Sorry , aber kommt noch was ?

hi
deinstaliere:
Blobby
ESN
Google Toolbar
Java : alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
LOST PLANET
McAfee
TrackMania
Winamp Toolbar : verzichte bitte auf Tollbars, sie sind nur ein unnötiges Zusatzrisiko

Öffne CCleaner, analysieren, starten PC neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

AdwCleaner v2.300 - Datei am 12/05/2013 um 02:02:43 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Rohr - ROHR-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Rohr\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Rohr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk
Datei Gelöscht : C:\Users\Rohr\AppData\Roaming\Mozilla\Firefox\Profiles\xtanz4ff.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Rohr\AppData\Roaming\Mozilla\Firefox\Profiles\xtanz4ff.default\searchplugins\BrowserProtect.xml
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Software Update Utility
Ordner Gelöscht : C:\Program Files (x86)\GinyasBrowserCompanion
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\IBUpdaterService
Ordner Gelöscht : C:\Users\Rohr\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf
Ordner Gelöscht : C:\Users\Rohr\AppData\LocalLow\bbrs_002.tb
Ordner Gelöscht : C:\Users\Rohr\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Rohr\AppData\Roaming\GinyasBrowserCompanion
Ordner Gelöscht : C:\Users\Rohr\AppData\Roaming\Mozilla\Firefox\Profiles\xtanz4ff.default\extensions\ffxtlbr@babylon.com
Ordner Gelöscht : C:\Users\Rohr\AppData\Roaming\PerformerSoft

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Blabbers
Schlüssel Gelöscht : HKCU\Software\BrowserCompanion
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\GinyasBrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\853dfdab36de514
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GinyasBrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.holasearch.com/?affID=121962&tt=gc_&babsrc=HP_ss&mntrId=CE1390F652BE8D6D --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\Rohr\AppData\Roaming\Mozilla\Firefox\Profiles\xtanz4ff.default\prefs.js

C:\Users\Rohr\AppData\Roaming\Mozilla\Firefox\Profiles\xtanz4ff.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.holasearch.com/?affID=121962&tt=gc_&babsrc=HP_ss&m[...]

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\Rohr\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.50] : icon_url = "hxxp://www.holasearch.com/favicon.ico",
Gelöscht [l.53] : keyword = "holasearch.com",
Gelöscht [l.57] : search_url = "hxxp://www.holasearch.com/?q={searchTerms}&affID=121962&tt=gc_&babsrc=SP_ss&mnt[...]
Gelöscht [l.1118] : homepage = "hxxp://www.holasearch.com/?affID=121962&tt=gc_&babsrc=HP_ss&mntrId=CE1390F652BE8D6D"[...]
Gelöscht [l.2221] : urls_to_restore_on_startup = [ "hxxp://www.holasearch.com/?affID=121962&tt=gc_&babsrc=HP_ss&m[...]

*************************

AdwCleaner[S1].txt - [8629 octets] - [12/05/2013 02:02:43]

########## EOF - C:\AdwCleaner[S1].txt - [8689 octets] ##########

Hi,
HitmanPro - Download - Filepony
Hitmanpro laden, doppelklicken,
Auf scan.
Nichts löschen, auf weiter, Log als XML speichern und posten, bzw packen und anhängen

Code: Alles auswählenAufklappen

ATTFilter

HitmanPro 3.7.3.194
www.hitmanpro.com

   Computer name . . . . : ROHR-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Rohr-PC\Rohr
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-05-13 20:49:13
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 2s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 2
   Traces  . . . . . . . : 34

   Objects scanned . . . : 1.149.747
   Files scanned . . . . : 22.513
   Remnants scanned  . . : 311.001 files / 816.233 keys

Malware _____________________________________________________________________

   C:\Users\Rohr\Desktop\Spiele\MW2 MP FoV Changer.exe
      Size . . . . . . . : 83.456 bytes
      Age  . . . . . . . : 191.0 days (2012-11-03 21:23:12)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : AE8081CD9F3B7738BA9B4CED8FB7C96094BDC6CAC98BD25DD263532E14D02847
      Needs elevation  . : Yes
      Product  . . . . . : MW2_mp_fov
      Description  . . . : MW2_mp_fov
      Version  . . . . . : 1.0.0.0
      Copyright  . . . . : Copyright ©  2012
    > Ikarus . . . . . . : Trojan-Dropper!IK
      Fuzzy  . . . . . . : 101.0

   C:\Users\Rohr\Desktop\Spiele\Neuer Ordner\Self-Activator_Gamekeys_biz\Self-Activator_Gamekeys_biz\START_INTERFACE.exe
      Size . . . . . . . : 1.887.744 bytes
      Age  . . . . . . . : 106.9 days (2013-01-27 00:16:48)
      Entropy  . . . . . : 6.8
      SHA-256  . . . . . : 0A121328638C61084C531838F4D64A00504219F6ABD3E6207673FEED2D2F3C0C
      Publisher  . . . . : Gamekeys.biz
      Description  . . . : Self-Activator
      Version  . . . . . : 1.0.0.0
      Copyright  . . . . : Adam Pox
    > G Data . . . . . . : Trojan.Generic.8429085 (Engine A)
    > Ikarus . . . . . . : Trojan-Dropper.Delf!IK
      Fuzzy  . . . . . . : 100.0


Suspicious files ____________________________________________________________

   C:\Users\Rohr\AppData\Local\PunkBuster\APB\pb\pbcl.dll
      Size . . . . . . . : 953.905 bytes
      Age  . . . . . . . : 260.0 days (2012-08-26 19:51:10)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 9A5BDD44D0817FE21A154412B5989E157455BC24ADBCB238376F73FCEFB14696
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Rohr\AppData\Local\PunkBuster\APB\pb\PnkBstrK.sys
      Size . . . . . . . : 138.992 bytes
      Age  . . . . . . . : 260.0 days (2012-08-26 19:51:24)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : 17E604316606C999C87C896508B3525E4897DFA1522FEE01B86524F46B3D9B3D
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Rohr\AppData\Local\PunkBuster\BF3\pb\dll\wc002317.dll
      Size . . . . . . . : 949.613 bytes
      Age  . . . . . . . : 72.9 days (2013-03-01 23:22:47)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 15059F09B1D62DEA6B5D22EF9E0D062411C167378D870AE339AAB50B0BDC7FC0
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Rohr\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
      Size . . . . . . . : 949.613 bytes
      Age  . . . . . . . : 72.9 days (2013-03-01 23:22:47)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 15059F09B1D62DEA6B5D22EF9E0D062411C167378D870AE339AAB50B0BDC7FC0
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Rohr\AppData\Local\PunkBuster\BF3\pb\pbclold.dll
      Size . . . . . . . : 959.376 bytes
      Age  . . . . . . . : 75.1 days (2013-02-27 17:34:13)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : A85592ACDCFDA7C0293504A5F5279C2654ACC0E6D2398ED8958F6E03F05DCEB5
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Rohr\AppData\Local\PunkBuster\BF3\pb\pbcls.dll
      Size . . . . . . . : 959.376 bytes
      Age  . . . . . . . : 75.1 days (2013-02-27 17:51:57)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : A85592ACDCFDA7C0293504A5F5279C2654ACC0E6D2398ED8958F6E03F05DCEB5
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Rohr\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys
      Size . . . . . . . : 137.992 bytes
      Age  . . . . . . . : 75.1 days (2013-02-27 17:34:44)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 21A3D2E3A063EA2F986EF1BAFD1A71F7FC9EDB3F69E0265E51A18DBC111084F1
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Rohr\AppData\Local\PunkBuster\BFP4F\pb\dll\wc002304.dll
      Size . . . . . . . : 954.496 bytes
      Age  . . . . . . . : 269.4 days (2012-08-17 11:53:19)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : EEBDAC091729B0B80A21E14B2CE0392E4584205BA06F5ED1B846C51D034A2177
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Rohr\AppData\Local\PunkBuster\BFP4F\pb\pbcl.dll
      Size . . . . . . . : 954.496 bytes
      Age  . . . . . . . : 269.4 days (2012-08-17 11:53:19)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : EEBDAC091729B0B80A21E14B2CE0392E4584205BA06F5ED1B846C51D034A2177
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Rohr\AppData\Local\PunkBuster\BFP4F\pb\pbclold.dll
      Size . . . . . . . : 915.149 bytes
      Age  . . . . . . . : 269.4 days (2012-08-17 11:48:20)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : E189EF452F559BFAC0C0A91EFADC78EAA569B915985A213F99666BE56FC86165
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Rohr\AppData\Local\PunkBuster\BFP4F\pb\PnkBstrK.sys
      Size . . . . . . . : 139.424 bytes
      Age  . . . . . . . : 269.4 days (2012-08-17 11:49:33)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 2A97BC40220EE7B5383991EDB238A70B2D6A7881E54E465999E2EADD6A396029
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Rohr\AppData\Local\PunkBuster\BLR\pb\dll\wc002293.dll
      Size . . . . . . . : 949.190 bytes
      Age  . . . . . . . : 272.0 days (2012-08-14 20:34:06)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : DAF43E93528BEEECC015FA98D6EE6D6FD6D19A049321E47A65665144E4511F41
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Rohr\AppData\Local\PunkBuster\BLR\pb\pbcl.dll
      Size . . . . . . . : 949.190 bytes
      Age  . . . . . . . : 214.9 days (2012-10-10 22:32:47)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : DAF43E93528BEEECC015FA98D6EE6D6FD6D19A049321E47A65665144E4511F41
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Rohr\AppData\Local\PunkBuster\BLR\pb\pbclold.dll
      Size . . . . . . . : 949.190 bytes
      Age  . . . . . . . : 272.0 days (2012-08-14 20:13:14)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : DAF43E93528BEEECC015FA98D6EE6D6FD6D19A049321E47A65665144E4511F41
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Rohr\AppData\Local\PunkBuster\BLR\pb\PnkBstrK.sys
      Size . . . . . . . : 140.360 bytes
      Age  . . . . . . . : 272.0 days (2012-08-14 20:13:31)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 0F41B3843E2D2D1BB1ACF8B7CAA293309CC1CF8CF478B1AC86DD6BB214928DC4
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Rohr\AppData\Local\PunkBuster\BR\pb\pbcl.dll
      Size . . . . . . . : 951.922 bytes
      Age  . . . . . . . : 277.9 days (2012-08-08 22:57:29)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 556FB516EF1C1A23F6C976C7624709744E53FCB1E6521CA6ABBDE9969C40F532
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Rohr\AppData\Local\PunkBuster\BR\pb\pbcls.dll
      Size . . . . . . . : 951.922 bytes
      Age  . . . . . . . : 277.9 days (2012-08-08 22:57:29)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 556FB516EF1C1A23F6C976C7624709744E53FCB1E6521CA6ABBDE9969C40F532
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Rohr\AppData\Local\PunkBuster\BR\pb\PnkBstrK.sys
      Size . . . . . . . : 140.072 bytes
      Age  . . . . . . . : 277.1 days (2012-08-09 17:56:29)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : E4F5F27A3E0EFCC2701C2F9BAB3BDCDD01CA7D3580B0A344A453EEC7CA33505A
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\dll\wc002323.dll
      Size . . . . . . . : 956.648 bytes
      Age  . . . . . . . : 22.1 days (2013-04-21 18:00:06)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : E88505208F2EA9F150F451C73EEFE57D54A7F50E9D24CB9E647D95A1E826A052
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.
      Forensic Cluster
         -0.2s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\htm\wc002323.htm
          0.0s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\dll\wc002323.dll
          0.0s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\pbcl.dll
         11.5s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\PnkBstrA.exe

