07.03 16:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.08.11 13:46:46 | 000,602,216 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192su.sys -- (RTL8192su)
DRV - [2011.03.10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010.11.20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.08.12 12:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010.07.04 20:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009.11.25 14:02:46 | 001,108,480 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.10.31 21:42:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.10.31 21:42:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.31 21:42:08 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: ([verify-U]_Add-on) - {F4552A56-119C-478E-AB3F-2C850F78B72E} - C:\Programme\[verify-U]_AVS_IE_Add-on\[verify-U]_AVS.dll (Cybits AG)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [VIAAUD] C:\Program Files\VIA\VIAudioi\VDeck\VIAAUD.exe File not found
O4 - HKCU..\Run: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: elsteronline.de ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2DE8572-2898-4BD2-8130-B7CA96229F51}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.01.26 13:26:29 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.04.15 09:18:10 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.04.15 09:17:40 | 000,000,000 | ---D | C] -- C:\Users\Toms-Win7-Rechner\AppData\Local\Programs
[2013.04.15 09:06:17 | 000,000,000 | ---D | C] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Malwarebytes
[2013.04.15 09:06:09 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.04.15 09:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.15 09:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.15 09:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.04.05 19:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2013.04.03 22:18:27 | 000,000,000 | ---D | C] -- C:\Users\Toms-Win7-Rechner\AppData\Local\Screentime
[2013.03.28 20:18:29 | 000,000,000 | ---D | C] -- C:\Users\Toms-Win7-Rechner\AppData\Local\WinZip
[2013.03.28 20:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2013.03.28 20:17:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013.03.28 20:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013.03.28 20:05:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2013.03.26 12:42:07 | 000,000,000 | ---D | C] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Sony Creative Software Inc
[2013.03.23 10:35:48 | 000,000,000 | ---D | C] -- C:\Users\Toms-Win7-Rechner\Documents\Eidos
[2013.03.23 09:07:57 | 000,000,000 | ---D | C] -- C:\Users\Toms-Win7-Rechner\Documents\Remedy
[2013.03.18 09:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania
[2013.03.18 09:01:18 | 000,000,000 | ---D | C] -- C:\Users\Toms-Win7-Rechner\Documents\TrackMania
[2013.03.17 11:23:58 | 000,000,000 | ---D | C] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rondomedia
[2013.03.16 21:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Particles
[2013.03.16 21:00:02 | 000,000,000 | ---D | C] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Rainbow
[2013.03.16 20:58:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Sage von Odysseus
[2013.03.16 20:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\rondomedia
[2013.03.16 20:24:37 | 000,000,000 | ---D | C] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\DominiGame Death Man
[2013.03.16 20:22:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeathMan
[2012.10.17 13:38:49 | 015,158,160 | ---- | C] (Opera Software) -- C:\Users\Toms-Win7-Rechner\opera.dll
[2012.10.17 13:38:49 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Users\Toms-Win7-Rechner\D3DCompiler_43.dll
[2012.10.17 13:38:49 | 000,874,896 | ---- | C] (Opera Software) -- C:\Users\Toms-Win7-Rechner\opera.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.04.15 11:33:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.15 11:33:32 | 2918,686,720 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.15 11:30:14 | 000,000,000 | ---- | M] () -- C:\Users\Toms-Win7-Rechner\defogger_reenable
[2013.04.15 11:03:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.15 10:57:04 | 000,025,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.15 10:57:04 | 000,025,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.15 09:18:10 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.04.13 07:23:37 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.13 07:23:37 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.13 07:23:37 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.13 07:23:37 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.10 09:58:27 | 000,289,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.22 08:46:40 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.04.15 11:30:14 | 000,000,000 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\defogger_reenable
[2013.03.22 08:46:40 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.02.13 21:14:06 | 000,000,194 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\.ptbt0
[2013.02.13 09:01:13 | 000,220,733 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\test
[2012.11.25 22:45:48 | 000,140,480 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.11.25 22:45:48 | 000,138,056 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\PnkBstrK.sys
[2012.11.25 22:45:14 | 000,298,016 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.11.25 22:45:12 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.11.25 22:45:11 | 003,130,440 | ---- | C] () -- C:\Windows\System32\pbsvc_blr.exe
[2012.10.18 14:27:15 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2012.10.17 14:23:47 | 000,017,408 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\AppData\Local\WebpageIcons.db
[2012.10.17 14:23:10 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2012.10.17 14:23:10 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2012.10.17 14:10:09 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2012.10.17 14:07:29 | 002,953,448 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012.10.17 13:38:50 | 000,034,184 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\opera_install_log.xml
[2012.10.17 13:38:49 | 000,527,083 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\encoding.bin
[2012.10.17 13:38:49 | 000,148,990 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\pubsuffix.xml
[2012.10.17 13:38:49 | 000,143,872 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\html5_entity_init.dat
[2012.10.17 13:38:49 | 000,059,028 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\mathml.dtd
[2012.10.17 13:38:49 | 000,024,420 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\files_old.sig
[2012.10.17 13:38:49 | 000,016,092 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\files.sig
[2012.10.17 13:38:49 | 000,007,904 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\html40_entities.dtd
[2012.10.17 13:38:49 | 000,000,301 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\c3nform.vxml
[2012.10.17 13:38:49 | 000,000,229 | ---- | C] () -- C:\Users\Toms-Win7-Rechner\operaprefs_default.ini
[2012.10.17 03:31:17 | 000,696,620 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012.10.17 03:31:17 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012.10.17 03:31:17 | 000,147,916 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012.10.17 03:31:17 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

