|  | 
| 
 | |||||||
| Log-Analyse und Auswertung: PC friert ein - am liebsten beim Firefox, aber auch sonst ganz gern...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. | 
|  28.07.2013, 05:38 | #1 | 
|  |   PC friert ein - am liebsten beim Firefox, aber auch sonst ganz gern... Moin Leute, erstmal schön, dass es dieses Forum gibt! Danke also schonmal dafür! :-) Bisher hab ich immer wenn es - für mich... - größere Probleme gab, meistens einfach formatiert und alles von vorne neu aufgezogen. Der Rechner war dann zwar wie neu, was nen ganz netten Effekt hatte, aber allein das formattieren dauert immer schon die halbe Nacht, vom Neuaufziehen mal noch abgesehen. Ich hab mir wohl wieder was eingefangen, aber vllt klappt's ja diesmal auch so...na, ich hoff's wenigstens!  Also. Vor ca. zwei Wochen fing es an, dass mein Rechner sich im Firefox aufgehangen hat, also eingefroren ist, kein Bluescreen oder ähnliches! Seitdem tut er es aber leider immer wieder, und das auch nicht seltener... Manchmal friert er auch "nur ne Minute" ein, dann geht es wieder so halbwegs, meistens hilft aber nur noch der Reset-Knopf. Wenn er einfriert, kann es sein, dass ich nach 20-30 Sekunden zwar die Maus wieder, zwar recht hakelig, aber immerhin noch bewegen kann, aber nicht mal der gute alte Win95 Affengriff oder die Num-Taste führen dann noch zu irgendeiner Reaktion, jedenfalls meistens. Sagen wir so in 96,79358% der Fälle?? so als Richtwert... Ach ja. Bei Spielen gibts (fast) keine Probleme. Zweimal ist mir jetzt glaub ich der PC nach dem Beenden von nem Spiel abgestürzt (Assassins Creed in DX10, DX9 aber kein Problem??), was aber auch an dem neuen GeForce-Treiber (320.xx?) liegen kann. War beide nach der Installation. Genaueres weiß ich aber nicht. So. Natürlich hab ich mich hier kurz eingelesen und defogger, OTL und GMER runtergeladen. Bei defogger gabs schon das erste Problem. Der hat nicht viel gemacht aber immerhin ne 1kb große .txt ausgespuckt. Jedoch gabs keine Fehlermeldung und das ganze hat gefühlte 0,013 Sekunden gedauert. Ich hab einfach mal wie geschrieben mit dem nächsten Punkt weitergemacht. Die Log's häng ich euch der besseren Übersichtlichkeit halber in einem extra Post weiter unten an. Ach ja, gmer hat was gefunden, warte aber lieber auf eure Antworten. Danke und Grüße BSA OTL.txtOTL Logfile: Code: 
  ATTFilter OTL logfile created on: 28.07.2013 05:55:28 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bijan\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,95 Gb Available Physical Memory | 73,90% Memory free 7,99 Gb Paging File | 6,89 Gb Available in Paging File | 86,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 49,96 Gb Total Space | 7,36 Gb Free Space | 14,74% Space Free | Partition Type: NTFS Drive D: | 150,08 Gb Total Space | 120,92 Gb Free Space | 80,57% Space Free | Partition Type: NTFS Drive E: | 500,00 Gb Total Space | 349,59 Gb Free Space | 69,92% Space Free | Partition Type: NTFS Drive J: | 4,49 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: GAMESTATION | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.28 05:27:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bijan\Desktop\OTL.exe PRC - [2013.07.01 22:12:34 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.07.01 22:12:00 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.07.01 22:12:00 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.06.21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2013.05.16 16:44:05 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe PRC - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.03.09 03:50:52 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.08.17 09:28:14 | 003,120,448 | ---- | M] (DT Soft Ltd) -- E:\Programme\DAEMON Tools Pro\DTShellHlp.exe PRC - [2010.04.22 19:23:54 | 009,919,104 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe PRC - [2010.03.16 18:22:40 | 005,309,056 | ---- | M] ( ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU\EPU.exe PRC - [2010.01.22 12:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.12.28 15:33:02 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe PRC - [2009.11.02 17:33:30 | 002,787,224 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe PRC - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe ========== Modules (No Company Name) ========== MOD - [2010.01.08 17:17:24 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\pngio.dll MOD - [2010.01.08 17:17:24 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll MOD - [2009.09.30 05:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll MOD - [2009.06.24 08:47:14 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV EVO\flashobj.dll MOD - [2009.04.22 20:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\ASUSSERVICE.DLL MOD - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe MOD - [2008.12.10 20:04:54 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV EVO\pngio.dll MOD - [2007.07.19 12:50:12 | 000,104,520 | ---- | M] () -- C:\Windows\SysWOW64\OSD.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.07.10 03:56:22 | 000,559,016 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.07.01 22:12:34 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.07.01 22:12:00 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.06.21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2013.05.29 12:26:04 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService) SRV - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.03.09 03:50:52 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.10.12 00:40:53 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.28 15:33:02 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.23 05:17:17 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.04.23 05:17:17 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.04.23 05:17:17 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.02.25 07:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.09.01 01:04:49 | 000,271,424 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.08.17 10:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2011.08.17 10:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2011.08.17 10:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2011.08.17 10:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.01.22 12:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.01.22 12:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.01.11 13:28:35 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 95 C6 F4 0E C0 87 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://ecosia.org/" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll (Simon Bünzli) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll (Simon Bünzli) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.16 02:25:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.31 23:34:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2012.08.31 23:38:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\33w41xg7.default\extensions [2012.08.31 23:34:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.12 00:40:54 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.12 00:40:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.12 00:40:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.12 00:40:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.12 00:40:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.12 00:40:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.12 00:40:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe (Razer USA Ltd) O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe ( ASUSTeK Computer Inc.) O4 - HKLM..\Run: [TurboV EVO] C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.) O4 - HKCU..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.) O4 - HKCU..