   C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\pbcl.dll
      Size . . . . . . . : 956.648 bytes
      Age  . . . . . . . : 22.1 days (2013-04-21 18:00:06)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : E88505208F2EA9F150F451C73EEFE57D54A7F50E9D24CB9E647D95A1E826A052
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.
      Forensic Cluster
         -0.2s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\htm\wc002323.htm
         -0.0s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\dll\wc002323.dll
          0.0s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\pbcl.dll
         11.5s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\PnkBstrA.exe

   C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\pbclold.dll
      Size . . . . . . . : 947.283 bytes
      Age  . . . . . . . : 22.1 days (2013-04-21 17:47:52)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 26898E20DB3E20E2986684F1726D3421B0EA9D381F4BD56D6370AAE63973F5B8
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
      Forensic Cluster
         -3.1s C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\mugshot.png
         -0.2s C:\Program Files (x86)\EA Games\Battlefield Heroes\pbcl.log
         -0.1s C:\Program Files (x86)\EA Games\Battlefield Heroes\pb\pbcl.db
         -0.1s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\
         -0.1s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\
         -0.1s C:\Program Files (x86)\EA Games\Battlefield Heroes\pb\pbcl.log
         -0.0s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\pbclgame.cfg
         -0.0s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\pbcl.db
          0.0s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\pbclold.dll
          0.0s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\pbag.dll
          0.0s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\scrnshot\
          0.0s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\dll\
          0.0s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\htm\
          0.0s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\pbcl.log
          0.7s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\PnkBstrB.exe
          1.1s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbase.cfx
          1.2s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbaselightmap.cfx
          1.2s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbasedetail.cfx
          1.2s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbasedetaillightmap.cfx
          1.3s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbaseshadow.cfx
          1.3s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbaselightmapshadow.cfx
          1.3s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbasedetailshadow.cfx
          1.4s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbasedetaillightmapshadow.cfx
          1.4s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbasepointlight.cfx
          1.4s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbasedetailpointlight.cfx
          1.4s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbasealphatest.cfx
          1.5s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbasealphatestlightmap.cfx
          1.5s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbasedetailalphatest.cfx
          1.5s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbasedetailalphatestlightmap.cfx
          1.6s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbasealphatestshadow.cfx
          1.6s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbasealphatestlightmapshadow.cfx
          1.6s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbasedetailalphatestshadow.cfx
          1.7s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbasedetailalphatestlightmapshadow.cfx
          1.7s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbasealphatestpointlight.cfx
          1.7s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbasedetailalphatestpointlight.cfx
          1.7s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderleafpointlight.cfx
          1.7s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashadertrunkstmdetailshadowed.cfx
          1.8s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashadertrunkstmbaseshadowed.cfx
          1.8s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderleafshadowed.cfx
          1.8s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderleafpointlightshadowed.cfx
          1.8s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashadertrunkstmdetail.cfx
          1.8s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashadertrunkstmbase.cfx
          1.8s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderleafdir.cfx
          1.8s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderspriteleaf.cfx
          1.9s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderroad.cfx
          1.9s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderroaddetailnoblend.cfx
          1.9s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderroaddetail.cfx
          1.9s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderwater.cfx
          1.9s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmnothing.cfx
          2.0s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasuvanimation.cfx
          2.0s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasgimap.cfx
          2.0s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmusehemimap.cfx
          2.0s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasuvanimationusehemimap.cfx
          2.1s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasgimapusehemimap.cfx
          2.1s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmnothinghasrimeffect.cfx
          2.1s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasuvanimationhasrimeffect.cfx
          2.2s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasgimaphasrimeffect.cfx
          2.2s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmusehemimaphasrimeffect.cfx
          2.2s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasuvanimationusehemimaphasrimeffect.cfx
          2.2s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasgimapusehemimaphasrimeffect.cfx
          2.3s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmnothingpointlighthasrimeffect.cfx
          2.3s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasuvanimationpointlighthasrimeffect.cfx
          2.3s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasgimappointlighthasrimeffect.cfx
          2.3s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmusehemimappointlighthasrimeffect.cfx
          2.4s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasuvanimationusehemimappointlighthasrimeffect.cfx
          2.4s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasgimapusehemimappointlighthasrimeffect.cfx
          2.4s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmnothinghasrimeffectlow.cfx
          2.4s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasuvanimationhasrimeffectlow.cfx
          2.5s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasgimaphasrimeffectlow.cfx
          2.5s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmusehemimaphasrimeffectlow.cfx
          2.5s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasuvanimationusehemimaphasrimeffectlow.cfx
          2.6s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasgimapusehemimaphasrimeffectlow.cfx
          2.6s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmnothingpointlighthasrimeffectlow.cfx
          2.6s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasuvanimationpointlighthasrimeffectlow.cfx
          2.6s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasgimappointlighthasrimeffectlow.cfx
          2.7s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmusehemimappointlighthasrimeffectlow.cfx
          2.7s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasuvanimationusehemimappointlighthasrimeffectlow.cfx
          2.7s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasgimapusehemimappointlighthasrimeffectlow.cfx
          2.7s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmnothinghasrimeffectsuperlow.cfx
          2.8s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasuvanimationhasrimeffectsuperlow.cfx
          2.8s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasgimaphasrimeffectsuperlow.cfx
          2.8s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmusehemimaphasrimeffectsuperlow.cfx
          2.8s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasuvanimationusehemimaphasrimeffectsuperlow.cfx
          2.8s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasgimapusehemimaphasrimeffectsuperlow.cfx
          2.9s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmnothingpointlighthasrimeffectsuperlow.cfx
          2.9s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasuvanimationpointlighthasrimeffectsuperlow.cfx
          2.9s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasgimappointlighthasrimeffectsuperlow.cfx
          2.9s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmusehemimappointlighthasrimeffectsuperlow.cfx
          3.0s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasuvanimationusehemimappointlighthasrimeffectsuperlow.cfx
          3.0s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasgimapusehemimappointlighthasrimeffectsuperlow.cfx
          3.0s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmzonly.cfx
         13.1s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderwater2d.cfx
         13.1s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderwaterdistant2d.cfx
         13.1s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderwatersurrounding2d.cfx
         13.4s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderwaterhighend3d.cfx
         13.5s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderwaterdistant3d.cfx
         13.5s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderwatersurrounding3d.cfx