========== ZeroAccess Check ==========

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013.03.16 20:24:37 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\DominiGame Death Man
[2013.04.04 16:03:21 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Dropbox
[2013.04.10 09:49:38 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\DVDVideoSoft
[2013.04.05 19:26:52 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.12.10 19:52:01 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\elsterformular
[2012.11.21 10:37:19 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Need for Speed World
[2013.03.02 10:36:20 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Nokia
[2013.03.02 10:36:21 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Nokia Suite
[2012.10.18 12:40:09 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\OpenOffice.org
[2012.10.17 13:50:49 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Opera
[2012.12.02 13:03:11 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Origin
[2013.03.02 10:35:59 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\PC Suite
[2013.03.06 11:25:31 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\ProtectDISC
[2012.10.23 09:06:32 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Publish Providers
[2013.03.16 21:00:02 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Rainbow
[2012.12.19 22:31:30 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Rovio
[2013.02.27 09:31:57 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Simple Sudoku
[2013.03.28 20:04:39 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Sony
[2013.03.26 12:42:07 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Sony Creative Software Inc
[2012.10.22 09:43:19 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\SoundSpectrum
[2013.03.07 08:46:15 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Total Eclipse
[2013.02.13 09:10:36 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\Trine2
[2013.04.03 08:21:21 | 000,000,000 | ---D | M] -- C:\Users\Toms-Win7-Rechner\AppData\Roaming\XnView

========== Purity Check ==========

< End of report >

EXTRAS:

OTL Extras logfile created on: 15.04.2013 11:36:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Toms-Win7-Rechner\Downloads\Diverse
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,62 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 65,16% Memory free
7,25 Gb Paging File | 5,94 Gb Available in Paging File | 81,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 150,00 Gb Total Space | 38,03 Gb Free Space | 25,35% Space Free | Partition Type: NTFS
Drive E: | 128,00 Gb Total Space | 127,32 Gb Free Space | 99,47% Space Free | Partition Type: NTFS
Drive F: | 127,99 Gb Total Space | 3,46 Gb Free Space | 2,70% Space Free | Partition Type: NTFS
Drive G: | 337,76 Gb Total Space | 265,19 Gb Free Space | 78,51% Space Free | Partition Type: NTFS
Drive H: | 1735,02 Gb Total Space | 600,94 Gb Free Space | 34,64% Space Free | Partition Type: NTFS
Drive I: | 281,51 Gb Total Space | 276,90 Gb Free Space | 98,36% Space Free | Partition Type: NTFS
Drive J: | 500,00 Gb Total Space | 430,21 Gb Free Space | 86,04% Space Free | Partition Type: NTFS