\Run: [PcSync] C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - E:\Programme\MS Office 2003\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - E:\Programme\MS Office 2003\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programme\MS Office 2003\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.237.150.205 217.237.149.142 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{468F2084-9E76-4902-9EF1-D169A3C4DBAE}: DhcpNameServer = 217.237.150.205 217.237.149.142 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.12.31 15:58:42 | 000,000,044 | R--- | M] () - J:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.16 19:52:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Adobe [2013.07.15 22:17:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\NVIDIA [2013.07.15 22:15:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2013.07.15 20:34:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT [2013.06.30 13:38:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.06.30 13:38:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java ========== Files - Modified Within 30 Days ========== [2013.07.28 05:31:07 | 000,000,158 | ---- | M] () -- C:\Users\Admin\defogger_reenable [2013.07.28 05:19:10 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.28 05:19:10 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.28 05:11:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.28 05:11:41 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys [2013.07.15 22:16:51 | 000,001,351 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk [2013.07.15 22:13:43 | 001,589,154 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.07.15 22:13:43 | 000,696,556 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.15 22:13:43 | 000,651,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.15 22:13:43 | 000,147,852 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.15 22:13:43 | 000,120,806 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.15 22:13:33 | 001,588,974 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.15 20:25:29 | 000,367,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.07.01 22:12:40 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys ========== Files Created - No Company Name ========== [2013.07.28 05:31:07 | 000,000,158 | ---- | C] () -- C:\Users\Admin\defogger_reenable [2013.07.15 22:16:51 | 000,001,351 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk [2013.07.15 22:12:14 | 001,589,154 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.04.16 02:16:55 | 000,000,086 | ---- | C] () -- C:\Windows\Maris.ini [2013.03.09 03:48:02 | 000,298,280 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.03.09 03:47:55 | 003,360,624 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2013.03.09 03:47:55 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.02.28 01:47:25 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2012.09.05 23:11:22 | 000,001,872 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\ImperatorProfile0.dat [2012.08.31 20:39:22 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2012.08.31 20:39:22 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2012.08.31 20:39:20 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2012.08.31 20:39:20 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2012.08.31 20:26:58 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.08.31 20:26:52 | 000,031,387 | ---- | C] () -- C:\Windows\Ascd_tmp.ini ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.09.01 01:10:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Pro [2013.03.12 22:25:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Datalayer [2013.03.12 21:27:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nokia [2013.03.12 22:20:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PC Suite [2013.05.15 12:00:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Play withSIX [2013.04.10 21:07:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SumatraPDF [2013.06.14 01:53:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer [2012.09.09 11:53:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Xilisoft ========== Purity Check ========== < End of report > _____________________________________________ Extras.txt OTL Logfile: Code: 
  ATTFilter OTL Extras logfile created on: 28.07.2013 05:55:28 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Bijan\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,95 Gb Available Physical Memory | 73,90% Memory free