   C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\PnkBstrK.sys
      Size . . . . . . . : 139.648 bytes
      Age  . . . . . . . : 22.1 days (2013-04-21 17:52:15)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 164A5F0B9153B75F8955C44BFAE12B594B8D53922AE090132695FF2DAD191C8A
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.
      Forensic Cluster
         -37.3s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderleafdirog.cfx
         -37.2s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashadertrunkog.cfx
         -34.8s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\pbns_c.dat
         -23.4s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashadersmactivecamo.cfx
         -2.2s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0797C381B2F87EB5A1D5573BD15BA4F4
         -2.2s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0797C381B2F87EB5A1D5573BD15BA4F4
          0.0s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\PnkBstrK.sys

   C:\Users\Rohr\Desktop\Spiele\Neuer Ordner\Self-Activator_Gamekeys_biz\Self-Activator_Gamekeys_biz\vpn_pl.exe
      Size . . . . . . . : 31.744 bytes
      Age  . . . . . . . : 106.9 days (2013-01-27 00:16:48)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : ADE6CD3F8F8B38B7925F6787B0A7494441D783E7FBCC40ECC78B3EE1AB2E4229
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

   C:\Users\Rohr\Desktop\Spiele\Neuer Ordner\Self-Activator_Gamekeys_biz\Self-Activator_Gamekeys_biz\vpn_ru.exe
      Size . . . . . . . : 31.744 bytes
      Age  . . . . . . . : 106.9 days (2013-01-27 00:16:48)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 94E9AB74C36245BBC9E6C606B0E02A0DFC3EF58FD0BFFA9A786BB3791D820DA1
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.


Potential Unwanted Programs _________________________________________________

   HKU\S-1-5-21-330010271-3606213368-2544051051-1000\Software\Blabbers       \ (Blabbers)
   HKU\S-1-5-21-330010271-3606213368-2544051051-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
   HKU\S-1-5-21-330010271-3606213368-2544051051-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro)

Cookies _____________________________________________________________________

   C:\Users\Rohr\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\Rohr\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
   C:\Users\Rohr\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Rohr\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Users\Rohr\AppData\Roaming\Microsoft\Windows\Cookies\XFD20J5Y.txt
         

hi
sagen dir die ersten Beiden Funde etwas?

Ja , MW2 MP FoV Changer ist dazu da um seine Sicht etwas zu verändern in einem Spiel , kann aber gelöscht werden.
Bei dem zweiten bin ich mir nicht sicher. Es gibt da so ne Seite wo man Spiele günstig kaufen kann .. ( Gamekeys.biz ) Sieht schwer danach aus das es daher kommt.

dann lösche mit Hitmanpro
Potential Unwanted Programs _________________________________________________

HKU\S-1-5-21-330010271-3606213368-2544051051-1000\Software\Blabbers \ (Blabbers)
HKU\S-1-5-21-330010271-3606213368-2544051051-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
HKU\S-1-5-21-330010271-3606213368-2544051051-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro)

und kookies.
danach neustarten, neues otl log

Code: Alles auswählenAufklappen

ATTFilter

HitmanPro 3.7.3.194
www.hitmanpro.com

   Computer name . . . . : ROHR-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Rohr-PC\Rohr
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2013-05-14 14:10:22
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 5m 47s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 29

   Objects scanned . . . : 1.144.820
   Files scanned . . . . : 22.319
   Remnants scanned  . . : 306.150 files / 816.351 keys

Suspicious files ____________________________________________________________

   C:\Users\Rohr\AppData\Local\PunkBuster\APB\pb\pbcl.dll
      Size . . . . . . . : 953.905 bytes
      Age  . . . . . . . : 260.8 days (2012-08-26 19:51:10)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 9A5BDD44D0817FE21A154412B5989E157455BC24ADBCB238376F73FCEFB14696
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Rohr\AppData\Local\PunkBuster\APB\pb\PnkBstrK.sys
      Size . . . . . . . : 138.992 bytes
      Age  . . . . . . . : 260.8 days (2012-08-26 19:51:24)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : 17E604316606C999C87C896508B3525E4897DFA1522FEE01B86524F46B3D9B3D
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Rohr\AppData\Local\PunkBuster\BF3\pb\dll\wc002317.dll
      Size . . . . . . . : 949.613 bytes
      Age  . . . . . . . : 73.6 days (2013-03-01 23:22:47)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 15059F09B1D62DEA6B5D22EF9E0D062411C167378D870AE339AAB50B0BDC7FC0
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Rohr\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
      Size . . . . . . . : 949.613 bytes
      Age  . . . . . . . : 73.6 days (2013-03-01 23:22:47)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 15059F09B1D62DEA6B5D22EF9E0D062411C167378D870AE339AAB50B0BDC7FC0
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Rohr\AppData\Local\PunkBuster\BF3\pb\pbclold.dll
      Size . . . . . . . : 959.376 bytes
      Age  . . . . . . . : 75.9 days (2013-02-27 17:34:13)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : A85592ACDCFDA7C0293504A5F5279C2654ACC0E6D2398ED8958F6E03F05DCEB5
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Rohr\AppData\Local\PunkBuster\BF3\pb\pbcls.dll
      Size . . . . . . . : 959.376 bytes
      Age  . . . . . . . : 75.8 days (2013-02-27 17:51:57)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : A85592ACDCFDA7C0293504A5F5279C2654ACC0E6D2398ED8958F6E03F05DCEB5
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Rohr\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys
      Size . . . . . . . : 137.992 bytes
      Age  . . . . . . . : 75.9 days (2013-02-27 17:34:44)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 21A3D2E3A063EA2F986EF1BAFD1A71F7FC9EDB3F69E0265E51A18DBC111084F1
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Rohr\AppData\Local\PunkBuster\BFP4F\pb\dll\wc002304.dll
      Size . . . . . . . : 954.496 bytes
      Age  . . . . . . . : 270.1 days (2012-08-17 11:53:19)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : EEBDAC091729B0B80A21E14B2CE0392E4584205BA06F5ED1B846C51D034A2177
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Rohr\AppData\Local\PunkBuster\BFP4F\pb\pbcl.dll
      Size . . . . . . . : 954.496 bytes
      Age  . . . . . . . : 270.1 days (2012-08-17 11:53:19)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : EEBDAC091729B0B80A21E14B2CE0392E4584205BA06F5ED1B846C51D034A2177
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Rohr\AppData\Local\PunkBuster\BFP4F\pb\pbclold.dll
      Size . . . . . . . : 915.149 bytes
      Age  . . . . . . . : 270.1 days (2012-08-17 11:48:20)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : E189EF452F559BFAC0C0A91EFADC78EAA569B915985A213F99666BE56FC86165
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Rohr\AppData\Local\PunkBuster\BFP4F\pb\PnkBstrK.sys
      Size . . . . . . . : 139.424 bytes
      Age  . . . . . . . : 270.1 days (2012-08-17 11:49:33)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 2A97BC40220EE7B5383991EDB238A70B2D6A7881E54E465999E2EADD6A396029
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Rohr\AppData\Local\PunkBuster\BLR\pb\dll\wc002293.dll
      Size . . . . . . . : 949.190 bytes
      Age  . . . . . . . : 272.7 days (2012-08-14 20:34:06)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : DAF43E93528BEEECC015FA98D6EE6D6FD6D19A049321E47A65665144E4511F41
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Rohr\AppData\Local\PunkBuster\BLR\pb\pbcl.dll
      Size . . . . . . . : 949.190 bytes
      Age  . . . . . . . : 215.7 days (2012-10-10 22:32:47)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : DAF43E93528BEEECC015FA98D6EE6D6FD6D19A049321E47A65665144E4511F41
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Rohr\AppData\Local\PunkBuster\BLR\pb\pbclold.dll
      Size . . . . . . . : 949.190 bytes
      Age  . . . . . . . : 272.7 days (2012-08-14 20:13:14)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : DAF43E93528BEEECC015FA98D6EE6D6FD6D19A049321E47A65665144E4511F41
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Rohr\AppData\Local\PunkBuster\BLR\pb\PnkBstrK.sys
      Size . . . . . . . : 140.360 bytes
      Age  . . . . . . . : 272.7 days (2012-08-14 20:13:31)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 0F41B3843E2D2D1BB1ACF8B7CAA293309CC1CF8CF478B1AC86DD6BB214928DC4
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Rohr\AppData\Local\PunkBuster\BR\pb\pbcl.dll
      Size . . . . . . . : 951.922 bytes
      Age  . . . . . . . : 278.6 days (2012-08-08 22:57:29)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 556FB516EF1C1A23F6C976C7624709744E53FCB1E6521CA6ABBDE9969C40F532
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Rohr\AppData\Local\PunkBuster\BR\pb\pbcls.dll
      Size . . . . . . . : 951.922 bytes
      Age  . . . . . . . : 278.6 days (2012-08-08 22:57:29)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 556FB516EF1C1A23F6C976C7624709744E53FCB1E6521CA6ABBDE9969C40F532
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Rohr\AppData\Local\PunkBuster\BR\pb\PnkBstrK.sys
      Size . . . . . . . : 140.072 bytes
      Age  . . . . . . . : 277.8 days (2012-08-09 17:56:29)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : E4F5F27A3E0EFCC2701C2F9BAB3BDCDD01CA7D3580B0A344A453EEC7CA33505A
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\dll\wc002323.dll
      Size . . . . . . . : 956.648 bytes
      Age  . . . . . . . : 22.8 days (2013-04-21 18:00:06)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : E88505208F2EA9F150F451C73EEFE57D54A7F50E9D24CB9E647D95A1E826A052
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.
      Forensic Cluster
         -0.2s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\htm\wc002323.htm
          0.0s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\dll\wc002323.dll
          0.0s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\pbcl.dll
         11.5s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\PnkBstrA.exe

