svhost.exe fordert mehr cpu als Crysis 3 auf Ultra (Beim Start)

Iceinsky69 · 26.05.2013, 15:15

Hallo

Ich habe folgendes Problem , nähmlich das wenn ich meinen PC starte habe ich 5 sek ruhe und dann schießt mein Prozessor auf 60 % im schnitt (AMD fx 8135 Black Edition) hoch .
1. Das ist nervig denn ich muss das immer beim Start ausmachen mit dem Taskmanager.
2.Nachdem ich svhost.exe geschlossen habe ist mein Bildschirm 2 sek. schwarz und danach kommt der Desktop wieder und mein Grafikkarten Treiber sagt das er wiederhergestellt wurde nach einem Fehler

. Ich habe dieses Problem schon länger und habe mich durch viele Foren gesucht . Ich hoffe ihr könnt mir helfen .

Danke im vorraus.

cosinus · 26.05.2013, 18:55

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Iceinsky69 · 26.05.2013, 19:13

Also es hat nie ein Program etwas gefunden (Virenscan : Kaspersky 2012) .oder Norton.Und wo finde ich die Log Files ? Der PC ist erst 2 Wochen alt .

cosinus · 26.05.2013, 19:18

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Erstmal eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

Iceinsky69 · 26.05.2013, 19:42

Soweit habe ich alles verstanden. Ich werde am 26.5.2013 die Logs Posten. Wo ich zu meine Frage komme : Wie lange habe ich Zeit anzuworten ?

cosinus · 26.05.2013, 19:54

Antworte einfach wenn du Zeit dazu hast. Ich sehe ja deine Antworten und werde das Abo auch nicht löschen. Lass dir aber bitte nicht allzuviel Zeit, sonst wird eine Analyse ziemlich sinnfrei (also nicht erst alle 4 Wochen posten oder so

)

Iceinsky69 · 27.05.2013, 13:03

Code:

ATTFilter

OTL logfile created on: 27.05.2013 13:55:43 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ff0\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,22 Gb Available Physical Memory | 77,93% Memory free
15,96 Gb Paging File | 14,18 Gb Available in Paging File | 88,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 36,42 Gb Free Space | 32,61% Space Free | Partition Type: NTFS
Drive I: | 465,76 Gb Total Space | 205,59 Gb Free Space | 44,14% Space Free | Partition Type: NTFS
 
Computer Name: FLORIAN-PC | User Name: ff0 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\ff0\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Hama\Common\RaUI.exe (Hama GmbH & Co KG)
PRC - C:\Program Files (x86)\Hama\Common\RalinkRegistryWriter.exe (Ralink Technology, Corp.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (ES lite Service) -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (RalinkRegistryWriter) -- C:\Program Files (x86)\Hama\Common\RalinkRegistryWriter.exe (Ralink Technology, Corp.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (VirtDiskBus) -- C:\Windows\SysNative\drivers\VirtDiskBus64.sys (Giga-Byte Technology CO., LTD.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (USBPNPA) -- C:\Windows\SysNative\drivers\CM10864.sys (C-Media Electronics Inc)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
 
