Plagegeister aller Art und deren Bekämpfung: Verdächte Cpu Last nach Beendigung von Spiel

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.
| ![]() Verdächte Cpu Last nach Beendigung von Spiel Hallo, folgende Situation: seit kurzem starte ich Assassins Creed III, spiele wenige Sekunden...Und plötzlich werden aus 40 fps nur 15 und die core 2+3 (angefangen bei core 0) schießen auf maximum. Solbald dies geschieht verabschiedet sich auch der Sound. Wenn ich das Spiel beende bleibt die cpu auslastung der beiden letzten kerne immer noch so hoch und der sound ist weg. Erst ein Neustart bringt wieder sound und normale cpu last. Verzeiht bitte Fehler, ich bin neu :-) MfG MrSlainkoenig |
Verdächte Cpu Last nach Beendigung von Spiel

Hallo,
__________________dieses Spiel verursacht auf vielen PCs massive Probleme, auf meinem eigenen läuft es beispielswiese erstmal gar nicht. Ich würde also nicht davon ausgehen, dass es mit einem Schädling zu tun hat. Wenn du dir nicht sicher bist, können wir uns das einmal anschauen: Um eine genauere Analyse zu ermöglichen, befolge bitte diesen Link: An alle Hilfesuchenden! Was muss ich vor Eröffnung eines Themas beachten? Hinweis: Poste die erstellten Logfiles hier in deinem Thema - erstelle kein neues! Falls bereits installierte Antivirensoftware Funde gemeldet hat: Füge unbedingt die entsprechenden Logdateien bei!
| ![]() Verdächte Cpu Last nach Beendigung von Spiel Ok Danke. Sobald ich zuhause bin werde ich die logs ergänzen.
__________________Hab hier 2 Screenshots, welche während des Problems erstellt wurden. Bild 1 ![]() Bild 2 ![]() Zu erwähnen: Der Fehler hatte zu Release von ACIII noch nicht existiert. Erst seit einigen Tagen. |
/// Malwareteam ![]() ![]() ![]() ![]() | ![]() Verdächte Cpu Last nach Beendigung von Spiel Ich kann dir helfen, das System auf Malware zu prüfen und diese ggf. zu entfernen. Wenn danach das Problem noch immer besteht, musst du dich an den Support von ubisoft wenden. ![]()
| ![]() Verdächte Cpu Last nach Beendigung von Spiel Ok, hier sind OTL.txt sowie extras.txt Ich habe die OTL analyse ausgeführt während der Fehler bestand. OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.11.2012 17:09:52 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Ghislain\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 4,53 Gb Available Physical Memory | 75,58% Memory free 12,00 Gb Paging File | 10,46 Gb Available in Paging File | 87,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,24 Gb Total Space | 9,91 Gb Free Space | 8,31% Space Free | Partition Type: NTFS Drive E: | 465,76 Gb Total Space | 441,02 Gb Free Space | 94,69% Space Free | Partition Type: NTFS Drive F: | 1863,01 Gb Total Space | 640,31 Gb Free Space | 34,37% Space Free | Partition Type: NTFS Computer Name: GHISLAIN-PC | User Name: Ghislain | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.29 17:09:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ghislain\Desktop\OTL.exe PRC - [2012.11.28 18:27:19 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.11.22 10:13:59 | 001,259,880 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.11.21 18:27:16 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.09.26 22:08:08 | 000,336,896 | ---- | M] (AVM Berlin) -- C:\Users\Ghislain\AppData\Local\Apps\2.0\TYVDYYY2.J5Y\7NKNKJTR.CG3\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe PRC - [2012.09.20 06:44:16 | 000,296,392 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\\ccSvcHst.exe PRC - [2010.07.07 19:33:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe PRC - [2010.07.07 19:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe PRC - [2010.02.12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe ========== Modules (No Company Name) ========== MOD - [2012.11.15 18:29:05 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll MOD - [2012.11.15 18:28:45 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll MOD - [2012.11.15 18:28:36 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012.11.15 18:28:31 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012.11.15 18:28:30 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll MOD - [2012.11.15 18:28:30 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\f2fb3f4856c403795db6db3f354f1f0b\System.Deployment.ni.dll MOD - [2012.11.15 18:28:23 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll MOD - [2012.11.15 18:28:19 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll MOD - [2012.11.15 18:28:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012.11.15 18:28:16 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012.11.15 18:28:13 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2012.09.26 22:07:59 | 000,368,640 | ---- | M] () -- C:\Users\Ghislain\AppData\Local\Apps\2.0\TYVDYYY2.J5Y\7NKNKJTR.CG3\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.DLL MOD - [2012.01.08 14:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\\mscorlib.resources.dll MOD - [2009.07.14 18:58:23 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\\PresentationFramework.resources.dll MOD - [2009.06.29 09:54:08 | 000,164,864 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL MOD - [2007.09.13 17:05:22 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIGER.DLL ========== Services (SafeList) ========== SRV - [2012.11.28 18:27:19 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.11.24 19:46:15 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.11.22 10:13:59 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.11.21 18:27:16 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.31 17:04:22 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.09.18 21:13:50 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\\ccSvcHst.exe -- (NIS) SRV - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2011.09.14 21:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0) SRV - [2011.09.08 16:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen) SRV - [2011.09.08 16:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.02.12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.24 16:22:00 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012.10.09 19:31:14 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2012.09.26 22:08:05 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmaudio.sys -- (avmaudio) DRV:64bit: - [2012.09.22 20:06:41 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.07.06 03:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2012.07.06 03:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtsp64.sys -- (SRTSP) DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.06.07 05:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ccsetx64.sys -- (ccSet_NIS) DRV:64bit: - [2012.05.22 02:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symefa64.sys -- (SymEFA) DRV:64bit: - [2012.04.18 03:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symnets.sys -- (SymNetS) DRV:64bit: - [2012.04.18 02:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ironx64.sys -- (SymIRON) DRV:64bit: - [2012.03.26 13:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.17 16:45:56 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symds64.sys -- (SymDS) DRV:64bit: - [2011.09.08 16:49:26 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter) DRV:64bit: - [2011.09.08 16:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.04.20 02:07:48 | 001,930,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 04:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 02:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.22 01:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2010.10.22 01:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2010.07.07 21:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k) DRV:64bit: - [2010.07.07 21:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k) DRV:64bit: - [2010.07.07 21:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia) DRV:64bit: - [2010.07.07 21:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k) DRV:64bit: - [2010.07.07 21:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k) DRV:64bit: - [2010.07.07 21:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv) DRV:64bit: - [2010.07.07 21:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) DRV:64bit: - [2010.07.07 21:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k) DRV:64bit: - [2010.07.07 21:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS) DRV:64bit: - [2010.07.07 21:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX) DRV:64bit: - [2010.07.07 21:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS) DRV:64bit: - [2010.07.07 21:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT) DRV:64bit: - [2010.07.07 21:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS) DRV:64bit: - [2010.07.07 21:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT) DRV:64bit: - [2010.03.19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan) DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 21:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012.11.28 17:35:10 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20121128.003\ex64.sys -- (NAVEX15) DRV - [2012.11.28 17:35:10 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012.11.28 17:35:10 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20121128.003\eng64.sys -- (NAVENG) DRV - [2012.11.24 16:26:36 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012.11.23 16:37:34 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20121127.001\IDSviA64.sys -- (IDSVia64) DRV - [2012.11.06 23:54:56 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20121106.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EB A0 EC D4 73 CA CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10 FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}: FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&crg=3.1010000.10025&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version= C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ghislain\AppData\Local\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ghislain\AppData\Local\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\IPSFFPlgn\ [2012.11.24 16:22:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\coFFPlgn\ [2012.11.29 16:55:18 | 000,000,000 | ---D | M] [2012.10.02 11:27:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ghislain\AppData\Roaming\mozilla\Extensions [2012.10.22 18:53:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ghislain\AppData\Roaming\mozilla\Firefox\Profiles\l51apgtx.default\extensions [2012.10.10 21:17:00 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Ghislain\AppData\Roaming\mozilla\Firefox\Profiles\l51apgtx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.10.10 21:22:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ghislain\AppData\Roaming\mozilla\Firefox\Profiles\l51apgtx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.10.10 21:22:47 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Ghislain\AppData\Roaming\mozilla\Firefox\Profiles\l51apgtx.default\extensions\ich@maltegoetz.de [2012.10.22 18:53:56 | 000,169,792 | ---- | M] () (No name found) -- C:\Users\Ghislain\AppData\Roaming\mozilla\firefox\profiles\l51apgtx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012.10.20 15:08:18 | 000,003,915 | ---- | M] () -- C:\Users\Ghislain\AppData\Roaming\mozilla\firefox\profiles\l51apgtx.default\searchplugins\sweetim.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ghislain\AppData\Local\Google\Chrome\Application\23.0.1271.91\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Ghislain\AppData\Local\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ghislain\AppData\Local\Google\Chrome\Application\23.0.1271.91\pdf.dll CHR - plugin: SweetIM GC Helper (Enabled) = C:\Users\Ghislain\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\\mgHelperGCFB.dll CHR - plugin: Norton Confidential (Enabled) = C:\Users\Ghislain\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Ghislain\AppData\Local\Google\Update\\npGoogleUpdate3.dll CHR - plugin: Java Deployment Toolkit (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: YouTube = C:\Users\Ghislain\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Ghislain\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\\ CHR - Extension: AdBlock = C:\Users\Ghislain\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.47_0\ CHR - Extension: SweetIM for Facebook = C:\Users\Ghislain\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\\ CHR - Extension: Norton Identity Protection = C:\Users\Ghislain\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\ CHR - Extension: Google Mail = C:\Users\Ghislain\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: YouTube = C:\Users\Ghislain\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Ghislain\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\\ CHR - Extension: AdBlock = C:\Users\Ghislain\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.47_0\ CHR - Extension: SweetIM for Facebook = C:\Users\Ghislain\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\\ CHR - Extension: Norton Identity Protection = C:\Users\Ghislain\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\ CHR - Extension: Google Mail = C:\Users\Ghislain\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2012.10.01 15:32:35 | 000,000,911 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: lmlicenses.wip4.adobe.com O1 - Hosts: lm.licenses.adobe.com O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\Ghislain\AppData\Local\Apps\2.0\TYVDYYY2.J5Y\7NKNKJTR.CG3\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Ghislain\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ghislain\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Ghislain\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ghislain\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{289A480B-642C-4B2D-AE31-EDDD41DEEA58}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46BCEBDE-E5D3-4C31-A563-395F79396F74}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8373F2A4-51B9-408A-B17D-A5EB9A76C862}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89D84CAC-7319-4026-B674-4BA822475462}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCE388BA-5C4D-46EC-B8AE-083554EA2FDD}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E069E0EC-1587-4B77-9E7D-FF803303EB24}: DhcpNameServer = O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{295770f4-0107-11e2-b18a-001966c15529}\Shell - "" = AutoRun O33 - MountPoints2\{295770f4-0107-11e2-b18a-001966c15529}\Shell\AutoRun\command - "" = H:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.29 17:09:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ghislain\Desktop\OTL.exe [2012.11.28 18:53:27 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\AppData\Roaming\Theta [2012.11.28 18:37:04 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\Desktop\ACIII ORGINAL [2012.11.28 17:58:43 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft [2012.11.28 17:37:09 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\Desktop\54 [2012.11.27 22:11:14 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\Documents\My Games [2012.11.27 22:11:14 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\AppData\Local\FLT [2012.11.27 22:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters [2012.11.27 22:05:47 | 001,306,624 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll [2012.11.27 22:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound [2012.11.27 22:05:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS [2012.11.27 22:01:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DiRT Showdown [2012.11.27 18:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Orbit [2012.11.27 18:43:13 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\Desktop\Assassin's Creed III [2012.11.27 18:15:08 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\AppData\Roaming\MAXON [2012.11.24 19:14:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA 3D Vision driver [2012.11.24 19:14:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2012.11.24 18:33:21 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\Desktop\Resources [2012.11.24 18:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID [2012.11.24 18:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID [2012.11.24 16:57:28 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\AppData\Local\CrashDumps [2012.11.24 16:36:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2012.11.24 16:26:27 | 001,129,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symefa64.sys [2012.11.24 16:26:27 | 000,737,952 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtsp64.sys [2012.11.24 16:26:27 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symds64.sys [2012.11.24 16:26:27 | 000,405,624 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symnets.sys [2012.11.24 16:26:27 | 000,190,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ironx64.sys [2012.11.24 16:26:27 | 000,167,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ccsetx64.sys [2012.11.24 16:26:27 | 000,037,536 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtspx64.sys [2012.11.24 16:26:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1309000.009 [2012.11.24 16:22:00 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2012.11.24 16:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2012.11.24 16:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2012.11.24 16:21:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64 [2012.11.24 16:21:47 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security [2012.11.24 16:21:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security [2012.11.24 16:21:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2012.11.24 16:21:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2012.11.24 16:21:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2012.11.22 22:53:19 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.11.22 15:55:18 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan [2012.11.22 15:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan [2012.11.22 15:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan [2012.11.22 14:14:48 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.11.22 14:14:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.11.22 14:14:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.11.19 22:53:39 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\Documents\Assassin's Creed III [2012.11.19 19:46:39 | 000,000,000 | -H-D | C] -- C:\Users\Ghislain\Documents\Freemake_do_not_remove_this_folder634889511993448593 [2012.11.16 21:41:37 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner [2012.11.16 21:41:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner [2012.11.15 19:54:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader 2 [2012.11.15 19:54:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\i4j_jres [2012.11.15 18:56:18 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\AppData\Roaming\redsn0w [2012.11.15 18:14:34 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2012.11.15 18:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2012.11.11 19:26:01 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\AppData\Roaming\vlc [2012.11.11 19:25:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2012.11.10 14:59:19 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVGA Precision X [2012.11.10 14:59:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EVGA Precision X [2012.11.07 20:17:34 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\AppData\Local\CrashRpt [2012.11.07 20:17:34 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\Documents\Arktos [2012.11.07 20:17:34 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\AppData\Local\Arktos [2012.11.07 19:49:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2012.11.07 19:49:45 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\Documents\The War Z [2012.11.07 19:49:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The War Z [2012.11.04 19:33:04 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\AppData\Roaming\.minecraft [2012.11.02 16:16:08 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\Documents\Assassin's Creed Revelations [2012.11.02 15:59:13 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\AppData\Roaming\PunkBuster [2012.10.31 15:11:32 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\Documents\minecraft [2012.10.31 15:10:03 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\AppData\Roaming\FileZilla [2012.10.31 15:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2012.10.31 15:10:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client [1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.29 17:09:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ghislain\Desktop\OTL.exe [2012.11.29 17:08:03 | 000,000,000 | ---- | M] () -- C:\Users\Ghislain\defogger_reenable [2012.11.29 17:06:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3763063188-2961027423-3504971412-1000UA.job [2012.11.29 17:01:58 | 000,014,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.29 17:01:58 | 000,014,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.29 17:01:00 | 002,120,644 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.29 17:01:00 | 001,043,236 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.29 17:01:00 | 000,584,092 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.29 17:01:00 | 000,514,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.29 17:01:00 | 000,005,194 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.29 16:54:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.29 16:54:49 | 536,322,047 | -HS- | M] () -- C:\hiberfil.sys [2012.11.28 23:54:50 | 000,063,336 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx [2012.11.28 23:54:50 | 000,063,336 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx [2012.11.28 23:54:50 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx [2012.11.28 23:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.28 21:06:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3763063188-2961027423-3504971412-1000Core.job [2012.11.28 20:50:10 | 000,007,640 | ---- | M] () -- C:\Users\Ghislain\AppData\Local\Resmon.ResmonCfg [2012.11.28 20:18:12 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.11.28 20:05:20 | 001,701,614 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\Cat.DB [2012.11.28 19:27:30 | 000,000,840 | ---- | M] () -- C:\Users\Ghislain\AppData\Roaming\EasyToolz.ini [2012.11.28 18:27:20 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.11.28 18:27:19 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.11.28 18:21:18 | 000,000,982 | ---- | M] () -- C:\Users\Ghislain\Desktop\german.reg [2012.11.28 18:08:49 | 000,002,505 | ---- | M] () -- C:\Users\Ghislain\Desktop\Google Chrome.lnk [2012.11.28 17:58:43 | 000,001,205 | ---- | M] () -- C:\Users\Ghislain\Desktop\Uplay.lnk [2012.11.26 19:37:27 | 000,000,282 | ---- | M] () -- C:\Users\Ghislain\AppData\Roaming\GPU MeterV2_Settings.ini [2012.11.25 19:29:16 | 000,002,492 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2012.11.24 18:17:22 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk [2012.11.24 18:14:21 | 000,000,543 | ---- | M] () -- C:\Users\Ghislain\AppData\Roaming\All CPU MeterV3_Settings.ini [2012.11.24 16:26:36 | 000,013,946 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\VT20121114.016 [2012.11.24 16:22:00 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2012.11.24 16:22:00 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2012.11.24 16:22:00 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2012.11.22 15:55:18 | 000,001,011 | ---- | M] () -- C:\Users\Ghislain\Desktop\SpeedFan.lnk [2012.11.22 15:55:17 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo [2012.11.22 14:14:48 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.11.22 10:13:59 | 000,014,446 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2012.11.22 06:17:35 | 003,635,277 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin [2012.11.21 16:04:29 | 005,042,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.20 18:48:20 | 000,001,456 | ---- | M] () -- C:\Users\Ghislain\AppData\Local\Adobe Für Web speichern 13.0 Prefs [2012.11.17 19:51:03 | 000,002,256 | ---- | M] () -- C:\Users\Ghislain\Desktop\Assassin's Creed Revelations.lnk [2012.11.16 22:09:26 | 000,280,976 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.11.16 21:44:42 | 000,001,090 | ---- | M] () -- C:\Users\Ghislain\Desktop\MSI Afterburner.lnk [2012.11.11 19:25:59 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.11.10 14:59:20 | 000,001,092 | ---- | M] () -- C:\Users\Ghislain\Desktop\EVGA Precision X.lnk [2012.11.07 20:20:51 | 000,000,981 | ---- | M] () -- C:\Users\Ghislain\Desktop\The War Z.lnk [2012.11.02 16:42:54 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf [2012.11.02 15:59:33 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.10.31 15:32:13 | 004,928,385 | ---- | M] () -- C:\Users\Ghislain\Desktop\minecraft.jar [2012.10.31 15:02:51 | 023,291,037 | ---- | M] () -- C:\Users\Ghislain\Documents\FUN.7z [1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.29 17:08:03 | 000,000,000 | ---- | C] () -- C:\Users\Ghislain\defogger_reenable [2012.11.28 20:50:10 | 000,007,640 | ---- | C] () -- C:\Users\Ghislain\AppData\Local\Resmon.ResmonCfg [2012.11.28 19:23:30 | 000,000,840 | ---- | C] () -- C:\Users\Ghislain\AppData\Roaming\EasyToolz.ini [2012.11.28 18:10:31 