   C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\pbcl.dll
      Size . . . . . . . : 956.648 bytes
      Age  . . . . . . . : 22.8 days (2013-04-21 18:00:06)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : E88505208F2EA9F150F451C73EEFE57D54A7F50E9D24CB9E647D95A1E826A052
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.
      Forensic Cluster
         -0.2s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\htm\wc002323.htm
         -0.0s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\dll\wc002323.dll
          0.0s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\pbcl.dll
         11.5s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\PnkBstrA.exe

   C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\pbclold.dll
      Size . . . . . . . : 947.283 bytes
      Age  . . . . . . . : 22.8 days (2013-04-21 17:47:52)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 26898E20DB3E20E2986684F1726D3421B0EA9D381F4BD56D6370AAE63973F5B8
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
      Forensic Cluster
         -3.1s C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\mugshot.png
         -0.2s C:\Program Files (x86)\EA Games\Battlefield Heroes\pbcl.log
         -0.1s C:\Program Files (x86)\EA Games\Battlefield Heroes\pb\pbcl.db
         -0.1s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\
         -0.1s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\
         -0.1s C:\Program Files (x86)\EA Games\Battlefield Heroes\pb\pbcl.log
         -0.0s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\pbclgame.cfg
         -0.0s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\pbcl.db
          0.0s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\pbclold.dll
          0.0s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\pbag.dll
          0.0s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\scrnshot\
          0.0s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\dll\
          0.0s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\htm\
          0.0s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\pbcl.log
          0.7s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\PnkBstrB.exe
          1.1s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbase.cfx
          1.2s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbaselightmap.cfx
          1.2s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbasedetail.cfx
          1.2s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbasedetaillightmap.cfx
          1.3s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbaseshadow.cfx
          1.3s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbaselightmapshadow.cfx
          1.3s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbasedetailshadow.cfx
          1.4s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbasedetaillightmapshadow.cfx
          1.4s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbasepointlight.cfx
          1.4s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbasedetailpointlight.cfx
          1.4s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbasealphatest.cfx
          1.5s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbasealphatestlightmap.cfx
          1.5s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbasedetailalphatest.cfx
          1.5s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbasedetailalphatestlightmap.cfx
          1.6s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbasealphatestshadow.cfx
          1.6s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbasealphatestlightmapshadow.cfx
          1.6s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbasedetailalphatestshadow.cfx
          1.7s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbasedetailalphatestlightmapshadow.cfx
          1.7s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbasealphatestpointlight.cfx
          1.7s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderstmbasedetailalphatestpointlight.cfx
          1.7s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderleafpointlight.cfx
          1.7s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashadertrunkstmdetailshadowed.cfx
          1.8s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashadertrunkstmbaseshadowed.cfx
          1.8s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderleafshadowed.cfx
          1.8s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderleafpointlightshadowed.cfx
          1.8s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashadertrunkstmdetail.cfx
          1.8s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashadertrunkstmbase.cfx
          1.8s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderleafdir.cfx
          1.8s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderspriteleaf.cfx
          1.9s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderroad.cfx
          1.9s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderroaddetailnoblend.cfx
          1.9s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderroaddetail.cfx
          1.9s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderwater.cfx
          1.9s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmnothing.cfx
          2.0s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasuvanimation.cfx
          2.0s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasgimap.cfx
          2.0s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmusehemimap.cfx
          2.0s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasuvanimationusehemimap.cfx
          2.1s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasgimapusehemimap.cfx
          2.1s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmnothinghasrimeffect.cfx
          2.1s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasuvanimationhasrimeffect.cfx
          2.2s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasgimaphasrimeffect.cfx
          2.2s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmusehemimaphasrimeffect.cfx
          2.2s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasuvanimationusehemimaphasrimeffect.cfx
          2.2s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasgimapusehemimaphasrimeffect.cfx
          2.3s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmnothingpointlighthasrimeffect.cfx
          2.3s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasuvanimationpointlighthasrimeffect.cfx
          2.3s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasgimappointlighthasrimeffect.cfx
          2.3s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmusehemimappointlighthasrimeffect.cfx
          2.4s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasuvanimationusehemimappointlighthasrimeffect.cfx
          2.4s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasgimapusehemimappointlighthasrimeffect.cfx
          2.4s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmnothinghasrimeffectlow.cfx
          2.4s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasuvanimationhasrimeffectlow.cfx
          2.5s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasgimaphasrimeffectlow.cfx
          2.5s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmusehemimaphasrimeffectlow.cfx
          2.5s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasuvanimationusehemimaphasrimeffectlow.cfx
          2.6s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasgimapusehemimaphasrimeffectlow.cfx
          2.6s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmnothingpointlighthasrimeffectlow.cfx
          2.6s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasuvanimationpointlighthasrimeffectlow.cfx
          2.6s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasgimappointlighthasrimeffectlow.cfx
          2.7s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmusehemimappointlighthasrimeffectlow.cfx
          2.7s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasuvanimationusehemimappointlighthasrimeffectlow.cfx
          2.7s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasgimapusehemimappointlighthasrimeffectlow.cfx
          2.7s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmnothinghasrimeffectsuperlow.cfx
          2.8s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasuvanimationhasrimeffectsuperlow.cfx
          2.8s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasgimaphasrimeffectsuperlow.cfx
          2.8s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmusehemimaphasrimeffectsuperlow.cfx
          2.8s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasuvanimationusehemimaphasrimeffectsuperlow.cfx
          2.8s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasgimapusehemimaphasrimeffectsuperlow.cfx
          2.9s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmnothingpointlighthasrimeffectsuperlow.cfx
          2.9s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasuvanimationpointlighthasrimeffectsuperlow.cfx
          2.9s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasgimappointlighthasrimeffectsuperlow.cfx
          2.9s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmusehemimappointlighthasrimeffectsuperlow.cfx
          3.0s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasuvanimationusehemimappointlighthasrimeffectsuperlow.cfx
          3.0s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmhasgimapusehemimappointlighthasrimeffectsuperlow.cfx
          3.0s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderbmzonly.cfx
         13.1s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderwater2d.cfx
         13.1s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderwaterdistant2d.cfx
         13.1s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderwatersurrounding2d.cfx
         13.4s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderwaterhighend3d.cfx
         13.5s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderwaterdistant3d.cfx
         13.5s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderwatersurrounding3d.cfx

   C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\PnkBstrK.sys
      Size . . . . . . . : 139.648 bytes
      Age  . . . . . . . : 22.8 days (2013-04-21 17:52:15)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 164A5F0B9153B75F8955C44BFAE12B594B8D53922AE090132695FF2DAD191C8A
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.
      Forensic Cluster
         -37.3s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashaderleafdirog.cfx
         -37.2s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashadertrunkog.cfx
         -34.8s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\pbns_c.dat
         -23.4s C:\Users\Rohr\Documents\Battlefield Heroes\mods\bfheroes\cache\{D7B71EE2-2B7D-11CF-A370-1303BEC2C535}_246917_4\rashadersmactivecamo.cfx
         -2.2s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0797C381B2F87EB5A1D5573BD15BA4F4
         -2.2s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0797C381B2F87EB5A1D5573BD15BA4F4
          0.0s C:\Users\Rohr\AppData\Local\PunkBuster\HEROES\pb\PnkBstrK.sys

   C:\Users\Rohr\Desktop\Spiele\Neuer Ordner\Self-Activator_Gamekeys_biz\Self-Activator_Gamekeys_biz\vpn_pl.exe
      Size . . . . . . . : 31.744 bytes
      Age  . . . . . . . : 107.6 days (2013-01-27 00:16:48)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : ADE6CD3F8F8B38B7925F6787B0A7494441D783E7FBCC40ECC78B3EE1AB2E4229
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

   C:\Users\Rohr\Desktop\Spiele\Neuer Ordner\Self-Activator_Gamekeys_biz\Self-Activator_Gamekeys_biz\vpn_ru.exe
      Size . . . . . . . : 31.744 bytes
      Age  . . . . . . . : 107.6 days (2013-01-27 00:16:48)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 94E9AB74C36245BBC9E6C606B0E02A0DFC3EF58FD0BFFA9A786BB3791D820DA1
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.