IE - HKU\S-1-5-21-1574366264-1366440450-3420834865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Official Site - The Power To Do More | Dell
IE - HKU\S-1-5-21-1574366264-1366440450-3420834865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-1574366264-1366440450-3420834865-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1574366264-1366440450-3420834865-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1574366264-1366440450-3420834865-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1574366264-1366440450-3420834865-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1574366264-1366440450-3420834865-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Official Site - The Power To Do More | Dell
IE - HKU\S-1-5-21-1574366264-1366440450-3420834865-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-1574366264-1366440450-3420834865-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1574366264-1366440450-3420834865-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1574366264-1366440450-3420834865-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: I:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.05.14 18:17:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ff0\AppData\Roaming\mozilla\Extensions
[2013.05.20 14:33:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ff0\AppData\Roaming\mozilla\Firefox\Profiles\pht6t3i2.default\extensions
[2013.05.20 14:19:05 | 000,213,470 | ---- | M] () (No name found) -- C:\Users\ff0\AppData\Roaming\mozilla\firefox\profiles\pht6t3i2.default\extensions\torntv2@torntv.com.xpi
[2013.05.20 14:22:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\Extensions
[2013.05.14 18:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.14 18:17:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013.05.03 16:29:12 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1574366264-1366440450-3420834865-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-1574366264-1366440450-3420834865-1000..\Run: [Clownfish]  File not found
O4 - HKU\S-1-5-21-1574366264-1366440450-3420834865-1000..\Run: [uTorrent] C:\Users\ff0\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-21-1574366264-1366440450-3420834865-1000..\Run: [VSA] C:\Users\ff0\AppData\Roaming\Microsoft\VSA\9.0\VSA.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1574366264-1366440450-3420834865-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1574366264-1366440450-3420834865-1001..\Run: [THPanel] C:\Program Files (x86)\Thunder Master\THPanel.exe (Palit Microsystems Ltd.)
O4:64bit: - HKLM..\RunOnce: [RPMKickstart] C:\Programme\GIGABYTE\SmartRecovery2_x64\RPMKickstart.exe (Gigabyte Technology CO., LTD.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1574366264-1366440450-3420834865-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://I:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://I:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://I:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://I:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1574366264-1366440450-3420834865-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1574366264-1366440450-3420834865-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1574366264-1366440450-3420834865-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1574366264-1366440450-3420834865-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.96.0.cab (Battlefield Play4Free Updater)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41D03D22-A752-4E60-81AC-583A17BA94C0}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.27 13:54:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ff0\Desktop\OTL.exe
[2013.05.26 15:44:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.26 15:44:34 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.26 15:25:29 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Local\NVIDIA
[2013.05.26 15:24:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.05.26 15:22:40 | 000,194,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2013.05.26 15:22:40 | 000,031,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2013.05.25 18:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GTA IV San Andreas
[2013.05.25 18:26:27 | 025,256,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.05.25 18:26:27 | 021,096,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.05.25 18:26:27 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.05.25 18:26:27 | 009,233,688 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.05.25 18:26:27 | 007,682,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.05.25 18:26:27 | 007,641,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.05.25 18:26:27 | 006,324,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.05.25 18:26:27 | 002,942,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.05.25 18:26:27 | 002,754,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.05.25 18:26:27 | 002,597,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.05.25 18:26:27 | 002,363,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.05.25 18:26:27 | 002,002,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.05.25 18:26:27 | 001,832,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6432018.dll
[2013.05.25 18:26:27 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6432018.dll
[2013.05.25 18:26:27 | 000,925,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013.05.25 18:26:27 | 000,550,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2013.05.25 18:26:27 | 000,518,944 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2013.05.25 18:26:27 | 000,443,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2013.05.25 18:26:27 | 000,432,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2013.05.25 18:26:27 | 000,421,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2013.05.25 18:26:27 | 000,370,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2013.05.25 18:26:27 | 000,266,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013.05.25 18:26:27 | 000,218,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2013.05.25 18:26:27 | 000,214,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013.05.25 18:26:27 | 000,181,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2013.05.25 16:08:56 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\Minecraft Version Changer
[2013.05.25 11:08:43 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\.minecraft
[2013.05.24 19:57:50 | 000,000,000 | ---D | C] -- C:\Users\ff0\Desktop\plugins
[2013.05.24 14:13:53 | 000,000,000 | ---D | C] -- C:\Users\ff0\Documents\Gothic3ForsakenGods
[2013.05.24 13:57:40 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoWooD
[2013.05.24 13:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\OUTLAWS
[2013.05.24 00:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013.05.24 00:12:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013.05.24 00:06:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2013.05.23 23:57:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Terraria
[2013.05.23 23:57:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Terraria
[2013.05.23 18:34:55 | 000,000,000 | ---D | C] -- C:\Users\ff0\Documents\gothic3
[2013.05.23 18:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic III
[2013.05.21 12:17:30 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ipswDownloader
[2013.05.21 11:51:41 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\Apple Computer
[2013.05.21 11:51:41 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Local\Apple Computer
[2013.05.21 11:51:39 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2013.05.21 11:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.05.21 11:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.05.21 11:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.05.21 11:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.05.21 11:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.05.21 11:51:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013.05.21 11:51:19 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Local\Apple
[2013.05.21 11:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013.05.21 11:51:11 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013.05.21 11:51:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013.05.21 11:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013.05.21 11:51:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013.05.20 14:25:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pontifex II
[2013.05.20 14:19:04 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
[2013.05.20 14:19:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TornTV.com
[2013.05.20 11:18:59 | 000,000,000 | ---D | C] -- C:\Users\ff0\Documents\RCT3
[2013.05.20 11:18:59 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\Atari
[2013.05.19 16:47:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Halycon Media
[2013.05.19 16:47:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Halycon Media
[2013.05.19 16:31:49 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bridge Building Game
[2013.05.19 16:31:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bridge Building Game
[2013.05.19 15:48:03 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\Leadertech
[2013.05.19 15:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
[2013.05.18 10:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.05.17 14:33:15 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\skyz
[2013.05.16 15:20:40 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.16 15:20:40 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.16 15:20:40 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.05.16 15:20:39 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.16 15:20:39 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.05.16 15:20:39 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.05.16 15:20:39 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.05.16 15:20:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.16 15:20:39 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.05.16 15:20:39 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.05.16 15:20:39 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.05.16 15:20:39 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.05.16 15:20:37 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.16 15:20:37 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.16 15:20:37 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.16 13:59:25 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.16 13:59:25 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.16 13:59:21 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.16 13:59:21 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.16 13:59:21 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.16 13:59:21 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.16 13:59:18 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.15 21:43:48 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\FileZilla
[2013.05.15 21:43:43 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2013.05.15 21:43:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2013.05.15 14:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2013.05.14 18:17:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.13 19:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.05.13 19:03:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2013.05.13 15:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Orbit
[2013.05.13 15:38:04 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Local\Ubisoft Game Launcher
[2013.05.13 15:38:04 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2013.05.13 15:38:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2013.05.12 17:08:54 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\WindSolutions
[2013.05.12 17:08:53 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2013.05.12 15:43:36 | 000,566,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2013.05.12 10:53:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.05.12 10:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2013.05.11 10:36:04 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\Dream Aquarium
[2013.05.10 22:16:36 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\Publish Providers
[2013.05.10 21:57:30 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Local\Sony
[2013.05.10 21:56:50 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\Sony
[2013.05.10 21:06:23 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\Teeworlds
[2013.05.10 15:09:24 | 000,000,000 | ---D | C] -- C:\Users\ff0\Documents\Skype Voice Records
[2013.05.10 15:09:24 | 000,000,000 | ---D | C] -- C:\Users\ff0\Documents\Clownfish Avatars
[2013.05.10 15:08:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Clownfish
[2013.05.10 13:33:14 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Local\mcpatcher
[2013.05.09 19:32:27 | 000,000,000 | ---D | C] -- C:\Users\ff0\.aria2
[2013.05.09 19:02:19 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\EvolutionClips
[2013.05.09 18:18:26 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp
[2013.05.09 18:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SearchNewTab
[2013.05.09 18:08:23 | 000,000,000 | ---D | C] -- C:\ProgramData\coonytiynnueotiosave
[2013.05.09 16:03:13 | 000,000,000 | ---D | C] -- C:\Users\ff0\Documents\Battlefield 3
[2013.05.06 16:28:16 | 000,000,000 | ---D | C] -- C:\Users\ff0\Documents\Benutzerdefinierte Office-Vorlagen
[2013.05.06 14:38:16 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Local\Microsoft Help
[2013.05.06 14:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013.05.05 06:56:46 | 000,000,000 | ---D | C] -- C:\Users\ff0\Documents\Rockstar Games
[2013.05.05 06:54:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2013.05.05 06:52:13 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Local\Rockstar Games
[2013.05.05 06:48:27 | 000,000,000 | RH-D | C] -- C:\Users\ff0\AppData\Roaming\SecuROM
[2013.05.04 12:32:31 | 000,000,000 | ---D | C] -- C:\AMD
[2013.05.04 10:12:42 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Local\AMD
[2013.05.04 10:12:41 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\ATI
[2013.05.04 10:12:41 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Local\ATI
[2013.05.04 10:12:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2013.05.03 17:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2013.05.03 06:43:09 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Local\Programs