Computer Name: TOMS-WIN7-RECHN | User Name: Toms-Win7-Rechner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- G:\Programme\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Users\Toms-Win7-Rechner\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Users\Toms-Win7-Rechner\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A07576-A5F1-4937-8589-85173684DC72}" = lport=139 | protocol=6 | dir=in | app=system |
"{098CE2E2-C15D-49CE-A80E-0E2D1102E9E8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{265A0F44-A707-4D61-B50E-43A97185CA02}" = lport=53 | protocol=17 | dir=in | name=rtldns-port-2 |
"{2F491BDF-E3BD-47B2-B1CA-0B95D6036A7C}" = rport=138 | protocol=17 | dir=out | app=system |
"{3197996C-7501-4693-A65D-2EF562D892DC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4D21C3F9-632D-41FD-8323-0A60D9E1B30E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{583642C8-F1DA-4D3C-B0FB-DD5A9DBAC4F8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5DC120D9-EA9C-4FE1-BDB8-7C267671FE7A}" = lport=137 | protocol=17 | dir=in | app=system |
"{5F97B395-88FE-470C-AF30-A25F900AC9DA}" = lport=67 | protocol=17 | dir=in | name=rtldhcp-port |
"{66D75520-11C0-46DE-8339-643ABA054F92}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{724F3158-7311-4223-BEED-1EF4C394CD11}" = lport=445 | protocol=6 | dir=in | app=system |
"{79E763F5-6DD3-47B5-BA22-9915354E1F4E}" = lport=68 | protocol=17 | dir=in | name=rtldhcp-port-2 |
"{8F898C48-7C51-4706-8430-7F767E152534}" = lport=138 | protocol=17 | dir=in | app=system |
"{9FB46871-FF33-4944-99DC-410B291F7C1A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1FC9899-D4F6-47B2-B616-54F2F9A898A4}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{A2341801-96AB-4290-89F9-D91262DC9CCA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A262AF7E-6C0F-493B-8F35-54C0F272A25F}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{A80AF5A7-39DE-4D56-A27C-4582837D07BD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B1F2F7CB-B1AF-486F-885C-A964BD77F6EE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B444253D-0464-4E1B-8FF7-12073D4EFF79}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B65B1EAC-8212-4FC8-BEEF-9A989D1BF59B}" = rport=445 | protocol=6 | dir=out | app=system |
"{B86C781A-B1AB-473F-88D2-5CA4F0B63FE7}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{BD0DB79E-E6CE-4CE8-B890-D1B50A22985A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C1441821-56F9-4D33-A621-3D2FF02F360F}" = rport=139 | protocol=6 | dir=out | app=system |
"{F1FC5355-2DC5-47CF-9E77-CB9668C731B0}" = lport=53 | protocol=6 | dir=in | name=rtldns-port |
"{F89FDBAB-7C63-498B-9D51-29E774CEA119}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F9AE3F14-13D2-411C-B8EA-01104F602942}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FE30A5B4-7467-4088-9784-C0027AB9F274}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03489610-3DE1-43E5-B5B9-0F43A14946AF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alan wake\alanwake.exe |
"{085122A5-A187-46F3-B400-A618D688F11F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\limbo\limbo.exe |
"{08766C4D-5740-4DA7-B71C-8C0CEED92D71}" = protocol=17 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe |
"{0FCE9012-315B-4989-9129-FA7CA6B122C4}" = protocol=6 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe |
"{11873A23-037D-4F1E-979B-ECFA036CA505}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\maniaplanet_tmstadium\maniaplanet.exe |
"{12142AB0-19EB-4D70-9DD0-E0B05B850631}" = protocol=17 | dir=in | app=c:\program files\origin games\need for speed the run\need for speed the run.exe |
"{13368F50-AED6-424D-8463-BA2C0A1C7C40}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\tomb raider underworld\tru.exe |
"{147586A1-370D-4941-A51A-E00CB713DC1B}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{17649DA3-1F99-42D9-9B52-4D24F2EBFD63}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{18E869EF-E6DD-4CF6-BE17-BECEF5496D52}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{19E4AACC-C6D6-42EF-AE4D-B91F2D4B4D58}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1B8EE7A4-1AF9-4937-ACC5-3998EEBAA7C4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alan wake\alanwake.exe |