Cookies _____________________________________________________________________

   C:\Users\Rohr\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\Rohr\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
   C:\Users\Rohr\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Rohr\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Users\Rohr\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.etracker.de
         

Cookies konnten nicht gelöscht werden.

ok passt.
bitte neues OTL Log.

Sorry , was meinst du mit OTL ?

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

• Starte bitte die
  OTL.exe
  .
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die
  Textbox.

Code: Alles auswählenAufklappen

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         

• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Kopiere
  nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 14.05.2013 14:41:11 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rohr\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 57,34% Memory free
7,96 Gb Paging File | 5,88 Gb Available in Paging File | 73,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 255,56 Gb Free Space | 54,88% Space Free | Partition Type: NTFS
 
Computer Name: ROHR-PC | User Name: Rohr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Rohr\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\puush\puush.exe ()
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe (Symantec Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\puush\puush.exe ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\wincfi39.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BEService) -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe ()
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe (Symantec Corporation)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1403010.016\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1403010.016\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1403010.016\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1403010.016\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1403010.016\SymDS64.sys (Symantec Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1403010.016\Ironx64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1403010.016\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek)
DRV:64bit: - (SaiMini) -- C:\Windows\SysNative\drivers\SaiMini.sys (Saitek)
DRV:64bit: - (SaiK1708) -- C:\Windows\SysNative\drivers\SaiK1708.sys (Saitek)
DRV:64bit: - (SaiU1708) -- C:\Windows\SysNative\drivers\SaiU1708.sys (Saitek)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130511.001\IDSviA64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130513.022\ex64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130513.022\eng64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130502.001\BHDrvx64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (AODDriver4.2) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (WinRing0_1_2_0) -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys (OpenLibSys.org)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-330010271-3606213368-2544051051-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-330010271-3606213368-2544051051-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-330010271-3606213368-2544051051-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-330010271-3606213368-2544051051-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE496
IE - HKU\S-1-5-21-330010271-3606213368-2544051051-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-330010271-3606213368-2544051051-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..browser.search.selectedEngine: "Hola Search"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\coFFPlgn\ [2013.05.14 14:07:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\IPSFFPlgn\ [2013.04.19 22:01:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.10 13:06:35 | 000,000,000 | ---D | M]
 
[2013.03.10 13:08:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rohr\AppData\Roaming\mozilla\Extensions
[2013.05.12 02:02:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rohr\AppData\Roaming\mozilla\Firefox\Profiles\xtanz4ff.default\extensions
[2013.05.10 16:43:07 | 000,001,304 | ---- | M] () -- C:\Users\Rohr\AppData\Roaming\mozilla\firefox\profiles\xtanz4ff.default\searchplugins\holasearch.xml
[2013.03.10 13:06:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.03.07 16:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.03.07 17:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.07 17:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.07 17:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 17:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.07 17:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 17:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Hola Search (Enabled)
CHR - default_search_provider: search_url = hxxp://www.holasearch.com/?q={searchTerms}&affID=121962&tt=gc_&babsrc=SP_ss&mntrId=CE1390F652BE8D6D
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: AdBlock = C:\Users\Rohr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: Norton Identity Protection = C:\Users\Rohr\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_0\
 