[2013.04.30 06:41:57 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Local\GameSpy
[2013.04.30 06:41:55 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Local\ApplicationHistory
[2013.04.30 05:55:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2013.04.30 05:53:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2013.04.29 14:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.04.29 14:20:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.04.29 14:20:16 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Local\Google
[2013.04.27 20:52:34 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Local\LogMeIn Hamachi
[2013.04.27 16:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2013.04.27 16:09:06 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013.04.27 16:09:04 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\DAEMON Tools Lite
[2013.04.27 16:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.27 13:54:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ff0\Desktop\OTL.exe
[2013.05.27 13:52:14 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2013.05.27 13:52:14 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.27 13:52:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.27 13:52:06 | 2132,709,375 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.26 18:31:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.26 15:58:21 | 000,021,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.26 15:58:21 | 000,021,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.26 15:56:21 | 001,643,622 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.26 15:56:21 | 000,707,706 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.26 15:56:21 | 000,661,302 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.26 15:56:21 | 000,153,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.26 15:56:21 | 000,125,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.26 15:38:36 | 000,000,168 | ---- | M] () -- C:\Users\ff0\defogger_reenable
[2013.05.26 15:25:14 | 000,001,351 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013.05.25 18:58:41 | 000,000,505 | ---- | M] () -- C:\Users\Public\Desktop\GTA IV San Andreas.lnk
[2013.05.25 12:26:21 | 000,003,402 | ---- | M] () -- C:\Users\ff0\Desktop\launcher.bat
[2013.05.24 19:42:28 | 000,001,001 | ---- | M] () -- C:\Users\ff0\AppData\Local\RT3070_{41D03D22-A752-4E60-81AC-583A17BA94C0}_wsc
[2013.05.24 17:11:57 | 000,000,854 | ---- | M] () -- C:\Users\ff0\AppData\Local\RT3070_{41D03D22-A752-4E60-81AC-583A17BA94C0}_prof
[2013.05.24 17:11:56 | 000,000,880 | ---- | M] () -- C:\Users\ff0\AppData\Local\RT3070_{41D03D22-A752-4E60-81AC-583A17BA94C0}_sta
[2013.05.24 13:57:40 | 000,000,666 | ---- | M] () -- C:\Users\ff0\Desktop\Gothic III - Götterdämmerung.lnk
[2013.05.24 00:12:04 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2013.05.24 00:08:10 | 001,620,580 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.05.23 23:57:49 | 000,000,794 | ---- | M] () -- C:\Users\ff0\Desktop\Terraria.lnk
[2013.05.23 18:32:34 | 000,000,814 | ---- | M] () -- C:\Users\Public\Desktop\Gothic III.lnk
[2013.05.21 11:51:40 | 000,001,573 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.05.20 15:32:07 | 000,000,720 | ---- | M] () -- C:\Users\ff0\Desktop\FaceWorks Real-time Performance Capture.lnk
[2013.05.20 10:42:27 | 005,053,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.19 16:47:50 | 000,001,258 | ---- | M] () -- C:\Users\ff0\Desktop\Bridge Builder 2 Demo.lnk
[2013.05.19 15:47:04 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk
[2013.05.19 15:17:03 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.19 15:17:03 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.18 10:48:41 | 000,138,790 | ---- | M] () -- C:\Users\ff0\Documents\cc_20130518_104837.reg
[2013.05.18 10:46:36 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.05.17 19:59:40 | 000,000,997 | ---- | M] () -- C:\Users\ff0\Desktop\Crysis 3.lnk
[2013.05.15 18:25:46 | 000,001,590 | ---- | M] () -- C:\Users\ff0\Desktop\Crysis 2.lnk
[2013.05.15 14:11:29 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.05.15 14:11:25 | 000,669,184 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2013.05.15 14:11:25 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.05.15 14:11:01 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\Crysis.lnk
[2013.05.14 18:17:22 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.05.13 19:04:18 | 000,001,563 | ---- | M] () -- C:\Users\ff0\Desktop\Farcry 3.lnk
[2013.05.12 23:42:27 | 027,775,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.05.12 23:42:27 | 025,256,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.05.12 23:42:27 | 021,096,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.05.12 23:42:27 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.05.12 23:42:27 | 015,910,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013.05.12 23:42:27 | 015,143,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.05.12 23:42:27 | 013,403,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.05.12 23:42:27 | 012,426,216 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.05.12 23:42:27 | 009,233,688 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.05.12 23:42:27 | 007,682,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.05.12 23:42:27 | 007,641,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.05.12 23:42:27 | 006,324,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.05.12 23:42:27 | 002,942,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.05.12 23:42:27 | 002,935,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013.05.12 23:42:27 | 002,754,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.05.12 23:42:27 | 002,597,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.05.12 23:42:27 | 002,363,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.05.12 23:42:27 | 002,002,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.05.12 23:42:27 | 001,832,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6432018.dll
[2013.05.12 23:42:27 | 001,511,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6432018.dll
[2013.05.12 23:42:27 | 001,059,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2013.05.12 23:42:27 | 000,925,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013.05.12 23:42:27 | 000,550,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2013.05.12 23:42:27 | 000,518,944 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2013.05.12 23:42:27 | 000,443,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2013.05.12 23:42:27 | 000,432,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2013.05.12 23:42:27 | 000,421,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2013.05.12 23:42:27 | 000,370,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2013.05.12 23:42:27 | 000,266,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013.05.12 23:42:27 | 000,218,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2013.05.12 23:42:27 | 000,214,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013.05.12 23:42:27 | 000,181,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2013.05.12 23:42:27 | 000,061,216 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013.05.12 23:42:27 | 000,053,024 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013.05.12 23:42:27 | 000,020,536 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013.05.12 22:34:14 | 006,491,936 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2013.05.12 22:34:14 | 003,514,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2013.05.12 22:34:12 | 002,555,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2013.05.12 22:34:12 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2013.05.12 22:34:11 | 000,237,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2013.05.12 15:43:36 | 000,566,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2013.05.12 11:08:14 | 000,017,408 | ---- | M] () -- C:\Users\ff0\AppData\Local\WebpageIcons.db
[2013.05.11 08:59:39 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2013.05.10 22:36:18 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\etdrv.sys
[2013.05.10 22:31:53 | 000,007,602 | ---- | M] () -- C:\Users\ff0\AppData\Local\resmon.resmoncfg
[2013.05.10 21:59:05 | 000,002,608 | ---- | M] () -- C:\Users\ff0\Documents\Vegas Pro registrieren.htm
[2013.05.10 06:23:03 | 000,000,986 | ---- | M] () -- C:\Users\ff0\Desktop\Battlefield 3.lnk
[2013.05.08 16:13:10 | 003,165,737 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2013.05.05 06:47:06 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk
[2013.05.03 15:13:21 | 001,329,671 | ---- | M] () -- C:\Users\ff0\Desktop\minecraft.exe
[2013.05.03 06:45:05 | 000,001,801 | ---- | M] () -- C:\Users\ff0\AppData\Roaming\System Monitor II_CPU0_Settings.ini
[2013.05.03 06:24:32 | 000,000,576 | ---- | M] () -- C:\Users\ff0\AppData\Roaming\All CPU MeterV3_Settings.ini
[2013.05.02 16:56:51 | 000,001,099 | ---- | M] () -- C:\Users\ff0\Desktop\Slender - The Eight Pages.lnk
[2013.04.30 06:41:55 | 000,000,091 | ---- | M] () -- C:\Users\ff0\AppData\Local\fusioncache.dat
[2013.04.27 23:26:32 | 000,001,456 | ---- | M] () -- C:\Users\ff0\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2013.04.27 16:14:09 | 000,001,715 | ---- | M] () -- C:\Users\ff0\Desktop\Photoshop.lnk
[2013.04.27 16:09:36 | 000,000,858 | ---- | M] () -- C:\Users\Public\Desktop\Deamon Tools.lnk
[2013.04.27 16:09:06 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.26 15:38:36 | 000,000,168 | ---- | C] () -- C:\Users\ff0\defogger_reenable
[2013.05.26 15:25:14 | 000,001,351 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013.05.25 18:58:41 | 000,000,505 | ---- | C] () -- C:\Users\Public\Desktop\GTA IV San Andreas.lnk
[2013.05.25 12:26:21 | 000,003,402 | ---- | C] () -- C:\Users\ff0\Desktop\launcher.bat
[2013.05.24 16:59:07 | 000,001,001 | ---- | C] () -- C:\Users\ff0\AppData\Local\RT3070_{41D03D22-A752-4E60-81AC-583A17BA94C0}_wsc
[2013.05.24 13:57:40 | 000,000,666 | ---- | C] () -- C:\Users\ff0\Desktop\Gothic III - Götterdämmerung.lnk
[2013.05.23 23:57:49 | 000,000,794 | ---- | C] () -- C:\Users\ff0\Desktop\Terraria.lnk
[2013.05.23 18:32:34 | 000,000,814 | ---- | C] () -- C:\Users\Public\Desktop\Gothic III.lnk
[2013.05.21 11:51:40 | 000,001,573 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.05.21 11:51:19 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013.05.20 15:32:07 | 000,000,720 | ---- | C] () -- C:\Users\ff0\Desktop\FaceWorks Real-time Performance Capture.lnk
[2013.05.20 10:42:21 | 005,053,960 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.19 16:47:50 | 000,001,258 | ---- | C] () -- C:\Users\ff0\Desktop\Bridge Builder 2 Demo.lnk
[2013.05.19 15:47:04 | 000,000,881 | ---- | C] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk
[2013.05.18 10:48:39 | 000,138,790 | ---- | C] () -- C:\Users\ff0\Documents\cc_20130518_104837.reg
[2013.05.18 10:46:36 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.05.17 19:59:44 | 000,000,997 | ---- | C] () -- C:\Users\ff0\Desktop\Crysis 3.lnk
[2013.05.15 18:25:48 | 000,001,590 | ---- | C] () -- C:\Users\ff0\Desktop\Crysis 2.lnk
[2013.05.15 14:11:25 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013.05.15 14:11:25 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.05.15 14:11:25 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.05.15 14:11:01 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\Crysis.lnk
[2013.05.14 18:17:22 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.05.14 18:17:22 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.05.13 19:04:22 | 000,001,563 | ---- | C] () -- C:\Users\ff0\Desktop\Farcry 3.lnk
[2013.05.13 19:03:40 | 000,002,555 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
[2013.05.12 11:08:14 | 000,017,408 | ---- | C] () -- C:\Users\ff0\AppData\Local\WebpageIcons.db
[2013.05.10 21:59:05 | 000,002,608 | ---- | C] () -- C:\Users\ff0\Documents\Vegas Pro registrieren.htm
[2013.05.10 06:23:04 | 000,000,986 | ---- | C] () -- C:\Users\ff0\Desktop\Battlefield 3.lnk
[2013.05.05 06:47:06 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk
[2013.05.03 15:13:02 | 001,329,671 | ---- | C] () -- C:\Users\ff0\Desktop\minecraft.exe
[2013.05.03 06:44:04 | 000,001,801 | ---- | C] () -- C:\Users\ff0\AppData\Roaming\System Monitor II_CPU0_Settings.ini
[2013.05.02 16:56:53 | 000,001,099 | ---- | C] () -- C:\Users\ff0\Desktop\Slender - The Eight Pages.lnk
[2013.04.30 18:08:49 | 000,000,576 | ---- | C] () -- C:\Users\ff0\AppData\Roaming\All CPU MeterV3_Settings.ini
[2013.04.30 06:41:55 | 000,000,091 | ---- | C] () -- C:\Users\ff0\AppData\Local\fusioncache.dat
[2013.04.29 14:20:18 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.29 14:20:18 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.27 23:26:32 | 000,001,456 | ---- | C] () -- C:\Users\ff0\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2013.04.27 16:14:09 | 000,001,715 | ---- | C] () -- C:\Users\ff0\Desktop\Photoshop.lnk
[2013.04.27 16:09:36 | 000,000,858 | ---- | C] () -- C:\Users\Public\Desktop\Deamon Tools.lnk
[2013.04.27 15:00:34 | 000,001,534 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
[2013.04.25 15:20:14 | 000,000,132 | ---- | C] () -- C:\Users\ff0\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
[2013.04.24 16:26:26 | 000,004,608 | ---- | C] () -- C:\Users\ff0\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.04.15 00:16:28 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2013.04.12 20:52:50 | 000,007,602 | ---- | C] () -- C:\Users\ff0\AppData\Local\resmon.resmoncfg
[2013.04.12 18:56:47 | 001,620,580 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.04.12 18:36:16 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2013.04.12 18:29:00 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2013.04.12 18:16:03 | 000,139,264 | R--- | C] () -- C:\Windows\Vmix108.dll
[2013.04.12 18:15:53 | 000,000,213 | ---- | C] () -- C:\Windows\Cm108.ini.cfl
[2013.04.12 18:11:18 | 000,002,029 | R--- | C] () -- C:\Windows\Cm108.ini.cfg
[2013.04.12 18:11:18 | 000,000,081 | ---- | C] () -- C:\Windows\Cm108.ini.imi
[2013.04.12 18:01:48 | 000,000,880 | ---- | C] () -- C:\Users\ff0\AppData\Local\RT3070_{41D03D22-A752-4E60-81AC-583A17BA94C0}_sta
[2013.04.12 18:01:45 | 000,000,854 | ---- | C] () -- C:\Users\ff0\AppData\Local\RT3070_{41D03D22-A752-4E60-81AC-583A17BA94C0}_prof
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