"{225DE42A-ABE0-454C-BDAD-01BFCBCA319D}" = protocol=17 | dir=in | app=g:\programme\opera\opera.exe |
"{29B8F597-3A2D-4E84-BF04-97264C6E2C06}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{2F33CE4A-1DFA-40EC-A0C6-109DD3B18DC2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3C8505AE-E916-4EC8-9A7C-36A0AA5BB820}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{3DB81719-C521-4E71-9D51-B1EC22B98D1A}" = protocol=6 | dir=in | app=c:\program files\origin games\need for speed the run\need for speed the run.exe |
"{3E036974-90B4-4D21-A050-5A7E1EA7BC07}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{3FAA0592-14A6-41E5-AE6D-56323AC3F60D}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{4572B282-B01D-443B-93D6-048172312642}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5C0C8077-CE7A-4DB9-8301-A5E9744865E8}" = protocol=17 | dir=in | app=c:\users\toms-win7-rechner\opera.exe |
"{5CDF22AE-FB69-4403-9748-1D37D89E52C3}" = protocol=6 | dir=out | app=system |
"{60BB597C-CE1B-4C42-A43B-A59CBB107BAA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{619C5A78-EEB9-46C5-A14B-B2E775A8517E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\maniaplanet_tmstadium\maniaplanetlauncher.exe |
"{6484FD6E-D056-41A1-B277-482EDB831018}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\tomb raider underworld\tru.exe |
"{6A01FB8A-4B21-4C9C-8809-4345EAAC3F44}" = protocol=6 | dir=in | app=c:\users\toms-win7-rechner\opera.exe |
"{6AD856B8-16FE-41AB-848B-1A99D23D3FCB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6E890695-5DBE-45AF-A256-D2F1A149DA19}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{731E4465-E1D7-4C1D-B661-1D3E6EB683BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{759E120F-1F26-4167-9436-347C0EC4C913}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7B600A53-FA67-46FB-AB2F-E8B1265EC32E}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{7C4CC9BE-8367-4D51-986D-FACD587C7533}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{846B3F52-2C27-4F31-AEDA-75427687A0DE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\tomb raider\tombraider.exe |
"{852AE591-2DDC-428D-89D5-001287FD95D0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{86C3464B-0E62-45E4-8984-874D1E8511EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{92A3CA85-A40A-44C0-A32F-70B3C066DEC2}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{9716FFB0-6CC6-4AE1-AF61-E71F9FD4EBFA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9B5C894A-9D63-4AC2-B59F-BB210F146A23}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9F58927F-FA34-435B-832C-C15B1344C875}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alan wakes american nightmare\alan_wakes_american_nightmare.exe |
"{A64AD7AA-FD32-49FF-BB6E-6C01485B3529}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\maniaplanet_tmstadium\maniaplanetlauncher.exe |
"{B0DA4CFA-3B73-43FD-BC6A-A189398EB670}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alan wakes american nightmare\alan_wakes_american_nightmare.exe |
"{B789ED5E-ED2C-4EA9-82D9-E1A2210AA7B7}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{BD11407D-4C6E-4ABA-B15B-89B5A158C60E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{C2ECD1D5-8657-4A41-AED6-A53A0223F986}" = protocol=6 | dir=in | app=g:\programme\opera\opera.exe |
"{C3FA9926-E01B-4DC1-8C4C-15F45AF8E353}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{C5D3FC6F-6583-481A-AA1F-8F2EA021D2A6}" = dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtldhcp.exe |
"{C9B40042-C63F-4244-A2C9-9C16DE270369}" = protocol=6 | dir=in | app=c:\users\toms-win7-rechner\appdata\roaming\dropbox\bin\dropbox.exe |
"{D3FB6971-2862-42B7-B0C9-1BB13BE6EE5C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{E1BDBA9B-B896-4729-8566-D0FA5B64A24B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\maniaplanet_tmstadium\maniaplanet.exe |
"{EBA277F0-A55C-4F80-993E-1C46817305F7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\limbo\limbo.exe |