O1 HOSTS File: ([2013.03.17 01:14:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\IPS\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-330010271-3606213368-2544051051-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Programme\SmartTechnology\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Programme\SmartTechnology\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-330010271-3606213368-2544051051-1000..\Run: [Dxtory Update Checker 2.0] C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe (Dxtory Software)
O4 - HKU\S-1-5-21-330010271-3606213368-2544051051-1000..\Run: [puush] C:\Program Files (x86)\puush\puush.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-330010271-3606213368-2544051051-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-330010271-3606213368-2544051051-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-330010271-3606213368-2544051051-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-330010271-3606213368-2544051051-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-330010271-3606213368-2544051051-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-330010271-3606213368-2544051051-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-330010271-3606213368-2544051051-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5556E540-02B6-4492-B8D3-A3DD9D832D22}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA5C435D-AF6C-4C26-A640-4E7C72DE713D}: DhcpNameServer = 217.0.43.193 217.0.43.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.14 13:47:19 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013.05.14 13:37:48 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013.05.13 20:42:12 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.05.13 20:41:48 | 009,741,664 | ---- | C] (SurfRight B.V.) -- C:\Users\Rohr\Desktop\HitmanPro_x64.exe
[2013.05.12 01:53:57 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.05.12 01:50:30 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.05.10 21:15:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013.05.10 21:15:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.05.10 16:36:04 | 000,000,000 | ---D | C] -- C:\Users\Rohr\AppData\Roaming\Wise Disk Cleaner
[2013.05.10 16:35:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise
[2013.05.10 16:33:03 | 000,000,000 | ---D | C] -- C:\Users\Rohr\AppData\Roaming\Auslogics
[2013.05.10 16:21:01 | 000,019,632 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe
[2013.05.10 16:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.05.10 13:41:24 | 007,859,160 | ---- | C] (Auslogics Software Pty Ltd                                  ) -- C:\Users\Rohr\Desktop\disk3610-defrag-setup.exe
[2013.05.07 21:14:35 | 000,000,000 | ---D | C] -- C:\Users\Rohr\Documents\Square Enix
[2013.05.04 17:55:12 | 000,000,000 | ---D | C] -- C:\gravity
[2013.05.04 17:51:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013.05.04 17:51:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.04.30 15:59:02 | 000,000,000 | ---D | C] -- C:\Users\Rohr\AppData\Roaming\NetSpeedMonitor
[2013.04.30 15:45:22 | 000,000,000 | ---D | C] -- C:\Users\Rohr\Desktop\LaunchComponent (1)
[2013.04.30 15:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3
[2013.04.30 15:16:04 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013.04.30 15:16:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013.04.24 14:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
[2013.04.24 14:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2013.04.23 21:59:41 | 000,000,000 | ---D | C] -- C:\Users\Rohr\AppData\Roaming\Audacity
[2013.04.23 21:59:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2013.04.23 21:59:12 | 021,281,052 | ---- | C] (Audacity Team                                               ) -- C:\Users\Rohr\Desktop\audacity-win-2.0.3.exe
[2013.04.21 17:31:21 | 000,000,000 | ---D | C] -- C:\Users\Rohr\Documents\Battlefield Heroes
[2013.04.21 17:30:10 | 000,000,000 | ---D | C] -- C:\Users\Rohr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA Games
[2013.04.21 17:22:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games
[2013.04.20 15:49:54 | 000,000,000 | ---D | C] -- C:\Dxtory Aufnahmen
[2013.04.20 15:47:26 | 000,000,000 | ---D | C] -- C:\Users\Rohr\AppData\Local\Dxtory Software
[2013.04.20 15:47:19 | 003,673,600 | ---- | C] (Dxtory Software) -- C:\Windows\SysNative\DxtoryCodec64.dll
[2013.04.20 15:47:19 | 003,166,720 | ---- | C] (Dxtory Software) -- C:\Windows\SysWow64\DxtoryCodec.dll
[2013.04.20 15:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dxtory2.0
[2013.04.20 15:47:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dxtory Software
[2013.04.20 15:44:50 | 000,000,000 | ---D | C] -- C:\Users\Rohr\Desktop\Dxtory + Crack, by eXiR
[2013.04.19 21:59:45 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.14 14:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.14 14:12:50 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.14 14:12:50 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.14 14:06:42 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.14 14:05:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.14 14:05:12 | 3207,159,808 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.14 13:47:19 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013.05.14 13:47:03 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.14 13:37:49 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.05.13 20:41:55 | 009,741,664 | ---- | M] (SurfRight B.V.) -- C:\Users\Rohr\Desktop\HitmanPro_x64.exe
[2013.05.12 01:53:57 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.05.10 16:35:39 | 000,001,204 | ---- | M] () -- C:\Users\Public\Desktop\Wise Disk Cleaner.lnk
[2013.05.10 13:41:06 | 007,859,160 | ---- | M] (Auslogics Software Pty Ltd                                  ) -- C:\Users\Rohr\Desktop\disk3610-defrag-setup.exe
[2013.05.06 19:14:21 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.05.06 19:14:21 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.04.30 15:16:06 | 000,001,182 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2013.04.30 15:16:06 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster 3.lnk
[2013.04.24 16:36:03 | 001,776,473 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\Cat.DB
[2013.04.24 14:05:09 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01011.Wdf
[2013.04.23 21:59:33 | 000,001,007 | ---- | M] () -- C:\Users\Rohr\Desktop\Audacity.lnk
[2013.04.23 21:55:47 | 021,281,052 | ---- | M] (Audacity Team                                               ) -- C:\Users\Rohr\Desktop\audacity-win-2.0.3.exe
[2013.04.21 18:00:18 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.04.21 18:00:10 | 000,282,296 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.04.20 15:47:22 | 000,001,182 | ---- | M] () -- C:\Users\Rohr\Desktop\Dxtory.lnk
[2013.04.19 21:59:46 | 000,002,501 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013.04.19 21:59:10 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\VT20130115.021
[2013.04.19 19:36:52 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013.04.19 19:36:52 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013.04.19 19:36:52 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.14 13:37:49 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.05.12 01:53:57 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.05.10 16:35:39 | 000,001,204 | ---- | C] () -- C:\Users\Public\Desktop\Wise Disk Cleaner.lnk
[2013.04.30 15:16:06 | 000,001,182 | ---- | C] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2013.04.30 15:16:06 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster 3.lnk
[2013.04.24 14:05:09 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01011.Wdf
[2013.04.23 21:59:33 | 000,001,007 | ---- | C] () -- C:\Users\Rohr\Desktop\Audacity.lnk
[2013.04.23 21:59:32 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2013.04.20 15:47:22 | 000,001,182 | ---- | C] () -- C:\Users\Rohr\Desktop\Dxtory.lnk
[2013.04.19 21:59:46 | 000,002,501 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013.04.05 17:24:54 | 000,001,410 | ---- | C] () -- C:\Users\Rohr\AppData\Roaming\.minecraft - Verknüpfung.lnk
[2013.03.17 01:03:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.17 01:03:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.17 01:03:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.17 01:03:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.17 01:03:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.09 18:38:48 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX3800EFGIPSD.ini
[2012.11.18 01:05:44 | 000,004,608 | ---- | C] () -- C:\Users\Rohr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.10 19:20:44 | 000,088,280 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.08.14 20:08:07 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.08.14 20:05:10 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012.08.08 22:44:15 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.08.08 22:44:13 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.08.06 14:27:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.08.06 14:25:41 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.08.06 14:19:04 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.08.06 14:19:04 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012.08.06 14:15:08 | 000,048,481 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.08.06 14:08:33 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.08.06 14:08:30 | 000,037,967 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.07.28 03:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.28 03:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.05.12 19:26:37 | 000,000,000 | ---D | M] -- C:\Users\Rohr\AppData\Roaming\.minecraft
[2012.12.23 03:29:19 | 000,000,000 | ---D | M] -- C:\Users\Rohr\AppData\Roaming\.Spoutcraft
[2013.04.23 22:08:37 | 000,000,000 | ---D | M] -- C:\Users\Rohr\AppData\Roaming\Audacity
[2013.05.10 16:33:03 | 000,000,000 | ---D | M] -- C:\Users\Rohr\AppData\Roaming\Auslogics
[2012.10.31 22:40:43 | 000,000,000 | ---D | M] -- C:\Users\Rohr\AppData\Roaming\Awesomium
[2013.01.04 17:36:14 | 000,000,000 | ---D | M] -- C:\Users\Rohr\AppData\Roaming\Carbon
[2012.09.06 21:44:10 | 000,000,000 | ---D | M] -- C:\Users\Rohr\AppData\Roaming\DVDVideoSoft
[2012.11.09 18:54:25 | 000,000,000 | ---D | M] -- C:\Users\Rohr\AppData\Roaming\GarenaPlus
[2012.08.08 01:11:17 | 000,000,000 | ---D | M] -- C:\Users\Rohr\AppData\Roaming\LolClient
[2012.08.06 16:34:33 | 000,000,000 | ---D | M] -- C:\Users\Rohr\AppData\Roaming\MAXON
[2012.11.03 21:23:36 | 000,000,000 | ---D | M] -- C:\Users\Rohr\AppData\Roaming\MW2 FoV Changer
[2013.02.16 00:04:21 | 000,000,000 | ---D | M] -- C:\Users\Rohr\AppData\Roaming\MW3 FoV Changer
[2013.05.01 01:25:12 | 000,000,000 | ---D | M] -- C:\Users\Rohr\AppData\Roaming\NetSpeedMonitor
[2013.02.26 22:49:40 | 000,000,000 | ---D | M] -- C:\Users\Rohr\AppData\Roaming\Origin
[2013.01.27 15:03:44 | 000,000,000 | ---D | M] -- C:\Users\Rohr\AppData\Roaming\Play withSIX
[2013.04.10 16:50:37 | 000,000,000 | ---D | M] -- C:\Users\Rohr\AppData\Roaming\puush
[2012.08.25 18:10:25 | 000,000,000 | ---D | M] -- C:\Users\Rohr\AppData\Roaming\six-zsync
[2012.10.21 13:27:58 | 000,000,000 | ---D | M] -- C:\Users\Rohr\AppData\Roaming\Sony
[2012.11.18 00:59:24 | 000,000,000 | ---D | M] -- C:\Users\Rohr\AppData\Roaming\TechSmith
[2012.09.22 23:43:51 | 000,000,000 | ---D | M] -- C:\Users\Rohr\AppData\Roaming\Teeworlds
[2013.05.12 17:54:05 | 000,000,000 | ---D | M] -- C:\Users\Rohr\AppData\Roaming\TS3Client
[2013.03.10 13:11:23 | 000,000,000 | ---D | M] -- C:\Users\Rohr\AppData\Roaming\TuneUp Software
[2013.05.10 16:41:43 | 000,000,000 | ---D | M] -- C:\Users\Rohr\AppData\Roaming\Wise Disk Cleaner
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:07BF512B

< End of report >
         

--- --- ---


OTL EXTRAS Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 14.05.2013 14:41:11 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rohr\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 57,34% Memory free
7,96 Gb Paging File | 5,88 Gb Available in Paging File | 73,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 255,56 Gb Free Space | 54,88% Space Free | Partition Type: NTFS
 