7,99 Gb Paging File | 6,89 Gb Available in Paging File | 86,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 49,96 Gb Total Space | 7,36 Gb Free Space | 14,74% Space Free | Partition Type: NTFS
Drive D: | 150,08 Gb Total Space | 120,92 Gb Free Space | 80,57% Space Free | Partition Type: NTFS
Drive E: | 500,00 Gb Total Space | 349,59 Gb Free Space | 69,92% Space Free | Partition Type: NTFS
Drive J: | 4,49 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: GAMESTATION | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05055906-3B1F-41B4-9528-DEDB6806CCDA}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\supercratebox\supercratebox.exe | 
"{08AD684D-FF58-4227-8E6A-26CB539788A6}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\sniper ghost warrior\sniper_x86.exe | 
"{0F7FD40B-F58A-4AEA-A88A-B3072273FBF9}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{15C1F1F2-4D9B-44F8-B652-6D459706DC86}" = protocol=17 | dir=in | app=e:\spiele\bohemia interactive\arma2oa.exe | 
"{17D6266E-460F-4C65-8598-C47F67191B92}" = protocol=17 | dir=in | app=e:\spiele\stronghold\stronghold.exe | 
"{2AABDFEC-10BA-4320-B28C-52BFEE4E60AB}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\stronghold kingdoms\strongholdkingdoms.exe | 
"{34A7517E-39FF-43FF-9479-8A3FCF2E47B1}" = protocol=6 | dir=in | app=e:\spiele\bohemia interactive\arma2oa.exe | 
"{4196B395-5073-4BD3-91BE-256ACFC7D2F6}" = protocol=17 | dir=in | app=e:\spiele\assassin's creed\assassinscreed_dx9.exe | 
"{465FB5AF-438F-4101-A092-9E67D065E135}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{487CE372-152B-48D3-898B-5138A8628476}" = protocol=6 | dir=in | app=e:\spiele\stronghold ii\stronghold2.exe | 
"{489329B2-C2F6-4699-AE6A-3D463DFAFACE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{4B3F82F4-3573-4F93-804F-8FE7E7C301E1}" = protocol=6 | dir=in | app=e:\spiele\bohemia interactive\arma2.exe | 
"{5005B295-37A3-4EF0-B1F6-A6EC83313024}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2006\agent.exe | 
"{5041EF2F-1C10-494B-964A-ACA63F6B7748}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{511BF186-8642-4BFB-A521-665C005623AE}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\america's army 3\binaries\aa3loader.exe | 
"{514A735B-DE72-460D-89F4-FD8A116FD1AD}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\stronghold kingdoms\strongholdkingdoms.exe | 
"{527E52BE-D98E-41DD-B974-9CEBE7B1A944}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{54C2F5B6-743D-4362-93E4-DF8A5F6A294F}" = protocol=6 | dir=in | app=e:\spiele\stronghold\stronghold.exe | 
"{55E67003-326C-4638-9D81-FBED8E9F98C7}" = protocol=6 | dir=in | app=e:\spiele\starcraft ii\starcraft ii public test.exe | 
"{57846F85-912A-4A5A-AC1A-FDEED9871290}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{5B7A2B59-C419-4407-9907-63ED2E3AC9A8}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\america's army 3\binaries\aa3loader.exe | 
"{5C1D54AD-6B22-4414-9D29-D9532E490964}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{63663A72-FDE7-47EE-8D48-4FB9124BDB07}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{69C541EE-CD71-42FC-BADC-B170FB351B11}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{7226B157-C920-4690-937A-A185DEDAD064}" = protocol=17 | dir=in | app=e:\spiele\assassin's creed\assassinscreed_launcher.exe | 
"{796E4B87-AC54-4C54-8509-2B6FF881B4C9}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{7D0E2496-76E7-422C-9876-988B37B70A05}" = protocol=17 | dir=in | app=e:\spiele\assassin's creed\assassinscreed_dx10.exe | 
"{7EC3E92F-5FD6-4528-96FE-A546B5EB555B}" = protocol=6 | dir=in | app=e:\spiele\assassin's creed\assassinscreed_dx10.exe | 
"{8273269E-0899-455D-A50A-A21FBC07EF24}" = protocol=6 | dir=in | app=e:\spiele\starcraft ii\starcraft ii.exe | 
"{83999E0A-2B49-4109-B42F-4549728C1DE2}" = protocol=17 | dir=in | app=e:\spiele\starcraft ii\starcraft ii.exe | 
"{89583BFD-C6BE-40D7-B247-B654FCD92EE2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2006\agent.exe | 
"{97A70F57-B236-4E88-B24A-0023B53406AE}" = protocol=6 | dir=in | app=e:\spiele\assassin's creed\assassinscreed_launcher.exe | 
"{A0AB365C-25C1-4EBD-A799-7B774C86AF81}" = protocol=17 | dir=in | app=e:\spiele\steam\steam.exe | 