"{F0FAB01C-26EC-42C8-8378-73968E9D1F66}" = protocol=17 | dir=in | app=c:\users\toms-win7-rechner\appdata\roaming\dropbox\bin\dropbox.exe |
"{F2F93C4F-1553-4724-AF96-1FE2318E1D43}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F31CBB74-5B3A-4A2A-9422-28E4625BF077}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\tomb raider\tombraider.exe |
"{F5D0F152-FB83-4AB2-AC95-82929EBF7E1C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"TCP Query User{07ED8941-3DDF-4E3D-8BC2-B9399C182B08}C:\program files\origin games\need for speed the run\need for speed the run.exe" = protocol=6 | dir=in | app=c:\program files\origin games\need for speed the run\need for speed the run.exe |
"TCP Query User{1640EBD7-E9E7-4F91-965A-A34994817041}C:\program files\origin games\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe" = protocol=6 | dir=in | app=c:\program files\origin games\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe |
"TCP Query User{17E46F89-0EA5-4DCA-B0A5-7F52D85924CD}C:\program files\origin games\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files\origin games\crysis 2\bin32\crysis2.exe |
"TCP Query User{3122506B-91DA-48D6-AC6A-F008824BE3AC}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{7AD2B88E-F4C3-4014-A539-052A24E72851}F:\games\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=f:\games\tmnationsforever\tmforever.exe |
"UDP Query User{04EDB3DF-7530-4BCC-A684-7CAA643CA25F}C:\program files\origin games\need for speed the run\need for speed the run.exe" = protocol=17 | dir=in | app=c:\program files\origin games\need for speed the run\need for speed the run.exe |
"UDP Query User{336D9539-2EFB-4738-A310-6C5C7E33ACF1}C:\program files\origin games\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files\origin games\crysis 2\bin32\crysis2.exe |
"UDP Query User{4FA37607-02A5-4DA9-9F86-8CE31DC159EF}C:\program files\origin games\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe" = protocol=17 | dir=in | app=c:\program files\origin games\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe |
"UDP Query User{D521C37B-8A51-42D1-BBA8-0788A88A6D2C}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{EAF0E596-2649-4FE3-A805-FF90223CFE26}F:\games\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=f:\games\tmnationsforever\tmforever.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"[verify-U]_AVS_IE_Add-on" = [verify-U]_AVS_IE_Add-on
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0EDC9BA0-016E-406a-86DA-04FC1BE00C21}" = Need for Speed™ The Run
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{27237DBF-81A7-4569-908C-48427460B7BA}" = The Panorama Factory V5 m32 Edition
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B722793-E77B-41F5-BAB3-6C9832274E75}" = PC Connectivity Solution
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}" = Nokia Connectivity Cable Driver
"{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{93A3AB24-36E8-41BA-80C6-CCEC237836DC}" = Alice Madness Returns
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B644D34F-0296-11E2-938E-F04DA23A5C58}" = Vegas Pro 11.0
"{B8D84F70-0296-11E2-8DF5-F04DA23A5C58}" = MSVCRT Redists
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D8}" = WinZip 17.0
"{E3A0C45A-7EDB-48EB-AB86-2445E74FBFBB}" = Nokia Suite
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aeon" = Aeon
"DeathMan_is1" = DeathMan
"Die Sage von Odysseus_is1" = Die Sage von Odysseus
"ElsterFormular 13.0.0.8086p" = ElsterFormular
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Nokia Suite" = Nokia Suite
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Opera 12.02.1578" = Opera 12.02
"Opera 12.14.1738" = Opera 12.14
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.94
"Simple Sudoku_is1" = Simple Sudoku 4.2
"Steam App 108710" = Alan Wake
"Steam App 202750" = Alan Wake's American Nightmare
"Steam App 203160" = Tomb Raider
"Steam App 233070" = TrackMania² Stadium Open Beta
"Steam App 35720" = Trine 2
"Steam App 48000" = LIMBO
"Steam App 8140" = Tomb Raider: Underworld
"TmNationsForever_is1" = TmNationsForever
"Unlocker" = Unlocker 1.9.1
"VLC media player" = VLC media player 2.0.4
"XnView_is1" = XnView 1.99.1