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.11.28 18:10:31 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.11.28 17:58:43 | 000,001,205 | ---- | C] () -- C:\Users\Ghislain\Desktop\Uplay.lnk [2012.11.25 19:29:05 | 001,701,614 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\Cat.DB [2012.11.24 19:46:16 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.24 18:19:42 | 000,000,282 | ---- | C] () -- C:\Users\Ghislain\AppData\Roaming\GPU MeterV2_Settings.ini [2012.11.24 18:17:22 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk [2012.11.24 18:14:10 | 000,000,543 | ---- | C] () -- C:\Users\Ghislain\AppData\Roaming\All CPU MeterV3_Settings.ini [2012.11.24 16:26:52 | 000,013,946 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\VT20121114.016 [2012.11.24 16:26:27 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symds64.cat [2012.11.24 16:26:27 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symnet64.cat [2012.11.24 16:26:27 | 000,007,450 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\iron.cat [2012.11.24 16:26:27 | 000,007,446 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ccsetx64.cat [2012.11.24 16:26:27 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtsp64.cat [2012.11.24 16:26:27 | 000,003,435 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symefa.inf [2012.11.24 16:26:27 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symds.inf [2012.11.24 16:26:27 | 000,001,441 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symnet.inf [2012.11.24 16:26:27 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtsp64.inf [2012.11.24 16:26:27 | 000,001,419 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtspx64.inf [2012.11.24 16:26:27 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ccsetx64.inf [2012.11.24 16:26:27 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\iron.inf [2012.11.24 16:26:24 | 000,007,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symefa64.cat [2012.11.24 16:26:24 | 000,007,406 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtspx64.cat [2012.11.24 16:26:24 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\isolate.ini [2012.11.24 16:22:00 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2012.11.24 16:22:00 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2012.11.24 16:21:59 | 000,002,492 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2012.11.22 15:55:18 | 000,001,011 | ---- | C] () -- C:\Users\Ghislain\Desktop\SpeedFan.lnk [2012.11.22 15:55:17 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo [2012.11.20 17:32:53 | 000,000,982 | ---- | C] () -- C:\Users\Ghislain\Desktop\german.reg [2012.11.17 19:51:03 | 000,002,256 | ---- | C] () -- C:\Users\Ghislain\Desktop\Assassin's Creed Revelations.lnk [2012.11.16 21:41:37 | 000,001,090 | ---- | C] () -- C:\Users\Ghislain\Desktop\MSI Afterburner.lnk [2012.11.15 19:55:09 | 000,002,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2012.11.15 19:55:08 | 000,002,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2012.11.15 19:55:08 | 000,001,981 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader 2.lnk [2012.11.15 18:19:43 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.15 18:14:29 | 003,635,277 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2012.11.10 14:59:20 | 000,001,092 | ---- | C] () -- C:\Users\Ghislain\Desktop\EVGA Precision X.lnk [2012.11.07 20:20:51 | 000,000,981 | ---- | C] () -- C:\Users\Ghislain\Desktop\The War Z.lnk [2012.11.03 16:29:36 | 004,928,385 | ---- | C] () -- C:\Users\Ghislain\Desktop\minecraft.jar [2012.11.02 16:42:54 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf [2012.10.09 20:40:33 | 000,000,132 | ---- | C] () -- C:\Users\Ghislain\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2012.10.04 15:12:38 | 000,001,456 | ---- | C] () -- C:\Users\Ghislain\AppData\Local\Adobe Für Web speichern 13.0 Prefs [2012.10.01 15:57:05 | 000,000,132 | ---- | C] () -- C:\Users\Ghislain\AppData\Roaming\Adobe CS6-BMP-Format - Voreinstellungen [2012.09.18 21:13:26 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012.09.18 21:13:26 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012.09.18 21:13:12 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL [2012.06.19 13:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.09.19 14:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.04 20:33:51 | 000,000,000 | ---D | M] -- C:\Users\Ghislain\AppData\Roaming\.minecraft [2012.11.05 21:46:32 | 000,000,000 | ---D | M] -- C:\Users\Ghislain\AppData\Roaming\Audacity [2012.11.28 20:19:54 | 000,000,000 | ---D | M] -- C:\Users\Ghislain\AppData\Roaming\DAEMON Tools Lite [2012.10.10 21:31:39 | 000,000,000 | ---D | M] -- C:\Users\Ghislain\AppData\Roaming\DVDVideoSoft [2012.10.10 21:30:52 | 000,000,000 | ---D | M] -- C:\Users\Ghislain\AppData\Roaming\DVDVideoSoftIEHelpers [2012.11.28 20:19:54 | 000,000,000 | ---D | M] -- C:\Users\Ghislain\AppData\Roaming\FileZilla [2012.09.18 16:43:52 | 000,000,000 | ---D | M] -- C:\Users\Ghislain\AppData\Roaming\Leadertech [2012.11.27 18:15:08 | 000,000,000 | ---D | M] -- C:\Users\Ghislain\AppData\Roaming\MAXON [2012.10.23 20:02:18 | 000,000,000 | ---D | M] -- C:\Users\Ghislain\AppData\Roaming\Notepad++ [2012.09.24 16:07:25 | 000,000,000 | ---D | M] -- C:\Users\Ghislain\AppData\Roaming\Origin [2012.10.03 21:39:58 | 000,000,000 | ---D | M] -- C:\Users\Ghislain\AppData\Roaming\PACE Anti-Piracy [2012.11.02 15:59:13 | 000,000,000 | ---D | M] -- C:\Users\Ghislain\AppData\Roaming\PunkBuster [2012.11.15 18:56:18 | 000,000,000 | ---D | M] -- C:\Users\Ghislain\AppData\Roaming\redsn0w [2012.11.28 18:53:27 | 000,000,000 | ---D | M] -- C:\Users\Ghislain\AppData\Roaming\Theta [2012.09.22 19:54:14 | 000,000,000 | ---D | M] -- C:\Users\Ghislain\AppData\Roaming\TP-LINK [2012.11.16 22:09:20 | 000,000,000 | ---D | M] -- C:\Users\Ghislain\AppData\Roaming\Ubisoft ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 987 bytes -> C:\Users\Ghislain\AppData\Local\Temp:QEl4spFOWrTKcivfob @Alternate Data Stream - 1038 bytes -> C:\Users\Ghislain\AppData\Local\Aoo36ZmGW:4EJkD956Ipp7LudImNY7kTsCy < End of report > EXTRAS: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.11.2012 17:09:52 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Ghislain\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 4,53 Gb Available Physical Memory | 75,58% Memory free 12,00 Gb Paging