"{A0AE778B-0B32-4B2F-92FE-78DF71D89A49}" = protocol=6 | dir=in | app=e:\spiele\assassin's creed\assassinscreed_dx9.exe | 
"{A71793E0-4B86-4636-BAEF-9CB4DF410E78}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\supercratebox\supercratebox.exe | 
"{A9A5349B-9F64-4FC1-BB1D-6F99F082184B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{AE944776-D759-4654-A8A5-70C805AF79D1}" = protocol=17 | dir=in | app=e:\spiele\bohemia interactive\arma2.exe | 
"{B5C710D2-C5B8-4673-918E-C5B53D445933}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\moon breakers\mb.exe | 
"{BAC76A90-ABDB-4E92-A9B8-8CA10E394778}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\sniper ghost warrior\sniper_x86.exe | 
"{C2D49B3B-ABC9-4D4F-A938-6FC124B62FF9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{C444451A-AFB0-41F4-B85E-F257689036FC}" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\jagged alliance online\jao.exe | 
"{C7CEB99C-EB8E-4655-8321-841C9483A3F6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{C90FD20B-561B-437E-BA9D-57316FC1D94C}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\jagged alliance online\jao.exe | 
"{D75B4FCB-6BF7-4CA6-8CF3-B790C41951CC}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{D803F371-675A-4C29-8AFF-F4793527FC5F}" = protocol=6 | dir=in | app=e:\spiele\steam\steam.exe | 
"{D954BD80-3815-4CB9-9A1A-796FD5C66EEF}" = protocol=17 | dir=in | app=e:\spiele\starcraft ii\starcraft ii public test.exe | 
"{DF2A69D2-E7D4-4E0E-AB66-53975605CAF8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{E3C5AE24-7F8C-4C76-8302-3356F42FBAC2}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\moon breakers\mb.exe | 
"{E3F6D53C-E2C7-4FB1-B869-6B42246D1341}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{E6B02987-EBEE-48E6-B1A4-5707EF6AEE80}" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{EECE132E-FBB0-4578-A76E-FA6C0F8FC109}" = protocol=17 | dir=in | app=e:\spiele\stronghold ii\stronghold2.exe | 
"{F6DA628F-17AA-46BD-8ED2-C713EB4979E1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{07F0B19C-17D4-4D22-953D-6A030419554C}E:\spiele\bohemia interactive\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=e:\spiele\bohemia interactive\expansion\beta\arma2oa.exe | 
"TCP Query User{19AF73A2-0B64-4B11-B506-BEFADF026E4F}C:\users\bijan\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\bijan\appdata\local\temp\gw2.exe | 
"TCP Query User{217A4891-7490-431F-A3D2-749A399A6884}E:\spiele\arma 2 _ mods_dir (six)\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=e:\spiele\arma 2 _ mods_dir (six)\expansion\beta\arma2oa.exe | 
"TCP Query User{32DC8DB2-C458-4F74-8824-1AC86CC4E204}D:\source\fsx.exe" = protocol=6 | dir=in | app=d:\source\fsx.exe | 
"TCP Query User{5E03BE82-B065-4A95-B20A-676581F9CB88}E:\spiele\company of heroes - tales of valor\reliccoh.exe" = protocol=6 | dir=in | app=e:\spiele\company of heroes - tales of valor\reliccoh.exe | 
"TCP Query User{690D8E98-652A-4ED7-A0BF-CC60E7F77C70}C:\programdata\battle.net\agent\agent.1737\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"TCP Query User{75CC364F-36B7-4E7B-BC3C-A3E2E537AE3C}E:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"TCP Query User{83A52153-8BD1-445A-8EA5-EC1B0E32F127}E:\spiele\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=e:\spiele\starcraft ii\versions\base23260\sc2.exe | 
"TCP Query User{8ACF7E66-F831-4084-B7C4-57C06D57D3D6}E:\spiele\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=e:\spiele\starcraft ii\versions\base22612\sc2.exe | 
"TCP Query User{91735AB0-47DC-44C5-816B-D418718D33E1}C:\users\bijan\appdata\local\play withsix\tools\mingw\bin\rsync.exe" = protocol=6 | dir=in | app=c:\users\bijan\appdata\local\play withsix\tools\mingw\bin\rsync.exe | 
"TCP Query User{AD0C2B48-A45B-482C-84EF-8E9CCB71E85B}E:\spiele\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | 
"TCP Query User{B6464E5C-63F2-4A3A-8C93-FA255CB23F70}C:\users\bijan\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\users\bijan\documents\arma 2\expansion\beta\arma2oa.exe | 