Computer Name: ROHR-PC | User Name: Rohr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-330010271-3606213368-2544051051-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027BADAE-E4B7-4D36-A0F9-32ED12A6107D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{02A3D18B-F865-495F-A4EC-1A0265CE9A60}" = rport=138 | protocol=17 | dir=out | app=system | 
"{114D0E4E-5129-4C59-86AA-FA253DFBA9F0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1550A4B9-DDC5-4DEE-BFA2-1F7B67C98E56}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1DC2179B-3A44-4212-85F7-01853AF14466}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{63F0504C-5DAC-4BEB-84E8-59582F1117CB}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6418169C-7CC8-4E02-8EF5-112422DECE53}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7470A873-F5BE-423F-B393-3263718F39B5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{805E2186-4A5C-4CC7-9932-5227B6EF3452}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{827B7564-A060-4179-805E-C99B6547B7FD}" = rport=139 | protocol=6 | dir=out | app=system | 
"{87AC528D-E384-479A-B428-EE8222B015AF}" = lport=138 | protocol=17 | dir=in | app=system | 
"{914CDDD9-AC9E-412F-9E62-41C6BE600D58}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{97A6429D-0BD4-47CA-B6D8-81484854356C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9D9E834A-9449-4454-931E-5C09D5E9FDA5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A39175D3-02B9-44E3-9CDC-4E21B1B96B55}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AF027CCC-4618-4AD9-8B46-CC9B44979CDF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B29BD134-4040-45B7-8C35-0F0440452687}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BF72FD4B-401E-4E9E-98D7-ADDB9CD1239B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E90F2527-C2E3-4CC8-9984-B0A715DAA10B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F12C4A9C-466A-47CE-B2B2-283991AF48BD}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F99BC8DB-D4CE-41AA-BD81-62CBA840849C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05C4883D-222A-4C26-89A4-6C8D622BC82F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pblauncher.exe | 
"{065C3C86-6282-4A8C-A61D-A558B5E168F3}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{0981295E-42C6-4D63-9D19-6F362794DB47}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{0A81DB20-08AC-4F3E-8F33-8B7019CEAB4A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{0F4A3563-75A2-4EEA-9485-332453C320F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pblauncher.exe | 
"{0FC3CFBD-D5F4-480E-A091-6C64C9A33F1B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trialspc\datapack\trialsfmx.exe | 
"{193A502A-1CC9-4CA2-B2B2-B83DBFD147D3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pbclient.exe | 
"{1F4886C7-EA9A-487B-AD0D-A7E774961D8A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{1FE58BF3-2D63-4D63-9C36-15D38F3B1774}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | 
"{20C2CF8D-82DD-42C3-BC2D-4DD58016DB4B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{2331868E-CF69-4775-B47B-41141FF8B81A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | 
"{27FBD392-0D2A-4078-99E7-0782C3FD1C90}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 
"{2A84BF2B-22C4-4A93-8C2B-33A74F7C940A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{2A92393F-9D82-4CC6-9823-0CF5A6A69EAF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{2C46EECB-AD53-44B5-BB68-4DEAA44AF359}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\engine.exe | 
"{33F80D9F-A71C-4B40-8735-299D9BA468CA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{34376670-0550-4663-ACC0-D0D67EB01DA9}" = protocol=6 | dir=in | app=c:\users\rohr\appdata\roaming\spotify\spotify.exe | 
"{34A7A37A-2CD5-42E3-9E55-365FB3C1FFD4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3AB47FBC-D6B1-4F67-AE7A-9DB766D5806A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{40C6EBF0-9E71-4F34-B579-6B42D2DFC60B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{40FB7B60-2E50-443D-9D28-5352F3C10265}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{42DF4006-6341-47A8-8BC4-7B0DDC68BC7F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{47FA7EBE-077C-4450-A353-3C3EE8376629}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{48F64B26-7227-4EC1-B295-03481604B99D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{49E3405F-A00E-47AA-ABEB-85D3A57FBFDA}" = protocol=17 | dir=in | app=c:\users\rohr\downloads\blackshot_garenaplus_installer.exe | 
"{4BBE4024-4DE8-4085-B425-0B00F1A51BEA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{4BC1742A-084F-4A8B-9DCB-A4EAC375F5F7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4DA532E9-C51D-4E23-97E3-AD921C81D7FE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4F6DCA1B-5947-4B2C-B99F-FE2DC8FA4587}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{4F98DE89-0A44-46FF-BC69-6401036F7322}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{5124E2FE-6B88-4582-9036-AD90FD9A99CF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{52505BC9-B127-4BDE-8E8D-EF1175567A60}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{60AD4E64-C67B-4F85-BB58-46AF6977E41E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{60F9AE52-16BD-4FD0-8E87-730801A677DC}" = protocol=6 | dir=out | app=system | 
"{61707B84-2752-479B-A3A7-0C0F817EE854}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{61B4DDAD-E548-4D0F-A7D3-1B64CB35CE0A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{6302364B-8781-4A8F-8213-ABFF82ECD079}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{6335E121-676D-418F-9A00-5954D4F7788F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6380400C-5288-46EC-89ED-EF8DDA869032}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{64A2E12A-DE42-4A3F-9367-E621F615F423}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{65862933-19EA-4B4D-8F67-2FF68D1DE048}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{699C32AA-4208-4D94-B1D4-0AC48C332435}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{69D9F237-0810-447A-84D5-D0A7AF7CFFE7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{6B16CA70-8B81-49F8-9EEC-19EECBED0F5C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6D4FD8F1-6EE9-4855-A13A-725F803D80DF}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{6E3294B0-2A3E-4560-A2B7-FBE801BB8F16}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{713294BA-CF54-4B1D-B62F-1A130C2AF4B3}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{74357F61-0F3C-414C-9B5F-9348DBD72828}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe | 
"{75510EE5-0EF0-464A-A888-C2E04FBBE239}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{75F10379-11C1-4AA0-B699-DF273A678299}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{77C97928-CE1B-433E-8A22-66041CA60C2D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{7A86C5C6-8FBC-4BCB-9E66-A3096B6CCEDB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{7E27934A-77FA-466E-B09C-647D9CD6D620}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{7F18138B-F512-49EC-AAA6-67C1A8A343C2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{7F5A66C8-C42A-4311-A0E1-B803CD12804C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 
"{82213B9B-94F4-4904-B314-C48B64FD429F}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{8286DFD1-D39D-4B06-96B1-DBAEDD63D6E6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{8AFACFD3-EF86-468E-A1B9-A13490FCD41A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | 
"{95BCD7E2-EC2F-41BD-B005-2F1F028C029D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{95F876B6-B23B-45E0-B4B4-0F366C7AADAF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ragnarok online 2\wplauncher.exe | 
"{962E84A4-DB0B-4C44-A01D-F9E179171486}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{9C6E88FE-FEBD-4085-9F1B-9A708CC576B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{A2F6F082-BB84-46AA-8FBB-1D531FC172E2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{A3BE29FF-28E7-4C85-88EC-5B629CE076CA}" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe | 
"{A585731D-F1E4-4130-8838-C39609DE32EC}" = protocol=6 | dir=in | app=c:\users\rohr\downloads\blackshot_garenaplus_installer.exe | 
"{A5A13250-0ED2-4932-8A5A-5D1822720A15}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A6DB9646-2CEE-4D2C-A523-759D54097BAE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A78D28E4-0385-4C97-B2A1-5483D81E3507}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A8A75986-21A1-4B01-8AB7-11EDD8D9DB48}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{AAC526F4-CF8D-4830-A7A9-C495538C2CB3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{ABDF932C-8B4C-405D-AFC8-1ED727F5B541}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{AC3A52AF-1E3D-425C-BE6D-A7EBADDEFA93}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{AD0D0D5A-23F0-4DB9-A929-79B9B4E0631B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pbclient.exe | 
"{AD939C13-028E-44E4-A5BC-B761130DFA17}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
"{AF06F65B-1024-4F0F-806B-567F93473F1D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{AFDBD153-3678-48DB-8F13-9940972EB133}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | 
"{B4A01520-E650-4305-A3F8-09EE50A94121}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B89778BE-BC83-42A8-BFB2-9D10266AAD06}" = protocol=6 | dir=in | app=c:\users\rohr\appdata\roaming\spotify\spotify.exe | 
"{C06ABB01-51D2-4AE3-A7C7-F8A7E7A47828}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{C072B9F4-6D59-4995-914D-BE6A1FB18C5D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{C12E432E-D6E3-4CAB-9F55-BE6E7E0F31E5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arcticcombat\gamelauncher_gp\mappingaccount.exe | 
"{C221F92F-F8B9-4E5E-93C6-F14D58A63D08}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arcticcombat\gamelauncher_gp\mappingaccount.exe | 
"{C318003F-295B-4D42-8EC1-E557542843CC}" = protocol=17 | dir=in | app=c:\users\rohr\appdata\roaming\spotify\spotify.exe | 
"{C453F2A5-5DF6-47A2-ACF6-CD239C77F9F9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{C5551AC8-1798-4F91-97FE-683AE9E0AF8B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C5926E96-EB9D-4BBD-8278-F6906679E9B7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{C6087E5F-A1F8-4488-BFF0-0C9ABF3FF673}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ragnarok online 2\wplauncher.exe | 
"{C71E6D64-EEBE-47F6-8084-DE60713507D3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{C8559D38-268C-44D6-8B77-270E448789CE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | 
"{CDFF9F81-384C-46A9-8553-80E81942C11D}" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe | 
"{CFE499C8-8646-417D-B00F-C9A070FC6224}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CFED1CC1-FE06-4B72-9715-671664CF6402}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe | 
"{D017525B-BF20-4C87-BA55-5C53769BC226}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{D2B5E112-2B83-44E6-982F-16C618446A0D}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{D4F334CA-3226-43D9-88C1-1CFC774B3C0A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe | 
"{D6AE01C9-5A18-4A7C-B92B-4FD93DFBADD4}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{D702A72C-E897-4B52-A43A-8451E3656739}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\engine.exe | 
"{D7E9F8BC-E2FE-44C1-89DD-24D9521A598F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe | 
"{D9550433-BF2B-4B95-9F69-566DA21E30AB}" = protocol=17 | dir=in | app=c:\users\rohr\appdata\roaming\spotify\spotify.exe | 
"{DA647BC5-EFB4-4218-9470-AB2867F2F09E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe | 
"{DB946137-F2D7-4883-9AE6-41524EFB3B2C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{DC373E34-1D52-432C-9819-852B8868E13E}" = protocol=6 | dir=in | app=c:\program files (x86)\efusion\blackshot\system\blackshot.exe | 
"{DC3F6C38-DD52-416A-93E9-1AD5A9189370}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{DD6BCFB5-B7A4-415F-B1F5-1BD386516152}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DD8BF246-3B27-4870-A7EF-D82E7E5A8D36}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe | 
"{DDAD8EA4-042E-4492-919E-0E417DCCB6FD}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{DFC0D45C-98E4-4463-A8AD-313C997168DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E6789382-7C89-4CF0-B047-9F169F3B7ADF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{EAD47EF0-8045-4121-A43F-B10BACB6C8EB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EC034EF0-1305-4213-99AF-F611E0EAC902}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{EF375E4C-F4D0-414C-AF17-71F430D24B98}" = protocol=17 | dir=in | app=c:\program files (x86)\efusion\blackshot\system\blackshot.exe | 
"{F08E7CB7-BB37-4D9E-9A21-B15141F78B96}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trialspc\datapack\trialsfmx.exe | 
"{F817C2B7-2C4C-4D23-90BE-4897B2B34485}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F9067107-C66F-4BBC-8E06-8833B7EF0622}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{FB50481C-3694-4126-9369-36A43E129CEA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{068F0C39-9496-4068-8A5B-B489F2B6D8D5}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"TCP Query User{18EF24A2-3D30-40C5-B9D0-809076CECCB2}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"TCP Query User{61B6D0F5-5FBF-43BA-B9A2-779EFCD530BB}C:\users\rohr\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\users\rohr\documents\arma 2\expansion\beta\arma2oa.exe | 
"TCP Query User{640ACBE2-378F-4382-A003-34D540E712FB}C:\windows\syswow64\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe | 
"TCP Query User{A2361BC2-C675-43CD-A835-03F328A4D6C4}C:\program files (x86)\steam\steamapps\janniklr1\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\janniklr1\team fortress 2\hl2.exe | 
"TCP Query User{A65906C5-9F65-4C7E-AF11-89AD34E2CA0C}C:\program files (x86)\steam\steamapps\common\bullet run\binaries\win32\bulletrun.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bullet run\binaries\win32\bulletrun.exe | 
"TCP Query User{C5CC72F8-D784-4755-82C2-4A59124EA887}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{DA5A837B-D96D-4A73-B7F1-A046F29E4B5A}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe | 
"TCP Query User{E9B8E509-3166-4379-B1C5-3AF1AE898462}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{EBE49F57-D283-47EA-983A-FE97D1874F05}C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe | 
"TCP Query User{F65BC433-D698-4782-A31D-2E84B1EF65F5}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"TCP Query User{F86D6790-7175-4046-9558-9711AEEE5F1F}C:\users\rohr\desktop\mw3_modernadmin_host_tool\mw3_modernadmin_host_tool\modernadmin.exe" = protocol=6 | dir=in | app=c:\users\rohr\desktop\mw3_modernadmin_host_tool\mw3_modernadmin_host_tool\modernadmin.exe | 
"TCP Query User{FAB7E65D-C0BE-4E00-863B-375DAFD24527}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{121B2DFA-C435-45E2-8148-79354C2489C5}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{12836FE7-4E70-4637-A7D1-5DC15BE5FA1D}C:\users\rohr\desktop\mw3_modernadmin_host_tool\mw3_modernadmin_host_tool\modernadmin.exe" = protocol=17 | dir=in | app=c:\users\rohr\desktop\mw3_modernadmin_host_tool\mw3_modernadmin_host_tool\modernadmin.exe | 
"UDP Query User{3765ACA0-F235-40D5-9A2C-370ADC8D0A60}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"UDP Query User{522C368B-EBA9-4F82-8186-66108F922E8A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{5544D4A3-C0B9-414D-963F-A6FD33A20553}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"UDP Query User{72CDD3CC-3752-44E5-A177-4CDB4FCB831F}C:\program files (x86)\steam\steamapps\common\bullet run\binaries\win32\bulletrun.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bullet run\binaries\win32\bulletrun.exe | 
"UDP Query User{7832494D-A796-4186-B4F7-469BD885F5C2}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"UDP Query User{803550D5-ADD9-45E2-9B33-7DF77691138D}C:\windows\syswow64\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe | 
"UDP Query User{BB35024F-EF2A-46D4-B25F-2212FA613A7A}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe | 
"UDP Query User{D142063F-86EF-45CB-8126-02D759C20D8D}C:\users\rohr\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\users\rohr\documents\arma 2\expansion\beta\arma2oa.exe | 
"UDP Query User{D966686E-2E72-4C70-9F99-848E89B2E790}C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe | 
"UDP Query User{DAAD5D53-B21D-4952-B697-19E10620B652}C:\program files (x86)\steam\steamapps\janniklr1\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\janniklr1\team fortress 2\hl2.exe | 
"UDP Query User{FF9F0E0F-2525-48F1-8182-800BE3464A61}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{24F93B56-61F5-415F-85B9-AA444DA34AFC}" = Microsoft-Maus- und Tastatur-Center
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{3145731D-C578-70ED-899F-7A670D2A6662}" = AMD Fuel
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{AB085680-FE98-11E1-A232-F04DA23A5C58}" = MSVCRT Redists
"{F1525BFE-6D58-4E7A-9B17-C563B7EAADC5}" = Smart Technology Programming Software 7.0.23.0
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F74FF821-AD39-B6B4-3738-C68B5E179C8E}" = AMD Drag and Drop Transcoding
"CCleaner" = CCleaner
"HitmanPro37" = HitmanPro 3.7
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{03AC8F6C-B522-4DA3-9B50-9EBEF444A4E4}" = DayZ Commander
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{42DCB650-F003-4535-A5CD-32AD815CD2DD}" = Play withSIX
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A407FC22-36BF-4C82-A516-59D94BC505A9}" = System Requirements Lab Detection
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C3592426-531E-4110-911D-BFECE2CE284B}" = puush
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.11 Game
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0.3
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Dxtory2.0_is1" = Dxtory 2.0.104
"Fraps" = Fraps (remove only)
"Game Booster_is1" = Game Booster 3
"Google Chrome" = Google Chrome
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"LOLReplay" = LOLReplay
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 113200" = The Binding of Isaac
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 220160" = Trials Evolution Gold Edition
"Steam App 222880" = Insurgency
"Steam App 231060" = Ragnarok Online 2
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 440" = Team Fortress 2
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 8190" = Just Cause 2
"Uplay" = Uplay
"Winamp" = Winamp
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 7.61
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-330010271-3606213368-2544051051-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes (Rohr)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.05.2013 10:50:00 | Computer Name = Rohr-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.05.2013 06:43:44 | Computer Name = Rohr-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.05.2013 11:14:35 | Computer Name = Rohr-PC | Source = Application Hang | ID = 1002
Description = Programm chrome.exe, Version 26.0.1410.64 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 12d4    Startzeit:
 01ce4e4b837523b1    Endzeit: 121    Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID:
 78d16a22-ba4d-11e2-8e1d-10bf4876115f  
 
