Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Verdächte Cpu Last nach Beendigung von Spiel

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.11.2012, 20:30   #1
MrSlainkoeni
 
Verdächte Cpu Last nach Beendigung von Spiel - Standard

Verdächte Cpu Last nach Beendigung von Spiel



Hallo,
folgende Situation: seit kurzem starte ich Assassins Creed III, spiele wenige Sekunden...Und plötzlich werden aus 40 fps nur 15 und die core 2+3 (angefangen bei core 0) schießen auf maximum.
Solbald dies geschieht verabschiedet sich auch der Sound. Wenn ich das Spiel beende bleibt die cpu auslastung der beiden letzten kerne immer noch so hoch und der sound ist weg.
Erst ein Neustart bringt wieder sound und normale cpu last.

Verzeiht bitte Fehler, ich bin neu :-)
MfG
MrSlainkoenig

Alt 29.11.2012, 09:19   #2
Psychotic
/// Malwareteam
 
Verdächte Cpu Last nach Beendigung von Spiel - Standard

Verdächte Cpu Last nach Beendigung von Spiel



Hallo,

dieses Spiel verursacht auf vielen PCs massive Probleme, auf meinem eigenen läuft es beispielswiese erstmal gar nicht.
Ich würde also nicht davon ausgehen, dass es mit einem Schädling zu tun hat.

Wenn du dir nicht sicher bist, können wir uns das einmal anschauen:


Um eine genauere Analyse zu ermöglichen, befolge bitte diesen Link:

An alle Hilfesuchenden! Was muss ich vor Eröffnung eines Themas beachten?

Hinweis: Poste die erstellten Logfiles hier in deinem Thema - erstelle kein neues!

Falls bereits installierte Antivirensoftware Funde gemeldet hat: Füge unbedingt die entsprechenden Logdateien bei!
__________________

__________________

Alt 29.11.2012, 11:05   #3
MrSlainkoeni
 
Verdächte Cpu Last nach Beendigung von Spiel - Standard

Verdächte Cpu Last nach Beendigung von Spiel



Ok Danke. Sobald ich zuhause bin werde ich die logs ergänzen.
Hab hier 2 Screenshots, welche während des Problems erstellt wurden.
Bild 1
Bild 2

Zu erwähnen: Der Fehler hatte zu Release von ACIII noch nicht existiert. Erst seit einigen Tagen.
__________________

Alt 29.11.2012, 11:26   #4
Psychotic
/// Malwareteam
 
Verdächte Cpu Last nach Beendigung von Spiel - Standard

Verdächte Cpu Last nach Beendigung von Spiel



Ich kann dir helfen, das System auf Malware zu prüfen und diese ggf. zu entfernen.
Wenn danach das Problem noch immer besteht, musst du dich an den Support von ubisoft wenden.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 29.11.2012, 17:24   #5
MrSlainkoeni
 
Verdächte Cpu Last nach Beendigung von Spiel - Standard

Verdächte Cpu Last nach Beendigung von Spiel



Ok, hier sind OTL.txt sowie extras.txt
Ich habe die OTL analyse ausgeführt während der Fehler bestand.
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.11.2012 17:09:52 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ghislain\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,53 Gb Available Physical Memory | 75,58% Memory free
12,00 Gb Paging File | 10,46 Gb Available in Paging File | 87,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 9,91 Gb Free Space | 8,31% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 441,02 Gb Free Space | 94,69% Space Free | Partition Type: NTFS
Drive F: | 1863,01 Gb Total Space | 640,31 Gb Free Space | 34,37% Space Free | Partition Type: NTFS
 