"TCP Query User{C06C4857-693B-432A-BF1A-9E595ED42F99}E:\spiele\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=e:\spiele\guild wars 2\gw2.exe | 
"TCP Query User{E4DF9F51-E466-47DA-87C2-DDE88F665A28}E:\spiele\company of heroes - tales of valor\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=e:\spiele\company of heroes - tales of valor\relicdownloader\relicdownloader.exe | 
"TCP Query User{FCDD597A-529B-49AD-8129-A742925107F3}E:\spiele\steam\steamapps\common\america's army 3\binaries\aa3game.exe" = protocol=6 | dir=in | app=e:\spiele\steam\steamapps\common\america's army 3\binaries\aa3game.exe | 
"TCP Query User{FCFDBA0E-AEEE-4F25-81F8-F4C353D25DA2}E:\spiele\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=e:\spiele\starcraft ii\versions\base24944\sc2.exe | 
"UDP Query User{1A1AEE5D-FCAD-43B1-A792-E75F5025A04F}C:\users\bijan\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\bijan\appdata\local\temp\gw2.exe | 
"UDP Query User{2A1E2268-093F-4E45-93C4-8BB0C3259FE6}E:\spiele\company of heroes - tales of valor\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=e:\spiele\company of heroes - tales of valor\relicdownloader\relicdownloader.exe | 
"UDP Query User{347CBC26-CBAF-4459-B29B-7CD472534D98}E:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"UDP Query User{40EEE6E7-01CF-4C39-B988-1E5F82AAA82C}E:\spiele\steam\steamapps\common\america's army 3\binaries\aa3game.exe" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\america's army 3\binaries\aa3game.exe | 
"UDP Query User{42FB37FA-583A-4EEA-BD74-9E18D2526DF0}C:\users\bijan\appdata\local\play withsix\tools\mingw\bin\rsync.exe" = protocol=17 | dir=in | app=c:\users\bijan\appdata\local\play withsix\tools\mingw\bin\rsync.exe | 
"UDP Query User{5D36A72F-B2D8-40F6-B5EE-C0152A39FF06}E:\spiele\company of heroes - tales of valor\reliccoh.exe" = protocol=17 | dir=in | app=e:\spiele\company of heroes - tales of valor\reliccoh.exe | 
"UDP Query User{8C024C9D-F86C-457F-B6AF-B2E0C9F24F33}E:\spiele\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=e:\spiele\guild wars 2\gw2.exe | 
"UDP Query User{9FE22296-600F-41D0-BD49-21B5D938D235}D:\source\fsx.exe" = protocol=17 | dir=in | app=d:\source\fsx.exe | 
"UDP Query User{A3569D37-37EF-4CF0-8E5B-D8A47518FCA0}E:\spiele\arma 2 _ mods_dir (six)\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=e:\spiele\arma 2 _ mods_dir (six)\expansion\beta\arma2oa.exe | 
"UDP Query User{AA863804-12D5-4D3E-93F0-B08F31A9D64B}C:\users\bijan\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\users\bijan\documents\arma 2\expansion\beta\arma2oa.exe | 
"UDP Query User{AD2C66B3-535D-401B-9AF6-C7E29F4DD6E7}E:\spiele\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=e:\spiele\starcraft ii\versions\base22612\sc2.exe | 
"UDP Query User{AF70301F-8481-4115-9229-5CCF0CF337BA}E:\spiele\bohemia interactive\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=e:\spiele\bohemia interactive\expansion\beta\arma2oa.exe | 
"UDP Query User{C16D317C-B836-484D-A5F7-C3D050E992DF}E:\spiele\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=e:\spiele\starcraft ii\versions\base23260\sc2.exe | 
"UDP Query User{CEE3A5A6-3063-48EC-85F7-0D1203A90C7D}E:\spiele\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=e:\spiele\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | 
"UDP Query User{E4B67CD0-501E-4C96-B842-2180DC8D54C2}E:\spiele\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=e:\spiele\starcraft ii\versions\base24944\sc2.exe | 
"UDP Query User{EE718DAE-E007-4CB4-8FDA-08172508F01E}C:\programdata\battle.net\agent\agent.1737\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.13.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}" = NVIDIA PhysX
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E3AA543-09D7-401E-9DF2-2591D24C7C49}" = Addon Sync 2009
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{A1E1A376-49D4-4960-8599-D5D26A4C2E7B}" = Razer Imperator
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D7F3EEAD-183C-47DE-BDC5-593539573F97}" = Play withSIX
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"ArmA 2" = ArmA 2 Uninstall
"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.83