--- --- ---
");
//-->
</script>

<script type="text/javascript">
<!--
alert("OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 27.05.2013 13:55:43 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ff0\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,22 Gb Available Physical Memory | 77,93% Memory free
15,96 Gb Paging File | 14,18 Gb Available in Paging File | 88,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 36,42 Gb Free Space | 32,61% Space Free | Partition Type: NTFS
Drive I: | 465,76 Gb Total Space | 205,59 Gb Free Space | 44,14% Space Free | Partition Type: NTFS
 
Computer Name: FLORIAN-PC | User Name: ff0 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-1574366264-1366440450-3420834865-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "I:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "I:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "I:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "I:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0363BC8C-4D7C-462A-992F-7DE81417B67C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0B4EEECD-2B1F-4ADA-8EA0-98DC33DE0B57}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0E5CA1C3-C954-40D2-9C99-3019E1C0F210}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{27D0F1C3-BDAF-46D8-AF6D-08CD90B81CD3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2931C517-44CB-4F6B-BAD8-2022F1C333C8}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{391812B8-0EF7-495E-ADF2-C2BD136E7312}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3E64A345-06DF-478B-8645-60B3537BF1AC}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{40788638-D241-49C0-9DA7-DCC5D3EC4BF6}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{4296BC9F-3A5D-45E6-A451-9C10175794C5}" = rport=445 | protocol=6 | dir=out | app=system | 
"{47C4C57C-F655-4CA5-956C-21963CBAF0EA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{554ABB0D-58AA-4372-AFC3-CA162A491DF9}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{593C4CBB-55C2-4E88-9C5A-F48DEB4E36DA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5D990744-3137-4485-A1FB-BD3891ACA63C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{784DABF1-8191-46C4-B08C-1E07D1CE1838}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7E1E143C-72AC-4685-B7C9-36E119B42F01}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{920579AC-DAE3-4305-AE6F-152517951D21}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A1277A6C-22C5-4543-B8A1-E7ABE18A3426}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A9A29B61-B02C-465C-98F0-B7FF9A6A4A78}" = lport=137 | protocol=17 | dir=in | app=system | 
"{AD606871-B259-4E78-A866-0EA2D3CE2A74}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B237A477-F225-42A2-B4B7-7CDBFA5AA8A5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B85CD2E8-76FB-4601-AF95-05E22EA598E1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C0A18DE9-5C92-4991-AD04-5FE8713C77A3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D8EFC870-8E52-4541-BE78-7B3573B33C31}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DC564496-6840-4E11-B322-3BCC7554617B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E464AC6B-AC36-4D35-AC45-08C23A4CD3A3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EEE108A4-BA9A-4B69-91EE-D28B1E551AD7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F7946832-0FD7-46A4-8BD4-0BDE1FBCB471}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F86A5AEF-FC7D-4F92-98AA-E69E255FCA2A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FD44FF4B-F56E-4497-9876-61F1970EDD1A}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04A6D14E-E5DE-4B76-BFB1-6561C7C51460}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{0B37C2FC-A78E-4964-AC4F-69EBBD93E884}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0F8F20F6-C906-46EE-9253-7B25FC9FDFFC}" = protocol=6 | dir=in | app=i:\steamlibrary\steamapps\common\cry of fear\cof.exe | 
"{1139085D-2816-473B-9508-60C40DDED4F3}" = protocol=6 | dir=in | app=i:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{178CB582-7B7A-4B04-868E-F3B5B1C87FCF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{1A1785FD-626C-43C5-B598-90313D57F27A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{1EE3435E-40F2-4823-8AD5-05ABDB6FC535}" = protocol=6 | dir=in | app=i:\steamlibrary\steamapps\common\renaissance heroes\binaries\win32\dvgame.exe | 
"{2197BFB9-DEA1-42A1-8B29-1507DEC4CCFA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{2D3B66B4-7B71-489D-9CC1-D616A08BE4A9}" = protocol=6 | dir=in | app=i:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{336512CD-EE71-4CC8-A207-0651DC6122B1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{33A58ACC-D5CC-4555-9497-59342673C501}" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"{373521AA-6ADE-4E15-AC07-51F196C330A1}" = protocol=17 | dir=in | app=i:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{3B15DF58-5EF6-4CC2-B44E-99BD6073A6D9}" = protocol=6 | dir=in | app=i:\program files (x86)\bfp4f.exe | 
"{3B35C45C-18B3-43A7-836C-4B4D303BCD99}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3D2DFB7F-EEBC-4413-ADAB-4D0808A12FFB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3F610C58-A7ED-4EC1-AC6A-819BAE779D69}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{415A3EEB-E321-4654-8A62-D57EEEA6939D}" = dir=in | app=i:\program files (x86)\itunes\itunes.exe | 
"{4183BE3F-3AFD-4AEA-8BD7-9EFDB20D02D5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{44DB8911-B4D1-4D21-B6A3-1E761DA06B2B}" = protocol=17 | dir=in | app=i:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe | 
"{48EE4A34-9E32-459B-B54C-033593B8C9FA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{490726F4-8B23-4AF7-814C-F5B9C716BE53}" = protocol=6 | dir=in | app=i:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
"{4A5C5598-94BF-473A-8EDD-550052D236F4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | 
"{4EC5EF98-CC3D-4EE2-A39B-0EC9DA319A94}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{569B2568-6D76-4FD8-A2CE-AB57A23F626E}" = protocol=17 | dir=in | app=i:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{579C1D25-BAD5-44C4-890D-27B413138034}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{5AED61CD-DF05-477E-9648-1758E1CEB6AB}" = protocol=17 | dir=in | app=i:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{5B5AD305-12CA-483B-BF58-24732A38AE0F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5C3A8DB5-F25B-4954-AE27-E9109041C8F3}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{621F8CC5-24A7-4460-8AD3-22C47A374DC6}" = protocol=17 | dir=in | app=i:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{6784C339-1878-41BC-B6FB-93A0D150B8E6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{68254A47-266B-4A21-AAAE-CCD3C6AF01F8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6C40B029-CFFA-4C34-8305-D18F8CA3B4DB}" = protocol=6 | dir=in | app=i:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{6D786A21-5837-4A6E-AB15-1AA2641051D7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{705EC8C6-69AE-444C-AFCE-6CBF54DD8C35}" = protocol=6 | dir=in | app=i:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{73A4F7FB-92D2-46B0-B030-9B04136C24E4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{764263A0-4437-4C68-970C-7F3F447DF51D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | 
"{79FB9E34-95C6-44D2-83A0-D59EE5CAEFBF}" = protocol=17 | dir=in | app=i:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{7BA502D5-029C-43ED-A344-FF77606D2657}" = protocol=17 | dir=in | app=i:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3_blooddragon.exe | 
"{7C9A31A3-30AE-4605-A095-298C8E861CE2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{80451975-8BBF-41E5-ACC8-D928FB6B9127}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{818FAFCB-74C5-4CEE-803B-ABEB87F94004}" = protocol=6 | dir=in | app=c:\users\ff0\appdata\roaming\utorrent\utorrent.exe | 
"{835E8C41-B1C3-4B30-95C5-76C59FBD2DAE}" = protocol=17 | dir=in | app=k:\sebastian\call of duty 4 - modern warfare\cod4multiplayer.exe | 
"{86976817-BD28-4BE2-8D1C-C7305FB79175}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8915D342-84F7-44FC-B5E6-6E9767D9CF80}" = protocol=6 | dir=in | app=i:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{89536977-19E2-4A08-9C71-4802C36231AB}" = protocol=58 | dir=in | app=system | 
"{8AE2DEF3-23B5-4082-8B26-7CBAB461207A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8C744026-D9D5-485C-B5CD-E1714CC06540}" = protocol=17 | dir=in | app=c:\users\ff0\appdata\roaming\evolutionclips\downloader\aria2c.exe | 
"{9C1D5F9F-58D0-48FA-BB9B-486C9C4BF745}" = protocol=17 | dir=in | app=i:\steamlibrary\steamapps\common\renaissance heroes\binaries\win32\dvgame.exe | 
"{A61E6B48-5B7F-44ED-8352-3B497E20CDA8}" = protocol=17 | dir=in | app=i:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe | 
"{A6AA8577-8DC8-4C1C-808C-1FF4EB132DC3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{AD91668C-BBCD-4FB5-9546-90A23D84619D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{ADC6E036-01FA-43BB-BD2A-D5C6172C80E1}" = protocol=6 | dir=out | app=system | 
"{B0244381-4992-47B3-8B77-B0B32D954C8E}" = protocol=6 | dir=in | app=i:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe | 
"{B17BD717-4C93-4885-AD1A-6CCC919EB9E2}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{B1BF71B7-999C-4E69-8563-D3E6C5B55730}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{B1EACDF0-6E4E-4993-A185-FEC87F6975D6}" = protocol=17 | dir=in | app=i:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3bdupdater.exe | 
"{B51ACC14-BA6E-4CFF-9C8D-323A81C00489}" = protocol=6 | dir=in | app=i:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe | 
"{B684070F-AA56-4A8C-B470-0A332BFB573A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{B6C68AAF-66F5-47A4-9B44-F9AF2821B34E}" = protocol=17 | dir=in | app=c:\users\ff0\appdata\roaming\utorrent\utorrent.exe | 
"{B7C83D81-B658-44AB-8BD6-90555D96AFD5}" = protocol=6 | dir=in | app=i:\crysis 3\bin32\crysis3.exe | 
"{BB8EBC52-596B-4542-BB69-7DE1FC965E08}" = protocol=6 | dir=in | app=i:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3bdupdater.exe | 
"{C07B9847-C62C-43BA-A616-8E51188F9E22}" = protocol=17 | dir=in | app=i:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{C09C7C03-4EC7-4A3A-8BC2-6D35D4798538}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C1916F53-A7B8-4AC8-A5BE-4EB19B14473A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C64B8A06-8519-4A41-A29A-0D7A13F59C82}" = protocol=6 | dir=in | app=k:\sebastian\call of duty 4 - modern warfare\cod4multiplayer.exe | 
"{CB5DEE3C-FCA9-4B39-B976-B2A5D58515AD}" = protocol=17 | dir=in | app=i:\program files (x86)\bfp4f.exe | 
"{D2FBB74A-1249-4038-81A3-BACA043CB736}" = protocol=6 | dir=in | app=c:\users\ff0\appdata\roaming\evolutionclips\downloader\aria2c.exe | 
"{D5C64FB6-2CA9-4F5B-82E4-794C171EA0A9}" = protocol=6 | dir=in | app=i:\program files (x86)\ubisoft\far cry 3 blood dragon\bin\fc3_blooddragon.exe | 
"{D8729DB4-A848-41D9-BA2C-B4CABB27B0EF}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{D8E02166-2B79-4BCD-8025-121DE62C9174}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DAE269F5-F98A-47E5-AD82-1315C54B7CAB}" = protocol=17 | dir=in | app=i:\crysis 3\bin32\crysis3.exe | 
"{DBD28805-C10B-4428-A473-D4AB072A86BE}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{DE14904C-BACD-4697-8621-E2D020945861}" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"{E4CDD321-DAEC-4132-A4DC-E64AC6B44167}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E4EB5A6B-E0F9-4588-9582-C94696146988}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E6061D68-94F7-4297-9FDC-8B60247BAD05}" = protocol=6 | dir=in | app=i:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{EB689FF7-512E-4A14-9F7C-9FF71AF10820}" = protocol=17 | dir=in | app=i:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
"{EC00D2B9-75F6-47C6-9827-FB9BFF88B950}" = protocol=6 | dir=in | app=i:\program files (x86)\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe | 
"{EEEEF917-0802-4C3B-BF2D-77FAF04B4E40}" = protocol=17 | dir=in | app=i:\program files (x86)\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe | 
"{EF793731-AC0A-4BEE-85B3-6A72AEC78526}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F07A49A4-2F9C-4A97-9504-2F66AB87A899}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F20FB398-42C3-48C4-9FFE-CC7DD53B73AE}" = protocol=17 | dir=in | app=i:\steamlibrary\steamapps\common\cry of fear\cof.exe | 
"{F3AB934E-6EE2-40F2-B959-E2E388057455}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F6ED9E39-487B-4286-97A2-5DE0CB1E686C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{FE2B3783-B455-4F6F-A94E-7EF68E2D9379}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{1DC3D7E8-57BF-4323-8A17-4A93388D9F85}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{3D2E7363-A502-491E-844C-3AC1ED9BE8D7}I:\steamlibrary\steamapps\common\cry of fear\cof.exe" = protocol=6 | dir=in | app=i:\steamlibrary\steamapps\common\cry of fear\cof.exe | 
"TCP Query User{4A653CAF-0208-4746-A958-D708CBD34146}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{57DA80A3-1DAA-41C5-918F-BDCE42895C04}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | 
"TCP Query User{6CD4B06C-B35B-4267-A541-92130EB40ECF}I:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=i:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe | 
"TCP Query User{742F6EF5-BB23-4CCA-B362-9A8277D915B9}I:\steamlibrary\steamapps\common\renaissance heroes\binaries\win32\dvgame.exe" = protocol=6 | dir=in | app=i:\steamlibrary\steamapps\common\renaissance heroes\binaries\win32\dvgame.exe | 
"TCP Query User{849FD665-73FF-4C70-8DF1-0301311EE4B9}I:\program files (x86)\bfp4f.exe" = protocol=6 | dir=in | app=i:\program files (x86)\bfp4f.exe | 
"TCP Query User{8627B05A-66A9-4653-BDE7-CCFA191715BD}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"TCP Query User{B3128D10-F1AB-4498-A9BB-BF2EBCA3DACA}C:\users\ff0\appdata\roaming\evolutionclips\downloader\aria2c.exe" = protocol=6 | dir=in | app=c:\users\ff0\appdata\roaming\evolutionclips\downloader\aria2c.exe | 
"TCP Query User{C7DD3A75-9DB4-4601-890A-3DB81FA9ECEC}K:\sebastian\call of duty 4 - modern warfare\cod4multiplayer.exe" = protocol=6 | dir=in | app=k:\sebastian\call of duty 4 - modern warfare\cod4multiplayer.exe | 
"TCP Query User{E418A0C3-C90E-45DF-9FBC-C56789F45563}I:\crysis 3\bin32\crysis3.exe" = protocol=6 | dir=in | app=i:\crysis 3\bin32\crysis3.exe | 
"TCP Query User{E5BC5648-0F13-454E-BD9D-6326BFDCB790}I:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=i:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
"UDP Query User{1A19C67F-7B89-4447-92B4-E739B642EA61}I:\crysis 3\bin32\crysis3.exe" = protocol=17 | dir=in | app=i:\crysis 3\bin32\crysis3.exe | 
"UDP Query User{1D83EE31-847C-4A58-B512-0CC1BE05D210}I:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=i:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
"UDP Query User{23F7F0D5-B4A8-4838-9B6C-5917B04F63C8}K:\sebastian\call of duty 4 - modern warfare\cod4multiplayer.exe" = protocol=17 | dir=in | app=k:\sebastian\call of duty 4 - modern warfare\cod4multiplayer.exe | 
"UDP Query User{42B0CED6-2EA4-4B45-980A-C440394418FF}I:\program files (x86)\bfp4f.exe" = protocol=17 | dir=in | app=i:\program files (x86)\bfp4f.exe | 
"UDP Query User{6C8098DC-064F-4DD6-8AB0-B436E57AC105}I:\steamlibrary\steamapps\common\renaissance heroes\binaries\win32\dvgame.exe" = protocol=17 | dir=in | app=i:\steamlibrary\steamapps\common\renaissance heroes\binaries\win32\dvgame.exe | 
"UDP Query User{9826F5A0-4456-4A43-BDA4-1A7C6999D562}I:\steamlibrary\steamapps\common\cry of fear\cof.exe" = protocol=17 | dir=in | app=i:\steamlibrary\steamapps\common\cry of fear\cof.exe | 
"UDP Query User{99E305D4-F835-41A0-8A29-A8A8472F2507}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | 
"UDP Query User{9A18ED0B-D7DC-43E2-93E1-8FD5724875AF}I:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=i:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe | 
"UDP Query User{DF0BAB5E-D2E3-4E29-A2B1-33446FACE635}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{EA6052B7-82DE-4D55-BC04-CC39B86DADFD}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"UDP Query User{F704372B-6CD7-40F0-844D-EB5190F34F90}C:\users\ff0\appdata\roaming\evolutionclips\downloader\aria2c.exe" = protocol=17 | dir=in | app=c:\users\ff0\appdata\roaming\evolutionclips\downloader\aria2c.exe | 
"UDP Query User{F7C71488-FB3F-468A-BA42-8B1908EAB68C}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7FCDABCC-1A1E-4D61-909D-BA9495172774}" = iTunes
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}" = AMD Catalyst Install Manager
"{A528BDDE-9C9F-11E2-9F0C-F04DA23A5C58}" = MSVCRT Redists
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"C-Media CM108 Like Sound Driver" = USB PnP Sound Device
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"VLC media player" = VLC media player 2.0.6
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{071C7765-12DF-47CE-A377-DEEDF088D158}" = GTA IV: San Andreas
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1 
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A844D8F-A965-11E2-9E77-B8AC6F98CCE3}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{32A3A4F4-B792-11D6-A78A-00B0D0170170}" = Java SE Development Kit 7 Update 17
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0509.1
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5A883D2B-D279-0D01-6E62-B810AFD8CC62}" = Catalyst Control Center InstallProxy
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8F6F7194-0734-4CDA-8C04-6B766F2241A6}" = Camtasia Studio 8
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Hama Wireless LAN Adapter
"{912CE296-3D73-4A9D-B3FB-70A5CF7A8568}" = Empire Earth Ultimate Edition
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A071F478-73E0-4143-AE55-4DD6BABD74F5}" = Far Cry 3 Blood Dragon
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1FD3035-DD6F-4A17-BC30-784E97EFBC68}" = Gothic III - Forsaken Gods
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{EE04522C-0814-4B63-AE57-0B63E5A355BB}_is1" = Thunder Master v1.6
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9706A8C-D740-42CA-8703-E08EDD0F0778}" = LogMeIn Hamachi
"{FA8E7AF5-C70E-3274-9740-9E697FBD5BB7}" = Microsoft Primary Interoperability Assemblies 2010
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Bridge Builder 2 Demo" = Bridge Builder 2 Demo
"Bridge Building Game" = Bridge Building Game
"Clownfish" = Clownfish for Skype
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DAEMON Tools Lite" = DAEMON Tools Lite
"FaceWorks" = NVIDIA FaceWorks: Real-time Performance Capture Demo
"FL Studio 10" = FL Studio 10
"Fraps" = Fraps (remove only)
"Free YouTube Download_is1" = Free YouTube Download version 3.2.1.320
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"Game Booster_is1" = Game Booster 3
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0509.1
"ipswDownloader" = ipswDownloader 1.6
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"NoIPDUC" = No-IP DUC
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"Steam App 200210" = Realm of the Mad God
"Steam App 206500" = AirMech
"Steam App 212070" = Star Conflict
"Steam App 218230" = PlanetSide 2
"Steam App 221790" = Renaissance Heroes
"Steam App 223710" = Cry of Fear
"Steam App 224540" = Ace of Spades
"Steam App 40100" = Supreme Commander 2
"Steam App 440" = Team Fortress 2
"Steam App 99900" = Spiral Knights
"TeamViewer 8" = TeamViewer 8
"Terraria_is1" = Terraria v1.1.2
"Uplay" = Uplay
"uTorrent" = µTorrent
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1574366264-1366440450-3420834865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"FileZilla Client" = FileZilla Client 3.7.0.1
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.05.2013 09:51:36 | Computer Name = Florian-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.05.2013 07:52:30 | Computer Name = Florian-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 26.05.2013 09:51:18 | Computer Name = Florian-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   VirtDiskBus
 