Error - 11.05.2013 20:01:03 | Computer Name = Rohr-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.05.2013 20:06:59 | Computer Name = Rohr-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.05.2013 07:19:10 | Computer Name = Rohr-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.05.2013 08:01:09 | Computer Name = Rohr-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.05.2013 07:04:54 | Computer Name = Rohr-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.05.2013 07:37:13 | Computer Name = Rohr-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Rohr\Downloads\SoftonicDownloader_fuer_diskmax.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 14.05.2013 08:06:41 | Computer Name = Rohr-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 08.02.2013 08:50:33 | Computer Name = Rohr-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 09.02.2013 08:38:26 | Computer Name = Rohr-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 09.02.2013 08:38:29 | Computer Name = Rohr-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 10.02.2013 07:04:28 | Computer Name = Rohr-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 10.02.2013 07:04:31 | Computer Name = Rohr-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 10.02.2013 17:02:12 | Computer Name = Rohr-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?10.?02.?2013 um 21:59:27 unerwartet heruntergefahren.
 
Error - 10.02.2013 17:02:13 | Computer Name = Rohr-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 10.02.2013 17:02:21 | Computer Name = Rohr-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 11.02.2013 07:47:33 | Computer Name = Rohr-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 11.02.2013 07:47:36 | Computer Name = Rohr-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
 
< End of report >
         

--- --- ---

bHi,
du musst aufpassen, von wo du dein Zeug läds..

du hast dir am 10.05 noch holasearch instaliert.

otl fix

Fixen mit OTL

• Starte bitte die OTL.exe.
• Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code: Alles auswählenAufklappen

ATTFilter

:OTL
FF - prefs.js..browser.search.selectedEngine: "Hola Search"
[2013.05.10 16:43:07 | 000,001,304 | ---- | M] () -- C:\Users\Rohr\AppData\Roaming\mozilla\firefox\profiles\xtanz4ff.default\searchplugins\holasearch.xml
O3 - HKU\S-1-5-21-330010271-3606213368-2544051051-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
:files
:Commands
[emptytemp]
         

• Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
• Schließe bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
  ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
  Kopiere nun den Inhalt hier in Deinen Thread

Suchmaschinen verwalten - Google Chrome-Hilfe
alle suchmaschinen außer google löschen
bitte teste, ob es im Firefox, internet explorer, und sonstigen
evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt.
Teste wie pc und programme allgemein laufen.

All processes killed
========== OTL ==========
Prefs.js: "Hola Search" removed from browser.search.selectedEngine
C:\Users\Rohr\AppData\Roaming\mozilla\firefox\profiles\xtanz4ff.default\searchplugins\holasearch.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-330010271-3606213368-2544051051-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Rohr
->Temp folder emptied: 2855091 bytes
->Temporary Internet Files folder emptied: 9963741 bytes
->Java cache emptied: 725628 bytes
->FireFox cache emptied: 3317130 bytes
->Google Chrome cache emptied: 355304317 bytes
->Flash cache emptied: 840 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3648 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36081758 bytes
RecycleBin emptied: 162652 bytes

Total Files Cleaned = 390,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05142013_150051

Files\Folders moved on Reboot...
C:\Users\Rohr\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...