File | 10,46 Gb Available in Paging File | 87,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,24 Gb Total Space | 9,91 Gb Free Space | 8,31% Space Free | Partition Type: NTFS Drive E: | 465,76 Gb Total Space | 441,02 Gb Free Space | 94,69% Space Free | Partition Type: NTFS Drive F: | 1863,01 Gb Total Space | 640,31 Gb Free Space | 34,37% Space Free | Partition Type: NTFS Computer Name: GHISLAIN-PC | User Name: Ghislain | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09BAAE2F-BA41-46E3-8BD6-35CCA1C6BD48}" = lport=138 | protocol=17 | dir=in | app=system | "{0B1347F5-0906-42C1-A2D5-9305F3AA4AC6}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{1BDF8BBD-F4A1-4558-B5D6-707C2CD7AF78}" = lport=2869 | protocol=6 | dir=in | app=system | "{215452EF-208F-46A2-8DAC-0347F7B6FFF4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{23E9AA83-F568-4356-BBDD-44170F2F12AE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{25455C12-DB31-4AA9-902D-8D46C389F2FC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{299FFC8A-6D92-4577-B85A-B51D9C9DFD46}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{29E3497A-BC71-41E1-B724-8E9DC88A45F1}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{2BF51FDE-5692-4788-9536-CB788A0BCDB7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{2D2D7852-546C-442E-9D9F-3D2660D90769}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{3451EB61-4EAD-44CB-86A2-A7C6C7899F18}" = rport=138 | protocol=17 | dir=out | app=system | "{36CD958A-E68B-4BDA-8280-B086DBA1D290}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{3946FBBF-B413-4A85-8DFE-5A7E5D9B6F48}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3A15BBA2-CC36-450A-8061-015CC0CAC4FB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4AB6D921-4DB1-48B9-B8A7-B8500ED5C46E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4C0B79C3-55DE-4CDB-8930-9032AFCC45A4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4C808F57-EFBB-434F-92DE-2AB71E1606C4}" = lport=137 | protocol=17 | dir=in | app=system | "{5362FAE9-E5DC-452D-B963-1481D7239E82}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{56E4CE4F-89BB-4B10-BE41-957140DD0E8F}" = rport=139 | protocol=6 | dir=out | app=system | "{66D8237D-6EBD-4312-A580-78E5BD2693D1}" = rport=10243 | protocol=6 | dir=out | app=system | "{7AE8332B-3B88-4606-B28E-EDAF023832EE}" = rport=137 | protocol=17 | dir=out | app=system | "{85003D4D-222C-478A-A2BB-3D657A04EC4D}" = lport=2869 | protocol=6 | dir=in | app=system | "{8B009E8C-B292-48C6-90F0-81542F91DC6D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8C21766C-B503-446C-AF60-25ABAD5D7886}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9124AFD4-7B37-4146-A547-A33253BDB646}" = lport=139 | protocol=6 | dir=in | app=system | "{9AA8435E-6BFE-483F-A966-2054574A706C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A2DCBAD7-733D-4BBF-AF57-6A0734986C1B}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{AC37ABCB-991C-4E17-B475-D382BD8F86A4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B11AA744-FAFC-4486-BF7E-DA054D89269B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B8EB1B33-99CD-4F7D-A280-3E07F88EE21F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BB79907C-D8BB-4738-B9E2-E2BC4035FC9C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C227444B-DE02-4B4C-971F-A515DCDA7219}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D2243EE1-BAB4-4921-BB6A-E9A56ECC7857}" = lport=10243 | protocol=6 | dir=in | app=system | "{D670CC48-A54E-4FE2-A4DF-5F48E102A73A}" = rport=2869 | protocol=6 | dir=out | app=system | "{DB02DA76-DB26-4309-A502-E0EF334AA843}" = lport=445 | protocol=6 | dir=in | app=system | "{DDF6F664-EDDD-4C64-9E16-CC899E2BAF69}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E50FC1D2-DB0F-4D65-A42D-0D192F313FE5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EADCE98C-8B9A-4647-BC68-F22F72A4356B}" = rport=445 | protocol=6 | dir=out | app=system | "{F46503D0-B8B1-48E1-9B45-A9D155B706B6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F76157DB-A227-4A8B-8558-2FFFFE7AFE16}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00B6F2A2-E3B0-4BAF-AA3F-F3BEBD45066F}" = dir=in | app=%programfiles% (x86)\ubisoft\ubisoft game launcher\uplay.exe | "{015E0EA5-0461-4DBC-9080-645AC0372AB6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{023DBDD7-431A-482D-8434-B8526BC5168B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0498B043-5D56-4D58-A823-0E9F74BFECDE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{07B6F207-624D-4B31-8C3F-97BE1363E934}" = protocol=17 | dir=in | app=c:\users\ghislain\appdata\local\temp\7zs8162.tmp\symnrt.exe | "{0AB4277D-DB31-4CF1-97F7-EA1BD862C17F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{0D9FA15A-6061-44DB-B067-234019B63F6F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe | "{12FC219B-FD66-439A-B7D5-5F605EFF1B3F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | "{169032A9-DA87-4451-837A-5E1E753C2A16}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | "{1794D873-9879-4C05-892E-36E6B5CDF0A6}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{17A82A84-CC95-4102-BF84-A62FADAD4DAE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{181CEF7B-40A1-438D-B632-EE58700B3DEE}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{1B1B189F-471C-4456-8DF3-8BDAF86C3070}" = dir=out | app=%programfiles% (x86)\euro truck simulator 2\bin\win_x86\eurotrucks2.exe | "{234A28F7-CC18-40B7-9274-86D2D6514FCC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | "{266A5B74-9873-4AE9-B734-3436166958A6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{2A022FC9-455A-45E1-BE97-9179DFFEB13F}" = protocol=6 | dir=out | app=system | "{2A140FE6-6E00-44F0-9CEC-970D37D7864B}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{2AF7A3E6-AE12-4900-ABF2-51346C2D5B2B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | "{2B31D403-DF68-49FB-8604-40233BE64FD3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2B364891-7CDC-4E48-8BB7-85A3A891A8DC}" = dir=in | app=%programfiles% (x86)\euro truck simulator 2\bin\win_x86\eurotrucks2.exe | "{2CCB029E-A720-4F36-95F0-5CF9E69492AD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{2E767059-157D-49C4-B279-FEAB928EB136}" = protocol=17 | dir=in | app=c:\users\ghislain\appdata\local\apps\2.0\tyvdyyy2.j5y\7nknkjtr.cg3\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | "{325A90F0-9DDF-4FEB-AB16-FA6B68D6C76C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{35EE9059-FAAB-4F89-AAFC-44AD637AE6C8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{362A339D-B013-4370-86AD-A0AFC9D1B814}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{37147741-4166-48BF-8A36-8ABB9A30F8AD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | "{3A70222D-865C-4A85-9041-7FC7F81A1E65}" = protocol=6 | dir=in | app=c:\users\ghislain\appdata\local\temp\7zs51d0.tmp\symnrt.exe | "{3D10625C-4369-456B-AAC7-DA3B2F492C0F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{407E0E7E-CDC4-47AF-96C3-EF5C0BDDE3CF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | "{48D93D06-53A6-494D-9F88-0B248A7BE1C3}" = dir=in | app=c:\users\ghislain\documents\the war z\warz.exe | "{4902F508-7451-4CF8-8640-630A148B03A7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{4ED5E9BF-7EB6-4A7F-96E1-B22D05B050C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{50129A3F-6B9B-4274-8852-6A0AFB5834D7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{50C55F1B-B51B-49BD-887D-66E155079D5B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{516965A7-BE40-470F-8C16-D15E7AF3602B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{54883680-11F4-4E30-A7FA-F7BC2C956059}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe | "{5B16B6B4-993F-49FF-B252-9F56420C9A68}" = protocol=6 | dir=in | app=c:\users\ghislain\appdata\local\temp\7zs78b1.tmp\symnrt.exe | "{5C4A4409-D074-4D0D-9F09-1AFC9DFC5D55}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{5FE1E5CC-630B-4774-BDE1-567D03CD9FAB}" = protocol=17 | dir=in | app=c:\users\ghislain\appdata\local\temp\7zs91a.tmp\symnrt.exe | "{63D1EA9F-959A-49F8-8845-4842F690CDB5}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | "{65B6E582-7A9E-4990-ABAA-07D1463E2B93}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{664C5418-E6DF-4753-BE67-F05A0B5CE1CC}" = dir=out | app=e:\showdown.exe | "{66F2CF10-5687-4765-B498-A3C5D52A0196}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{678D6B89-4AE6-4E8D-97E9-C98C16ED9715}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{6CD5BC11-7A2B-48DD-9542-F7701DD7AE2D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7706A959-FC00-4DD1-B8CD-9A6840860C7D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{7D3D0AA6-E28D-4C50-95EC-BB935A1BF693}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{82BAEEEB-4151-419F-9FB1-434E4FE50271}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | "{894FB44C-FBD1-4D1B-8383-1F42DAD9346E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe | "{8C0499A1-B27D-425A-9B00-09E790BC6629}" = protocol=17 | dir=in | app=c:\users\ghislain\appdata\local\temp\7zs51d0.tmp\symnrt.exe | "{909E80E1-D439-42D3-9D8A-7FBCCE27885B}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{952FC044-8D93-4E83-9416-C9DF486D22CC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{98E3F3BB-B41B-4ED5-AF08-28B1E1C6AE45}" = dir=in | app=%programfiles% (x86)\ubisoft\assassin's creed iii\ac3sp.exe | "{9A17587C-7DBC-4B04-B7D5-4CDD0BC66D9C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{9B2B8783-0F41-4C8D-B03B-DF3DAD6CF8AE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{9B2EC807-F572-405C-97CF-8169BE9941D9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{A34D68E1-1455-40F5-B4C1-CEBF5C27FE34}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | "{A7E30E6D-773E-42D2-9AE9-9E2A98C33D90}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{AB4DC818-F9E1-4B8F-92C2-C1C49A6B04FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AC42E557-5AC2-4F66-81E5-E41AD9A497B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{AC86CD74-F247-417F-8664-9A022DC2E1F5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{AD563666-9DC3-460B-B94F-A508D60267C5}" = protocol=17 | dir=in | app=c:\users\ghislain\appdata\local\temp\7zs78b1.tmp\symnrt.exe | "{AE8AC5CA-51D5-4D1A-BCD0-3FC61A23C4F7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{AF041358-39FC-488A-8BEC-7AC0227FA309}" = protocol=6 | dir=in | app=c:\users\ghislain\appdata\local\temp\7zs91a.tmp\symnrt.exe | "{AF79930E-CB65-43B8-9A49-4B6C5AA25B14}" = protocol=6 | dir=in | app=c:\users\ghislain\appdata\local\apps\2.0\tyvdyyy2.j5y\7nknkjtr.cg3\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | "{AFEFB020-8432-4972-ABEF-3B2712F8EEF9}" = protocol=6 | dir=in | app=c:\users\ghislain\appdata\local\temp\7zs8162.tmp\symnrt.exe | "{B6DB395D-5A7B-47D8-A952-B070A87D269A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{BE3EEA20-D49E-49D1-B847-6D3B975AC22C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe | "{C4E22007-FF5F-4045-9E39-5CCE9ECA93A9}" = protocol=6 | dir=in | app=c:\users\ghislain\appdata\local\apps\2.0\tyvdyyy2.j5y\7nknkjtr.cg3\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | "{C86626DE-DCA1-4A29-8638-379D31228F1F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe | "{CCCFE8AD-EF80-4D46-9A0E-51554CE3B422}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | "{CECF2BFF-1102-46E7-AFD9-E35BF9C95E36}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{CF067996-3010-4613-8C15-94F23643BDE6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | "{CFEDC432-8254-42F6-9965-F9D2C89B54FB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{D2A51813-3974-440E-B6FF-AC79E4CB0AB8}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{D36996EA-E950-4797-8636-0B26702B6D4A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | "{D962AE42-E892-41A8-A060-588924C76859}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | "{DD34AF4B-D6F1-448E-83D8-9B343161DBE7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | "{E65AF79B-7FE5-47E4-B297-FBAEEA5706B5}" = dir=out | app=%programfiles% (x86)\ubisoft\ubisoft game launcher\uplay.exe | "{E95F3B9F-EFA7-41E7-81E4-E4419B0B84A0}" = protocol=17 | dir=in | app=c:\users\ghislain\appdata\local\apps\2.0\tyvdyyy2.j5y\7nknkjtr.cg3\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | "{EBDE72E9-022F-40C2-BCCF-CA681C2503D7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | "{ED1C48B5-1CD7-4B58-8415-7C4EB7ED18A7}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | "{EF455E83-972B-4C56-B92D-A9FE4210E9F3}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | "{F0E50961-4221-4F6C-8E17-1E46B076F82B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{F1862384-A77D-4D63-83B2-B7CC127C7F8C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{F39E4410-C80A-4D7E-9D88-00B11491B7C8}" = protocol=6 | dir=in | app=c:\users\ghislain\appdata\local\temp\7zse5a5.tmp\symnrt.exe | "{F7BAD85D-0B67-47C2-A760-36AEDBCCE34C}" = protocol=17 | dir=in | app=c:\users\ghislain\appdata\local\temp\7zse5a5.tmp\symnrt.exe | "{F8950105-0D05-43CE-BC55-6F54D12602A6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | "{FED8A6E6-EB0F-428F-B3BF-FC80EB9DD8BD}" = dir=out | app=%programfiles% (x86)\ubisoft\assassin's creed iii\ac3sp.exe | "{FFA69CC0-8AC7-4B7B-9B67-503F5A41B55D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe | "TCP Query User{87A4C00A-B119-446E-8765-FEC1AACC8967}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "UDP Query User{F484DFAC-D283-48AA-9A3D-08C6DAB78DF9}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3 "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.64 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.64 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.64 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.64 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "CPUID CPU-Z_is1" = CPUID CPU-Z 1.62 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Pen Tablet Driver" = Bamboo "sp6" = Logitech SetPoint 6.32 "VLC media player" = VLC media player 2.0.2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer "{319D91C6-3D44-436C-9F79-36C0D22372DC}" = TP-LINK Wireless Configuration Utility "{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.03 "{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}" = TL-WN721N/TL-WN722N Driver "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed III 1.01 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager "{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1" = The War Z version alpha "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6 "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.11 Game "{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "0630-0716-3135-7887" = JDownloader 2 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10 "Afterburner" = MSI Afterburner 2.2.5 "Audacity_is1" = Audacity 2.0.2 "AudioCS" = Creative Audio-Systemsteuerung "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager "Console Launcher" = Creative Konsole Starter "Creative Software AutoUpdate" = Creative Software AutoUpdate "Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition "DAEMON Tools Lite" = DAEMON Tools Lite "Dolby Digital Live Pack" = Dolby Digital Live Pack "DTS Connect Pack" = DTS Connect Pack "FileZilla Client" = FileZilla Client 3.5.3 "Fraps" = Fraps (remove only) "Free YouTube Download_is1" = Free YouTube Download version "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version "Freemake Video Converter_is1" = Freemake Video Converter Version 3.1.2 "NIS" = Norton Internet Security "Notepad++" = Notepad++ "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "OpenAL" = OpenAL "Origin" = Origin "PrecisionX" = EVGA Precision X 3.0.3 "PunkBusterSvc" = PunkBuster Services "Revo Uninstaller" = Revo Uninstaller 1.94 "SpeedFan" = SpeedFan (remove only) "Steam App 113400" = APB Reloaded "Uplay" = Uplay "VLC media player" = VLC media player 1.1.1 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 28.11.2012 15:57:59 | Computer Name = Ghislain-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error - 28.11.2012 16:11:08 | Computer Name = Ghislain-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 28.11.2012 16:11:08 | Computer Name = Ghislain-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 28.11.2012 16:11:08 | Computer Name = Ghislain-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error - 28.11.2012 16:20:17 | Computer Name = Ghislain-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 28.11.2012 16:20:17 | Computer Name = Ghislain-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 28.11.2012 16:20:17 | Computer Name = Ghislain-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error - 29.11.2012 12:00:56 | Computer Name = Ghislain-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 29.11.2012 12:00:56 | Computer Name = Ghislain-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 29.11.2012 12:00:56 | Computer Name = Ghislain-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. [ System Events ] Error - 28.11.2012 15:23:23 | Computer Name = Ghislain-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 28.11.2012 15:51:52 | Computer Name = Ghislain-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 28.11.2012 16:04:34 | Computer Name = Ghislain-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?28.?11.?2012 um 20:59:37 unerwartet heruntergefahren. Error - 28.11.2012 16:04:42 | Computer Name = Ghislain-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 28.11.2012 16:13:34 | Computer Name = Ghislain-PC | Source = ipnathlp | ID = 31004 Description = Error - 28.11.2012 16:13:35 | Computer Name = Ghislain-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 28.11.2012 16:13:48 | Computer Name = Ghislain-PC | Source = ipnathlp | ID = 31004 Description = Error - 29.11.2012 11:55:00 | Computer Name = Ghislain-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 29.11.2012 12:08:07 | Computer Name = Ghislain-PC | Source = ipnathlp | ID = 31004 Description = Error - 29.11.2012 12:08:44 | Computer Name = Ghislain-PC | Source = ipnathlp | ID = 31004 Description = < End of report > |
#6
Verdächte Cpu Last nach Beendigung von Spiel
Wer geklaute Software einsetzt, braucht sich über Ärger am Rechner nicht zu wundern... ![]() Alleine der Besuch auf Seiten, welche diese Dateien zum Download anbieten, beinhaltet ein hohes Risiko sich zu infizieren. Wenn Du den Crack startest, startest du eine ausführbare Datei aus einer sehr dubiosen Quelle. Im Quellcode der Datei kann alles mögliche stehen. ( z.B downloaden und ausführen von Malwaredateien ) Dies ist einer der Hauptursachen für Infektionen. Ausserdem sind Cracks, Keygens, usw. illegal und das ist genauso Diebstahl wie in einem Laden. Darum haben wir uns darauf geeinigt: Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden. Deshalb beschränkt sich unsere Hilfe für dich auf eine Anleitung zur Neuinstallation und Absicherung des Systems
__________________ --> Verdächte Cpu Last nach Beendigung von Spiel |
![]() | #7 |
| ![]() Verdächte Cpu Last nach Beendigung von Spiel Wie bitte? Ich hab AcIII ganz normal im Laden gekauft! Es ist auch bei Uplay eingetragen! |