Error - 26.05.2013 09:51:19 | Computer Name = Florian-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 27.05.2013 07:52:13 | Computer Name = Florian-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   VirtDiskBus
 
 
< End of report >

--- --- ---
");
//-->
</script>

Iceinsky69 · 27.05.2013, 13:09

Code:

ATTFilter

OTL logfile created on: 27.05.2013 13:55:43 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ff0\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,22 Gb Available Physical Memory | 77,93% Memory free
15,96 Gb Paging File | 14,18 Gb Available in Paging File | 88,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 36,42 Gb Free Space | 32,61% Space Free | Partition Type: NTFS
Drive I: | 465,76 Gb Total Space | 205,59 Gb Free Space | 44,14% Space Free | Partition Type: NTFS
 
Computer Name: FLORIAN-PC | User Name: ff0 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\ff0\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Hama\Common\RaUI.exe (Hama GmbH & Co KG)
PRC - C:\Program Files (x86)\Hama\Common\RalinkRegistryWriter.exe (Ralink Technology, Corp.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (ES lite Service) -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (RalinkRegistryWriter) -- C:\Program Files (x86)\Hama\Common\RalinkRegistryWriter.exe (Ralink Technology, Corp.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (VirtDiskBus) -- C:\Windows\SysNative\drivers\VirtDiskBus64.sys (Giga-Byte Technology CO., LTD.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (USBPNPA) -- C:\Windows\SysNative\drivers\CM10864.sys (C-Media Electronics Inc)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
 