"Avira AntiVir Desktop" = Avira Free Antivirus
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Blitzkrieg" = Blitzkrieg Anthology: Blitzkrieg
"Company of Heroes" = Company of Heroes
"DAEMON Tools Pro" = DAEMON Tools Pro
"FlightSim_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration
"Guild Wars 2" = Guild Wars 2
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"Jagged Alliance 2" = Jagged Alliance 2
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MySSID_is1" = EXPERTool 7.21
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"QuickTime" = QuickTime
"RedShift Sternenkunde" = RedShift Sternenkunde
"RTMshadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X
"SP1shadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X Service Pack 1
"StarCraft II" = StarCraft II
"Steam App 13140" = America's Army 3
"Steam App 208030" = Moon Breakers
"Steam App 212800" = Super Crate Box
"Steam App 218450" = Jagged Alliance Online - Steam Edition
"Steam App 22380" = Fallout: New Vegas
"Steam App 34830" = Sniper: Ghost Warrior
"Steam App 47410" = Stronghold Kingdoms
"Steam App 550" = Left 4 Dead 2
"Steam App 65800" = Dungeon Defenders
"SumatraPDF" = SumatraPDF
"VLC media player" = VLC media player 1.1.4
"Xilisoft Video Converter Ultimate 6" = Xilisoft Video Converter Ultimate 6
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.06.2013 18:03:46 | Computer Name = GameStation | Source = Application Error | ID = 1000
Error - 13.06.2013 18:56:41 | Computer Name = GameStation | Source = Application
 Error | ID = 1000
 
Error - 13.06.2013 19:28:41 | Computer Name = GameStation | Source = .NET Runtime | ID = 1023
Description = 
 
Error - 13.06.2013 19:28:41 | Computer Name = GameStation | Source = Application Error | ID = 1000
Error - 18.06.2013 10:31:55 | Computer Name = GameStation | Source = Application
 Hang | ID = 1002
 
Description = Programm firefox.exe, Version 16.0.1.4666 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 95c
Startzeit: 01ce6c30363dae62
Endzeit: 81
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: ce8f31e3-d823-11e2-8191-485b39b5b827
Error - 23.06.2013 22:49:44 | Computer Name = GameStation | Source = Application
 Error | ID = 1000
 
Description = Name der fehlerhaften Anwendung: arma2oa.exe, Version: 1.62.103.718, Zeitstempel: 0x5168264d
Name des fehlerhaften Moduls: arma2oa.exe, Version: 1.62.103.718, Zeitstempel: 0x5168264d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x002e45af
ID des fehlerhaften Prozesses: 0x2d8
Startzeit der fehlerhaften Anwendung: 0x01ce7073aba0e612
Pfad der fehlerhaften Anwendung: E:\Spiele\ArmA 2 _ Mods_dir (SIX)\expansion\beta\arma2oa.exe
Pfad des fehlerhaften Moduls: E:\Spiele\ArmA 2 _ Mods_dir (SIX)\expansion\beta\arma2oa.exe
Berichtskennung: b8f37ba2-dc78-11e2-a7bf-485b39b5b827
Error - 25.06.2013 15:10:08 | Computer Name = GameStation | Source = Application
 Error | ID = 1000
 
Description = Name der fehlerhaften Anwendung: Arma2OA.exe, Version: 1.62.103.419, Zeitstempel: 0x515005ab
Name des fehlerhaften Moduls: Arma2OA.exe, Version: 1.62.103.419, Zeitstempel: 0x515005ab
Ausnahmecode: 0xc0000005
Fehleroffset: 0x002e48af
ID des fehlerhaften Prozesses: 0xccc
Startzeit der fehlerhaften Anwendung: 0x01ce71cbf34dd152
Pfad der fehlerhaften Anwendung: E:\Spiele\Bohemia Interactive\expansion\beta\Arma2OA.exe
Pfad des fehlerhaften Moduls: E:\Spiele\Bohemia Interactive\expansion\beta\Arma2OA.exe
Berichtskennung: d94471cc-ddca-11e2-a1e9-485b39b5b827
Error - 15.07.2013 14:28:44 | Computer Name = GameStation | Source = MsiInstaller
 | ID = 1013
 
Description = 
Error - 15.07.2013 16:05:24 | Computer Name = GameStation | Source = Application
 Error | ID = 1000
 
Description = Name der fehlerhaften Anwendung: rundll32.exe_NvUpdt.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc9e0
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0x40000015
Fehleroffset: 0x000000000002a84e
ID des fehlerhaften Prozesses: 0x8f4
Startzeit der fehlerhaften Anwendung: 0x01ce81969fa401b8
Pfad der fehlerhaften Anwendung: C:\Windows\System32\rundll32.exe