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 15.04.2013 04:04:02 | Computer Name = Toms-Win7-Rechn | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Toms-Win7-Rechner\Downloads\Diverse\TRU_Patch_v1.1.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Users\Toms-Win7-Rechner\Downloads\Diverse\TRU_Patch_v1.1.exe"
in Zeile 0. Ungültige XML-Syntax.

Error - 15.04.2013 04:06:11 | Computer Name = Toms-Win7-Rechn | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Toms-Win7-Rechner\Downloads\Diverse\TuneUpUtilities2012_de-DE.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Users\Toms-Win7-Rechner\Downloads\Diverse\TuneUpUtilities2012_de-DE.exe"
in Zeile 0. Ungültige XML-Syntax.

Error - 15.04.2013 04:06:11 | Computer Name = Toms-Win7-Rechn | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Toms-Win7-Rechner\Downloads\Diverse\TRU_Patch_v1.1.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Users\Toms-Win7-Rechner\Downloads\Diverse\TRU_Patch_v1.1.exe"
in Zeile 0. Ungültige XML-Syntax.

Error - 15.04.2013 04:06:11 | Computer Name = Toms-Win7-Rechn | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Toms-Win7-Rechner\Downloads\Diverse\TuneUpUtilities2012_de-DE.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Users\Toms-Win7-Rechner\Downloads\Diverse\TuneUpUtilities2012_de-DE.exe"
in Zeile 0. Ungültige XML-Syntax.

Error - 15.04.2013 04:06:11 | Computer Name = Toms-Win7-Rechn | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Toms-Win7-Rechner\Downloads\Diverse\TRU_Patch_v1.1.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Users\Toms-Win7-Rechner\Downloads\Diverse\TRU_Patch_v1.1.exe"
in Zeile 0. Ungültige XML-Syntax.

Error - 15.04.2013 04:06:11 | Computer Name = Toms-Win7-Rechn | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Toms-Win7-Rechner\Downloads\Diverse\TuneUpUtilities2012_de-DE.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Users\Toms-Win7-Rechner\Downloads\Diverse\TuneUpUtilities2012_de-DE.exe"
in Zeile 0. Ungültige XML-Syntax.

Error - 15.04.2013 04:06:11 | Computer Name = Toms-Win7-Rechn | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Toms-Win7-Rechner\Downloads\Diverse\TRU_Patch_v1.1.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Users\Toms-Win7-Rechner\Downloads\Diverse\TRU_Patch_v1.1.exe"
in Zeile 0. Ungültige XML-Syntax.

Error - 15.04.2013 04:11:34 | Computer Name = Toms-Win7-Rechn | Source = WinMgmt | ID = 10
Description =

Error - 15.04.2013 05:51:37 | Computer Name = Toms-Win7-Rechn | Source = WinMgmt | ID = 10
Description =

Error - 15.04.2013 06:11:06 | Computer Name = Toms-Win7-Rechn | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: gmer.exe, Version: 0.0.0.0, Zeitstempel:
0x4e21f2b1 Name des fehlerhaften Moduls: gmer.exe, Version: 0.0.0.0, Zeitstempel:
0x4e21f2b1 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b8360 ID des fehlerhaften Prozesses:
0x8c8 Startzeit der fehlerhaften Anwendung: 0x01ce39c18a3c81c9 Pfad der fehlerhaften
Anwendung: C:\Users\Toms-Win7-Rechner\Downloads\Diverse\gmer.exe Pfad des fehlerhaften
Moduls: C:\Users\Toms-Win7-Rechner\Downloads\Diverse\gmer.exe Berichtskennung: c8a0a2b5-a5b4-11e2-8224-00252275a0da

Error - 15.04.2013 06:35:20 | Computer Name = Toms-Win7-Rechn | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 21.01.2013 16:45:59 | Computer Name = Toms-Win7-Rechn | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.

Error - 22.01.2013 16:43:01 | Computer Name = Toms-Win7-Rechn | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.

Error - 22.01.2013 16:43:01 | Computer Name = Toms-Win7-Rechn | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 23.01.2013 04:21:35 | Computer Name = Toms-Win7-Rechn | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?22.?01.?2013 um 21:27:25 unerwartet heruntergefahren.