IE - HKU\S-1-5-21-1574366264-1366440450-3420834865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
IE - HKU\S-1-5-21-1574366264-1366440450-3420834865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1574366264-1366440450-3420834865-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1574366264-1366440450-3420834865-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1574366264-1366440450-3420834865-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1574366264-1366440450-3420834865-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1574366264-1366440450-3420834865-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
IE - HKU\S-1-5-21-1574366264-1366440450-3420834865-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1574366264-1366440450-3420834865-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1574366264-1366440450-3420834865-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1574366264-1366440450-3420834865-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: I:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.05.14 18:17:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ff0\AppData\Roaming\mozilla\Extensions
[2013.05.20 14:33:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ff0\AppData\Roaming\mozilla\Firefox\Profiles\pht6t3i2.default\extensions
[2013.05.20 14:19:05 | 000,213,470 | ---- | M] () (No name found) -- C:\Users\ff0\AppData\Roaming\mozilla\firefox\profiles\pht6t3i2.default\extensions\torntv2@torntv.com.xpi
[2013.05.20 14:22:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\Extensions
[2013.05.14 18:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.14 18:17:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013.05.03 16:29:12 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1574366264-1366440450-3420834865-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-1574366264-1366440450-3420834865-1000..\Run: [Clownfish]  File not found
O4 - HKU\S-1-5-21-1574366264-1366440450-3420834865-1000..\Run: [uTorrent] C:\Users\ff0\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-21-1574366264-1366440450-3420834865-1000..\Run: [VSA] C:\Users\ff0\AppData\Roaming\Microsoft\VSA\9.0\VSA.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1574366264-1366440450-3420834865-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1574366264-1366440450-3420834865-1001..\Run: [THPanel] C:\Program Files (x86)\Thunder Master\THPanel.exe (Palit Microsystems Ltd.)
O4:64bit: - HKLM..\RunOnce: [RPMKickstart] C:\Programme\GIGABYTE\SmartRecovery2_x64\RPMKickstart.exe (Gigabyte Technology CO., LTD.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1574366264-1366440450-3420834865-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://I:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://I:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://I:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://I:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1574366264-1366440450-3420834865-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1574366264-1366440450-3420834865-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1574366264-1366440450-3420834865-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1574366264-1366440450-3420834865-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.96.0.cab (Battlefield Play4Free Updater)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41D03D22-A752-4E60-81AC-583A17BA94C0}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.27 13:54:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ff0\Desktop\OTL.exe
[2013.05.26 15:44:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.26 15:44:34 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.26 15:25:29 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Local\NVIDIA
[2013.05.26 15:24:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.05.26 15:22:40 | 000,194,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2013.05.26 15:22:40 | 000,031,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2013.05.25 18:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GTA IV San Andreas
[2013.05.25 18:26:27 | 025,256,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.05.25 18:26:27 | 021,096,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.05.25 18:26:27 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.05.25 18:26:27 | 009,233,688 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.05.25 18:26:27 | 007,682,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.05.25 18:26:27 | 007,641,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.05.25 18:26:27 | 006,324,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.05.25 18:26:27 | 002,942,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.05.25 18:26:27 | 002,754,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.05.25 18:26:27 | 002,597,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.05.25 18:26:27 | 002,363,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.05.25 18:26:27 | 002,002,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.05.25 18:26:27 | 001,832,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6432018.dll
[2013.05.25 18:26:27 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6432018.dll
[2013.05.25 18:26:27 | 000,925,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013.05.25 18:26:27 | 000,550,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2013.05.25 18:26:27 | 000,518,944 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2013.05.25 18:26:27 | 000,443,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2013.05.25 18:26:27 | 000,432,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2013.05.25 18:26:27 | 000,421,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2013.05.25 18:26:27 | 000,370,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2013.05.25 18:26:27 | 000,266,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013.05.25 18:26:27 | 000,218,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2013.05.25 18:26:27 | 000,214,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013.05.25 18:26:27 | 000,181,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2013.05.25 16:08:56 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\Minecraft Version Changer
[2013.05.25 11:08:43 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\.minecraft
[2013.05.24 19:57:50 | 000,000,000 | ---D | C] -- C:\Users\ff0\Desktop\plugins
[2013.05.24 14:13:53 | 000,000,000 | ---D | C] -- C:\Users\ff0\Documents\Gothic3ForsakenGods
[2013.05.24 13:57:40 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoWooD
[2013.05.24 13:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\OUTLAWS
[2013.05.24 00:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013.05.24 00:12:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013.05.24 00:06:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2013.05.23 23:57:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Terraria
[2013.05.23 23:57:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Terraria
[2013.05.23 18:34:55 | 000,000,000 | ---D | C] -- C:\Users\ff0\Documents\gothic3
[2013.05.23 18:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic III
[2013.05.21 12:17:30 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ipswDownloader
[2013.05.21 11:51:41 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\Apple Computer
[2013.05.21 11:51:41 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Local\Apple Computer
[2013.05.21 11:51:39 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2013.05.21 11:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.05.21 11:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.05.21 11:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.05.21 11:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.05.21 11:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.05.21 11:51:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013.05.21 11:51:19 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Local\Apple
[2013.05.21 11:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013.05.21 11:51:11 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013.05.21 11:51:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013.05.21 11:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013.05.21 11:51:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013.05.20 14:25:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pontifex II
[2013.05.20 14:19:04 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
[2013.05.20 14:19:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TornTV.com
[2013.05.20 11:18:59 | 000,000,000 | ---D | C] -- C:\Users\ff0\Documents\RCT3
[2013.05.20 11:18:59 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\Atari
[2013.05.19 16:47:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Halycon Media
[2013.05.19 16:47:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Halycon Media
[2013.05.19 16:31:49 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bridge Building Game
[2013.05.19 16:31:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bridge Building Game
[2013.05.19 15:48:03 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\Leadertech
[2013.05.19 15:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
[2013.05.18 10:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.05.17 14:33:15 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\skyz
[2013.05.16 15:20:40 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.16 15:20:40 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.16 15:20:40 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.05.16 15:20:39 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.16 15:20:39 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.05.16 15:20:39 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.05.16 15:20:39 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.05.16 15:20:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.16 15:20:39 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.05.16 15:20:39 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.05.16 15:20:39 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.05.16 15:20:39 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.05.16 15:20:37 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.16 15:20:37 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.16 15:20:37 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.16 13:59:25 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.16 13:59:25 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.16 13:59:21 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.16 13:59:21 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.16 13:59:21 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.16 13:59:21 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.16 13:59:18 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.15 21:43:48 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\FileZilla
[2013.05.15 21:43:43 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2013.05.15 21:43:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2013.05.15 14:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2013.05.14 18:17:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.13 19:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.05.13 19:03:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2013.05.13 15:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Orbit
[2013.05.13 15:38:04 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Local\Ubisoft Game Launcher
[2013.05.13 15:38:04 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2013.05.13 15:38:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2013.05.12 17:08:54 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\WindSolutions
[2013.05.12 17:08:53 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2013.05.12 15:43:36 | 000,566,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2013.05.12 10:53:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.05.12 10:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2013.05.11 10:36:04 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\Dream Aquarium
[2013.05.10 22:16:36 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\Publish Providers
[2013.05.10 21:57:30 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Local\Sony
[2013.05.10 21:56:50 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\Sony
[2013.05.10 21:06:23 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\Teeworlds
[2013.05.10 15:09:24 | 000,000,000 | ---D | C] -- C:\Users\ff0\Documents\Skype Voice Records
[2013.05.10 15:09:24 | 000,000,000 | ---D | C] -- C:\Users\ff0\Documents\Clownfish Avatars
[2013.05.10 15:08:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Clownfish
[2013.05.10 13:33:14 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Local\mcpatcher
[2013.05.09 19:32:27 | 000,000,000 | ---D | C] -- C:\Users\ff0\.aria2
[2013.05.09 19:02:19 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\EvolutionClips
[2013.05.09 18:18:26 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp
[2013.05.09 18:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SearchNewTab
[2013.05.09 18:08:23 | 000,000,000 | ---D | C] -- C:\ProgramData\coonytiynnueotiosave
[2013.05.09 16:03:13 | 000,000,000 | ---D | C] -- C:\Users\ff0\Documents\Battlefield 3
[2013.05.06 16:28:16 | 000,000,000 | ---D | C] -- C:\Users\ff0\Documents\Benutzerdefinierte Office-Vorlagen
[2013.05.06 14:38:16 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Local\Microsoft Help
[2013.05.06 14:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013.05.05 06:56:46 | 000,000,000 | ---D | C] -- C:\Users\ff0\Documents\Rockstar Games
[2013.05.05 06:54:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2013.05.05 06:52:13 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Local\Rockstar Games
[2013.05.05 06:48:27 | 000,000,000 | RH-D | C] -- C:\Users\ff0\AppData\Roaming\SecuROM
[2013.05.04 12:32:31 | 000,000,000 | ---D | C] -- C:\AMD
[2013.05.04 10:12:42 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Local\AMD
[2013.05.04 10:12:41 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\ATI
[2013.05.04 10:12:41 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Local\ATI
[2013.05.04 10:12:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2013.05.03 17:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2013.05.03 06:43:09 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Local\Programs