Computer Name: GHISLAIN-PC | User Name: Ghislain | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.29 17:09:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ghislain\Desktop\OTL.exe
PRC - [2012.11.28 18:27:19 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.11.22 10:13:59 | 001,259,880 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.11.21 18:27:16 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.09.26 22:08:08 | 000,336,896 | ---- | M] (AVM Berlin) -- C:\Users\Ghislain\AppData\Local\Apps\2.0\TYVDYYY2.J5Y\7NKNKJTR.CG3\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe
PRC - [2012.09.20 06:44:16 | 000,296,392 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
PRC - [2010.07.07 19:33:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2010.07.07 19:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2010.02.12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.15 18:29:05 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll
MOD - [2012.11.15 18:28:45 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll
MOD - [2012.11.15 18:28:36 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012.11.15 18:28:31 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012.11.15 18:28:30 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
MOD - [2012.11.15 18:28:30 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\f2fb3f4856c403795db6db3f354f1f0b\System.Deployment.ni.dll
MOD - [2012.11.15 18:28:23 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012.11.15 18:28:19 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012.11.15 18:28:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012.11.15 18:28:16 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012.11.15 18:28:13 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012.09.26 22:07:59 | 000,368,640 | ---- | M] () -- C:\Users\Ghislain\AppData\Local\Apps\2.0\TYVDYYY2.J5Y\7NKNKJTR.CG3\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.DLL
MOD - [2012.01.08 14:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 18:58:23 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009.06.29 09:54:08 | 000,164,864 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2007.09.13 17:05:22 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIGER.DLL
 
 
========== Services (SafeList) ==========
 
SRV - [2012.11.28 18:27:19 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.11.24 19:46:15 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.22 10:13:59 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.11.21 18:27:16 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.31 17:04:22 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.09.18 21:13:50 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe -- (NIS)
SRV - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.09.14 21:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011.09.08 16:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2011.09.08 16:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.02.12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.24 16:22:00 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.10.09 19:31:14 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012.09.26 22:08:05 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmaudio.sys -- (avmaudio)
DRV:64bit: - [2012.09.22 20:06:41 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.07.06 03:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012.07.06 03:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.06.07 05:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012.05.22 02:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012.04.18 03:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symnets.sys -- (SymNetS)
DRV:64bit: - [2012.04.18 02:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012.03.26 13:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.17 16:45:56 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symds64.sys -- (SymDS)
DRV:64bit: - [2011.09.08 16:49:26 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2011.09.08 16:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.04.20 02:07:48 | 001,930,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 04:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 02:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.22 01:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2010.10.22 01:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2010.07.07 21:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010.07.07 21:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010.07.07 21:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010.07.07 21:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010.07.07 21:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010.07.07 21:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010.07.07 21:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010.07.07 21:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010.07.07 21:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010.07.07 21:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010.07.07 21:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010.07.07 21:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010.07.07 21:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010.07.07 21:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010.03.19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 21:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.11.28 17:35:10 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20121128.003\ex64.sys -- (NAVEX15)
DRV - [2012.11.28 17:35:10 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.11.28 17:35:10 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20121128.003\eng64.sys -- (NAVENG)
DRV - [2012.11.24 16:26:36 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012.11.23 16:37:34 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20121127.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012.11.06 23:54:56 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20121106.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EB A0 EC D4 73 CA CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.6.0.3
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&crg=3.1010000.10025&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ghislain\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ghislain\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\IPSFFPlgn\ [2012.11.24 16:22:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\coFFPlgn\ [2012.11.29 16:55:18 | 000,000,000 | ---D | M]
 