Error - 25.01.2013 14:15:07 | Computer Name = Toms-Win7-Rechn | Source = WMPNetworkSvc | ID = 866333
Description =

Error - 26.01.2013 07:32:14 | Computer Name = Toms-Win7-Rechn | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%-2147024882

Error - 26.01.2013 16:47:55 | Computer Name = Toms-Win7-Rechn | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 29.01.2013 06:53:38 | Computer Name = Toms-Win7-Rechn | Source = WMPNetworkSvc | ID = 866333
Description =

Error - 30.01.2013 03:25:24 | Computer Name = Toms-Win7-Rechn | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?01.?2013 um 20:55:11 unerwartet heruntergefahren.

Error - 31.01.2013 04:04:48 | Computer Name = Toms-Win7-Rechn | Source = DCOM | ID = 10010
Description =

< End of report >

GMER:

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-15 12:20:27
Windows 6.1.7601 Service Pack 1 \Device\Harddisk2\DR2 -> \Device\00000061 SAMSUNG_ rev.1AJ1 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\TOMS-W~1\AppData\Local\Temp\fwtoiuod.sys

---- System - GMER 2.1 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0x9283D392]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcConnectPort [0x9285824A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcCreatePort [0x92858580]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcSendWaitReceivePort [0x928588F6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwClose [0x9283DE0C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwConnectPort [0x92857F32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateEvent [0x9283E37E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateMutant [0x9283E26C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreatePort [0x928583F0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSection [0x9283D14E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSemaphore [0x9283E496]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThread [0x9283D9C2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThreadEx [0x9283DB32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateUserProcess [0x9283E5AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateWaitablePort [0x928584B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0x9283E856]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0x9283DE4E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDuplicateObject [0x9283F858]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadDriver [0x9283E948]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwMapViewOfSection [0x9283EEB4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwNotifyChangeKey [0x92856722]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenEvent [0x9283E410]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenMutant [0x9283E2F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenProcess [0x9283D5CC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0x9283EC98]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSemaphore [0x9283E528]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenThread [0x9283D4C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryDirectoryObject [0x9283E664]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryObject [0x9285691A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQuerySection [0x9283F1DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0x9283EAE8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyPort [0x928586E4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePort [0x92858632]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRequestWaitReplyPort [0x92858750]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0x9283F6FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSecureConnectPort [0x928580BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetContextThread [0x9283DCAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0x9283E702]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetSystemInformation [0x9283F32A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0x9283F41E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0x9283F558]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSystemDebugControl [0x9283E778]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateProcess [0x9283D76C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0x9283D6C2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0x9283F092]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0x9283D858]

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 83088A09 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830C21F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 830C922C 4 Bytes [92, D3, 83, 92]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 830C9254 8 Bytes [4A, 82, 85, 92, 80, 85, 85, ...] {DEC EDX; ADD BYTE [EBP-0x7a7a7f6e], 0x92}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 830C9298 4 Bytes [F6, 88, 85, 92]
.text ntkrnlpa.exe!KeRemoveQueueEx + 116F 830C92C4 4 Bytes [0C, DE, 83, 92]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 830C92E8 4 Bytes [32, 7F, 85, 92] {XOR BH, [EDI-0x7b]; XCHG EDX, EAX}
.text ...

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\tdx \Device\Tcp kl1.sys
AttachedDevice \Driver\tdx \Device\Udp kl1.sys
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys

---- Registry - GMER 2.1 ----

Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{75B7F889-1856-11E2-A6E3-806E6F6E6963} 1295408488
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jg\OpenWithProgids@j\20g_auto_file

---- EOF - GMER 2.1 ----

Ich hoffe, dass ich es richtig gemacht habe. Danke für Eure Bemühungen,

Gruss
Tom

Geschwindigketseinbruch beim Browser

Log-Analyse und Auswertung: Geschwindigketseinbruch beim Browser

Geschwindigketseinbruch beim Browser

Ähnliche Themen: Geschwindigketseinbruch beim Browser