[2013.04.30 06:41:57 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Local\GameSpy
[2013.04.30 06:41:55 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Local\ApplicationHistory
[2013.04.30 05:55:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2013.04.30 05:53:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2013.04.29 14:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.04.29 14:20:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.04.29 14:20:16 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Local\Google
[2013.04.27 20:52:34 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Local\LogMeIn Hamachi
[2013.04.27 16:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2013.04.27 16:09:06 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013.04.27 16:09:04 | 000,000,000 | ---D | C] -- C:\Users\ff0\AppData\Roaming\DAEMON Tools Lite
[2013.04.27 16:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.27 13:54:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ff0\Desktop\OTL.exe
[2013.05.27 13:52:14 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2013.05.27 13:52:14 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.27 13:52:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.27 13:52:06 | 2132,709,375 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.26 18:31:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.26 15:58:21 | 000,021,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.26 15:58:21 | 000,021,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.26 15:56:21 | 001,643,622 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.26 15:56:21 | 000,707,706 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.26 15:56:21 | 000,661,302 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.26 15:56:21 | 000,153,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.26 15:56:21 | 000,125,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.26 15:38:36 | 000,000,168 | ---- | M] () -- C:\Users\ff0\defogger_reenable
[2013.05.26 15:25:14 | 000,001,351 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013.05.25 18:58:41 | 000,000,505 | ---- | M] () -- C:\Users\Public\Desktop\GTA IV San Andreas.lnk
[2013.05.25 12:26:21 | 000,003,402 | ---- | M] () -- C:\Users\ff0\Desktop\launcher.bat
[2013.05.24 19:42:28 | 000,001,001 | ---- | M] () -- C:\Users\ff0\AppData\Local\RT3070_{41D03D22-A752-4E60-81AC-583A17BA94C0}_wsc
[2013.05.24 17:11:57 | 000,000,854 | ---- | M] () -- C:\Users\ff0\AppData\Local\RT3070_{41D03D22-A752-4E60-81AC-583A17BA94C0}_prof
[2013.05.24 17:11:56 | 000,000,880 | ---- | M] () -- C:\Users\ff0\AppData\Local\RT3070_{41D03D22-A752-4E60-81AC-583A17BA94C0}_sta
[2013.05.24 13:57:40 | 000,000,666 | ---- | M] () -- C:\Users\ff0\Desktop\Gothic III - Götterdämmerung.lnk
[2013.05.24 00:12:04 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2013.05.24 00:08:10 | 001,620,580 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.05.23 23:57:49 | 000,000,794 | ---- | M] () -- C:\Users\ff0\Desktop\Terraria.lnk
[2013.05.23 18:32:34 | 000,000,814 | ---- | M] () -- C:\Users\Public\Desktop\Gothic III.lnk
[2013.05.21 11:51:40 | 000,001,573 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.05.20 15:32:07 | 000,000,720 | ---- | M] () -- C:\Users\ff0\Desktop\FaceWorks Real-time Performance Capture.lnk
[2013.05.20 10:42:27 | 005,053,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.19 16:47:50 | 000,001,258 | ---- | M] () -- C:\Users\ff0\Desktop\Bridge Builder 2 Demo.lnk
[2013.05.19 15:47:04 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk
[2013.05.19 15:17:03 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.19 15:17:03 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.18 10:48:41 | 000,138,790 | ---- | M] () -- C:\Users\ff0\Documents\cc_20130518_104837.reg
[2013.05.18 10:46:36 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.05.17 19:59:40 | 000,000,997 | ---- | M] () -- C:\Users\ff0\Desktop\Crysis 3.lnk
[2013.05.15 18:25:46 | 000,001,590 | ---- | M] () -- C:\Users\ff0\Desktop\Crysis 2.lnk
[2013.05.15 14:11:29 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.05.15 14:11:25 | 000,669,184 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2013.05.15 14:11:25 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.05.15 14:11:01 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\Crysis.lnk
[2013.05.14 18:17:22 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.05.13 19:04:18 | 000,001,563 | ---- | M] () -- C:\Users\ff0\Desktop\Farcry 3.lnk
[2013.05.12 23:42:27 | 027,775,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.05.12 23:42:27 | 025,256,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.05.12 23:42:27 | 021,096,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.05.12 23:42:27 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.05.12 23:42:27 | 015,910,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013.05.12 23:42:27 | 015,143,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.05.12 23:42:27 | 013,403,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.05.12 23:42:27 | 012,426,216 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.05.12 23:42:27 | 009,233,688 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.05.12 23:42:27 | 007,682,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.05.12 23:42:27 | 007,641,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.05.12 23:42:27 | 006,324,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.05.12 23:42:27 | 002,942,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.05.12 23:42:27 | 002,935,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013.05.12 23:42:27 | 002,754,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.05.12 23:42:27 | 002,597,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.05.12 23:42:27 | 002,363,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.05.12 23:42:27 | 002,002,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.05.12 23:42:27 | 001,832,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6432018.dll
[2013.05.12 23:42:27 | 001,511,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6432018.dll
[2013.05.12 23:42:27 | 001,059,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2013.05.12 23:42:27 | 000,925,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013.05.12 23:42:27 | 000,550,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2013.05.12 23:42:27 | 000,518,944 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2013.05.12 23:42:27 | 000,443,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2013.05.12 23:42:27 | 000,432,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2013.05.12 23:42:27 | 000,421,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2013.05.12 23:42:27 | 000,370,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2013.05.12 23:42:27 | 000,266,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013.05.12 23:42:27 | 000,218,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2013.05.12 23:42:27 | 000,214,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013.05.12 23:42:27 | 000,181,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2013.05.12 23:42:27 | 000,061,216 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013.05.12 23:42:27 | 000,053,024 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013.05.12 23:42:27 | 000,020,536 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013.05.12 22:34:14 | 006,491,936 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2013.05.12 22:34:14 | 003,514,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2013.05.12 22:34:12 | 002,555,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2013.05.12 22:34:12 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2013.05.12 22:34:11 | 000,237,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2013.05.12 15:43:36 | 000,566,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2013.05.12 11:08:14 | 000,017,408 | ---- | M] () -- C:\Users\ff0\AppData\Local\WebpageIcons.db
[2013.05.11 08:59:39 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2013.05.10 22:36:18 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\etdrv.sys
[2013.05.10 22:31:53 | 000,007,602 | ---- | M] () -- C:\Users\ff0\AppData\Local\resmon.resmoncfg
[2013.05.10 21:59:05 | 000,002,608 | ---- | M] () -- C:\Users\ff0\Documents\Vegas Pro registrieren.htm
[2013.05.10 06:23:03 | 000,000,986 | ---- | M] () -- C:\Users\ff0\Desktop\Battlefield 3.lnk
[2013.05.08 16:13:10 | 003,165,737 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2013.05.05 06:47:06 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk
[2013.05.03 15:13:21 | 001,329,671 | ---- | M] () -- C:\Users\ff0\Desktop\minecraft.exe
[2013.05.03 06:45:05 | 000,001,801 | ---- | M] () -- C:\Users\ff0\AppData\Roaming\System Monitor II_CPU0_Settings.ini
[2013.05.03 06:24:32 | 000,000,576 | ---- | M] () -- C:\Users\ff0\AppData\Roaming\All CPU MeterV3_Settings.ini
[2013.05.02 16:56:51 | 000,001,099 | ---- | M] () -- C:\Users\ff0\Desktop\Slender - The Eight Pages.lnk
[2013.04.30 06:41:55 | 000,000,091 | ---- | M] () -- C:\Users\ff0\AppData\Local\fusioncache.dat
[2013.04.27 23:26:32 | 000,001,456 | ---- | M] () -- C:\Users\ff0\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2013.04.27 16:14:09 | 000,001,715 | ---- | M] () -- C:\Users\ff0\Desktop\Photoshop.lnk
[2013.04.27 16:09:36 | 000,000,858 | ---- | M] () -- C:\Users\Public\Desktop\Deamon Tools.lnk
[2013.04.27 16:09:06 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.26 15:38:36 | 000,000,168 | ---- | C] () -- C:\Users\ff0\defogger_reenable
[2013.05.26 15:25:14 | 000,001,351 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013.05.25 18:58:41 | 000,000,505 | ---- | C] () -- C:\Users\Public\Desktop\GTA IV San Andreas.lnk
[2013.05.25 12:26:21 | 000,003,402 | ---- | C] () -- C:\Users\ff0\Desktop\launcher.bat
[2013.05.24 16:59:07 | 000,001,001 | ---- | C] () -- C:\Users\ff0\AppData\Local\RT3070_{41D03D22-A752-4E60-81AC-583A17BA94C0}_wsc
[2013.05.24 13:57:40 | 000,000,666 | ---- | C] () -- C:\Users\ff0\Desktop\Gothic III - Götterdämmerung.lnk
[2013.05.23 23:57:49 | 000,000,794 | ---- | C] () -- C:\Users\ff0\Desktop\Terraria.lnk
[2013.05.23 18:32:34 | 000,000,814 | ---- | C] () -- C:\Users\Public\Desktop\Gothic III.lnk
[2013.05.21 11:51:40 | 000,001,573 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.05.21 11:51:19 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013.05.20 15:32:07 | 000,000,720 | ---- | C] () -- C:\Users\ff0\Desktop\FaceWorks Real-time Performance Capture.lnk
[2013.05.20 10:42:21 | 005,053,960 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.19 16:47:50 | 000,001,258 | ---- | C] () -- C:\Users\ff0\Desktop\Bridge Builder 2 Demo.lnk
[2013.05.19 15:47:04 | 000,000,881 | ---- | C] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk
[2013.05.18 10:48:39 | 000,138,790 | ---- | C] () -- C:\Users\ff0\Documents\cc_20130518_104837.reg
[2013.05.18 10:46:36 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.05.17 19:59:44 | 000,000,997 | ---- | C] () -- C:\Users\ff0\Desktop\Crysis 3.lnk
[2013.05.15 18:25:48 | 000,001,590 | ---- | C] () -- C:\Users\ff0\Desktop\Crysis 2.lnk
[2013.05.15 14:11:25 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013.05.15 14:11:25 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.05.15 14:11:25 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.05.15 14:11:01 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\Crysis.lnk
[2013.05.14 18:17:22 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.05.14 18:17:22 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.05.13 19:04:22 | 000,001,563 | ---- | C] () -- C:\Users\ff0\Desktop\Farcry 3.lnk
[2013.05.13 19:03:40 | 000,002,555 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
[2013.05.12 11:08:14 | 000,017,408 | ---- | C] () -- C:\Users\ff0\AppData\Local\WebpageIcons.db
[2013.05.10 21:59:05 | 000,002,608 | ---- | C] () -- C:\Users\ff0\Documents\Vegas Pro registrieren.htm
[2013.05.10 06:23:04 | 000,000,986 | ---- | C] () -- C:\Users\ff0\Desktop\Battlefield 3.lnk
[2013.05.05 06:47:06 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk
[2013.05.03 15:13:02 | 001,329,671 | ---- | C] () -- C:\Users\ff0\Desktop\minecraft.exe
[2013.05.03 06:44:04 | 000,001,801 | ---- | C] () -- C:\Users\ff0\AppData\Roaming\System Monitor II_CPU0_Settings.ini
[2013.05.02 16:56:53 | 000,001,099 | ---- | C] () -- C:\Users\ff0\Desktop\Slender - The Eight Pages.lnk
[2013.04.30 18:08:49 | 000,000,576 | ---- | C] () -- C:\Users\ff0\AppData\Roaming\All CPU MeterV3_Settings.ini
[2013.04.30 06:41:55 | 000,000,091 | ---- | C] () -- C:\Users\ff0\AppData\Local\fusioncache.dat
[2013.04.29 14:20:18 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.29 14:20:18 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.27 23:26:32 | 000,001,456 | ---- | C] () -- C:\Users\ff0\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2013.04.27 16:14:09 | 000,001,715 | ---- | C] () -- C:\Users\ff0\Desktop\Photoshop.lnk
[2013.04.27 16:09:36 | 000,000,858 | ---- | C] () -- C:\Users\Public\Desktop\Deamon Tools.lnk
[2013.04.27 15:00:34 | 000,001,534 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
[2013.04.25 15:20:14 | 000,000,132 | ---- | C] () -- C:\Users\ff0\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
[2013.04.24 16:26:26 | 000,004,608 | ---- | C] () -- C:\Users\ff0\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.04.15 00:16:28 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2013.04.12 20:52:50 | 000,007,602 | ---- | C] () -- C:\Users\ff0\AppData\Local\resmon.resmoncfg
[2013.04.12 18:56:47 | 001,620,580 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.04.12 18:36:16 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2013.04.12 18:29:00 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2013.04.12 18:16:03 | 000,139,264 | R--- | C] () -- C:\Windows\Vmix108.dll
[2013.04.12 18:15:53 | 000,000,213 | ---- | C] () -- C:\Windows\Cm108.ini.cfl
[2013.04.12 18:11:18 | 000,002,029 | R--- | C] () -- C:\Windows\Cm108.ini.cfg
[2013.04.12 18:11:18 | 000,000,081 | ---- | C] () -- C:\Windows\Cm108.ini.imi
[2013.04.12 18:01:48 | 000,000,880 | ---- | C] () -- C:\Users\ff0\AppData\Local\RT3070_{41D03D22-A752-4E60-81AC-583A17BA94C0}_sta
[2013.04.12 18:01:45 | 000,000,854 | ---- | C] () -- C:\Users\ff0\AppData\Local\RT3070_{41D03D22-A752-4E60-81AC-583A17BA94C0}_prof
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