Pfad des fehlerhaften Moduls: C:\Windows\system32\msvcrt.dll
Berichtskennung: e1dd8870-ed89-11e2-a70e-485b39b5b827
Error - 21.07.2013 20:05:07 | Computer Name = GameStation | Source = Application
 Error | ID = 1000
 
Description = Name der fehlerhaften Anwendung: AssassinsCreed_Dx10.exe, Version: 1.0.2.1, Zeitstempel: 0x48067113
Name des fehlerhaften Moduls: gameux.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4ce7b808
Ausnahmecode: 0xc0000005
Fehleroffset: 0x6c206f6f
ID des fehlerhaften Prozesses: 0xe10
Startzeit der fehlerhaften Anwendung: 0x01ce86610130d3f6
Pfad der fehlerhaften Anwendung: E:\Spiele\Assassin's Creed\AssassinsCreed_Dx10.exe
Pfad des fehlerhaften Moduls: gameux.dll
Berichtskennung: 5d47a8c5-f262-11e2-b6c1-485b39b5b827
Error - 24.07.2013 16:27:20 | Computer Name = GameStation | Source = Application
 Error | ID = 1000
 
Description = Name der fehlerhaften Anwendung: Arma2OA.exe, Version: 1.62.103.419, Zeitstempel: 0x515005ab
Name des fehlerhaften Moduls: Arma2OA.exe, Version: 1.62.103.419, Zeitstempel: 0x515005ab
Ausnahmecode: 0xc0000005
Fehleroffset: 0x002e48af
ID des fehlerhaften Prozesses: 0x43c
Startzeit der fehlerhaften Anwendung: 0x01ce88a5b1439efb
Pfad der fehlerhaften Anwendung: E:\Spiele\Bohemia Interactive\expansion\beta\Arma2OA.exe
Pfad des fehlerhaften Moduls: E:\Spiele\Bohemia Interactive\expansion\beta\Arma2OA.exe
Berichtskennung: 706cf180-f49f-11e2-aa1f-485b39b5b827
Error - 25.07.2013 18:40:32 | Computer Name = GameStation | Source = Application
 Error | ID = 1000
 
Description = Name der fehlerhaften Anwendung: Arma2OA.exe, Version: 1.62.103.419, Zeitstempel: 0x515005ab
Name des fehlerhaften Moduls: Arma2OA.exe, Version: 1.62.103.419, Zeitstempel: 0x515005ab
Ausnahmecode: 0xc0000005
Fehleroffset: 0x002e48af
ID des fehlerhaften Prozesses: 0x958
Startzeit der fehlerhaften Anwendung: 0x01ce896bca364b56
Pfad der fehlerhaften Anwendung: E:\Spiele\Bohemia Interactive\expansion\beta\Arma2OA.exe
Pfad des fehlerhaften Moduls: E:\Spiele\Bohemia Interactive\expansion\beta\Arma2OA.exe
Berichtskennung: 3656d0ca-f57b-11e2-8255-485b39b5b827
 
Error encountered while reading event logs.
 
< End of report >
         _____________________________________________ gmer.txt GMER Logfile: Code: 
  ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-28 06:22:56
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDS721010CLA332 rev.JP4OA3EA 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Admin\AppData\Local\Temp\kgloypow.sys
---- User code sections - GMER 2.1 ----
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1908] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322          0000000071f71a22 2 bytes [F7, 71]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1908] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496          0000000071f71ad0 2 bytes [F7, 71]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1908] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552          0000000071f71b08 2 bytes [F7, 71]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1908] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730          0000000071f71bba 2 bytes [F7, 71]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1908] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762          0000000071f71bda 2 bytes [F7, 71]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075451465 2 bytes [45, 75]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000754514bb 2 bytes [45, 75]
.text  ...                                                                                              * 2
---- EOF - GMER 2.1 ----
         _____________________________________________ ____________________ENDE_____________________ | 
| Themen zu PC friert ein - am liebsten beim Firefox, aber auch sonst ganz gern... | 
| 7-zip, adobe reader xi, aufgehangen, battle.net, beenden, bluescreen, einfach, eingefangen, fehlermeldung, firefox, forum, friert, friert ein, gmer, install.exe, kein bluescreen, leute, log, log's, maus, neu, neue, neuen, pc friert ein, plug-in, probleme, reaktion, rechner, recht, sekunden, spiele, spielen, tiere, win |