--- --- ---
");
//-->
</script>

cosinus · 27.05.2013, 15:58

Zitat:

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)

Warum hast du eine Ultimate-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?

Iceinsky69 · 27.05.2013, 16:01

Das ist aus dem Internet und als ich denn PC bekommen habe wurde mir das auf den PC draufgemacht. Der PC ist ein "Eigenbau".

cosinus · 27.05.2013, 16:12

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Rootkitscan mit GMER

Bitte lade dir

GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

Probiere alternativ den abgesicherten Modus.
Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Iceinsky69 · 27.05.2013, 16:46

Code:

ATTFilter

<script type="text/javascript">
<!--
    alert("Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.05.27.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
ff0 :: FLORIAN-PC [administrator]

27.05.2013 18:35:36
mbar-log-2013-05-27 (18-35-36).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 264197
Time elapsed: 3 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Users\ff0\AppData\Roaming\Microsoft\svhost.exe (Backdoor.Agent) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)
");
//-->
</script>

Aber es ist immer noch da beim Start.

Ich habe das jetzt 3 mal gemacht .

v

Code:

ATTFilter

<script type="text/javascript">
<!--
    alert("GMER Logfile:

	Code: 

 ATTFilter

  
	GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-27 18:58:42
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 KINGSTON_SH103S3120G rev.506ABBF0 111,79GB
Running: gmer_2.1.19163(1).exe; Driver: C:\Users\ff0\AppData\Local\Temp\pwdiyfob.sys


---- User code sections - GMER 2.1 ----

.text   C:\Windows\SysWOW64\PnkBstrA.exe[1272] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322  0000000072871a22 2 bytes [87, 72]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1272] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496  0000000072871ad0 2 bytes [87, 72]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1272] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552  0000000072871b08 2 bytes [87, 72]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1272] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730  0000000072871bba 2 bytes [87, 72]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1272] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762  0000000072871bda 2 bytes [87, 72]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\svchost.exe [2800:3292]                                              000007fef5439688

---- EOF - GMER 2.1 ----
         
 --- --- ---
");
//-->
</script>

cosinus · 27.05.2013, 20:33

Code:

ATTFilter

<script type="text/javascript">
<!--
    alert

Warum bitte postest du in jedem Log so etwas?

Iceinsky69 · 28.05.2013, 13:00

Das kommt immer wenn ich poste .Ist das schlimm?

cosinus · 28.05.2013, 13:27

Ja warum denn? Poste bitte einfach nur die Logs

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

26.05.2013, 19:54	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	svhost.exe fordert mehr cpu als Crysis 3 auf Ultra (Beim Start) Antworte einfach wenn du Zeit dazu hast. Ich sehe ja deine Antworten und werde das Abo auch nicht löschen. Lass dir aber bitte nicht allzuviel Zeit, sonst wird eine Analyse ziemlich sinnfrei (also nicht erst alle 4 Wochen posten oder so ) __________________ --> svhost.exe fordert mehr cpu als Crysis 3 auf Ultra (Beim Start)

27.05.2013, 20:33	#13
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	svhost.exe fordert mehr cpu als Crysis 3 auf Ultra (Beim Start) Code: ATTFilter <script type="text/javascript"> <!-- alert Warum bitte postest du in jedem Log so etwas? __________________ Logfiles bitte immer in CODE-Tags posten

svhost.exe fordert mehr cpu als Crysis 3 auf Ultra (Beim Start)

Log-Analyse und Auswertung: svhost.exe fordert mehr cpu als Crysis 3 auf Ultra (Beim Start)