[2012.10.02 11:27:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ghislain\AppData\Roaming\mozilla\Extensions
[2012.10.22 18:53:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ghislain\AppData\Roaming\mozilla\Firefox\Profiles\l51apgtx.default\extensions
[2012.10.10 21:17:00 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Ghislain\AppData\Roaming\mozilla\Firefox\Profiles\l51apgtx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.10.10 21:22:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ghislain\AppData\Roaming\mozilla\Firefox\Profiles\l51apgtx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.10.10 21:22:47 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Ghislain\AppData\Roaming\mozilla\Firefox\Profiles\l51apgtx.default\extensions\ich@maltegoetz.de
[2012.10.22 18:53:56 | 000,169,792 | ---- | M] () (No name found) -- C:\Users\Ghislain\AppData\Roaming\mozilla\firefox\profiles\l51apgtx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2012.10.20 15:08:18 | 000,003,915 | ---- | M] () -- C:\Users\Ghislain\AppData\Roaming\mozilla\firefox\profiles\l51apgtx.default\searchplugins\sweetim.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ghislain\AppData\Local\Google\Chrome\Application\23.0.1271.91\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ghislain\AppData\Local\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ghislain\AppData\Local\Google\Chrome\Application\23.0.1271.91\pdf.dll
CHR - plugin: SweetIM GC Helper (Enabled) = C:\Users\Ghislain\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\mgHelperGCFB.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Ghislain\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ghislain\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: YouTube = C:\Users\Ghislain\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Ghislain\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: AdBlock = C:\Users\Ghislain\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.47_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Ghislain\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
CHR - Extension: Norton Identity Protection = C:\Users\Ghislain\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\
CHR - Extension: Google Mail = C:\Users\Ghislain\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: YouTube = C:\Users\Ghislain\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Ghislain\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: AdBlock = C:\Users\Ghislain\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.47_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Ghislain\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
CHR - Extension: Norton Identity Protection = C:\Users\Ghislain\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\
CHR - Extension: Google Mail = C:\Users\Ghislain\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012.10.01 15:32:35 | 000,000,911 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 lmlicenses.wip4.adobe.com
O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\Ghislain\AppData\Local\Apps\2.0\TYVDYYY2.J5Y\7NKNKJTR.CG3\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Ghislain\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ghislain\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Ghislain\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ghislain\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{289A480B-642C-4B2D-AE31-EDDD41DEEA58}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46BCEBDE-E5D3-4C31-A563-395F79396F74}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8373F2A4-51B9-408A-B17D-A5EB9A76C862}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89D84CAC-7319-4026-B674-4BA822475462}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCE388BA-5C4D-46EC-B8AE-083554EA2FDD}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E069E0EC-1587-4B77-9E7D-FF803303EB24}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{295770f4-0107-11e2-b18a-001966c15529}\Shell - "" = AutoRun
O33 - MountPoints2\{295770f4-0107-11e2-b18a-001966c15529}\Shell\AutoRun\command - "" = H:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.29 17:09:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ghislain\Desktop\OTL.exe
[2012.11.28 18:53:27 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\AppData\Roaming\Theta
[2012.11.28 18:37:04 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\Desktop\ACIII ORGINAL
[2012.11.28 17:58:43 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2012.11.28 17:37:09 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\Desktop\54
[2012.11.27 22:11:14 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\Documents\My Games
[2012.11.27 22:11:14 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\AppData\Local\FLT
[2012.11.27 22:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2012.11.27 22:05:47 | 001,306,624 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll
[2012.11.27 22:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
[2012.11.27 22:05:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS
[2012.11.27 22:01:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DiRT Showdown
[2012.11.27 18:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Orbit
[2012.11.27 18:43:13 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\Desktop\Assassin's Creed III
[2012.11.27 18:15:08 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\AppData\Roaming\MAXON
[2012.11.24 19:14:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA 3D Vision driver
[2012.11.24 19:14:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2012.11.24 18:33:21 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\Desktop\Resources
[2012.11.24 18:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2012.11.24 18:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2012.11.24 16:57:28 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\AppData\Local\CrashDumps
[2012.11.24 16:36:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012.11.24 16:26:27 | 001,129,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symefa64.sys
[2012.11.24 16:26:27 | 000,737,952 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtsp64.sys
[2012.11.24 16:26:27 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symds64.sys
[2012.11.24 16:26:27 | 000,405,624 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symnets.sys
[2012.11.24 16:26:27 | 000,190,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ironx64.sys
[2012.11.24 16:26:27 | 000,167,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ccsetx64.sys
[2012.11.24 16:26:27 | 000,037,536 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtspx64.sys
[2012.11.24 16:26:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1309000.009
[2012.11.24 16:22:00 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012.11.24 16:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012.11.24 16:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012.11.24 16:21:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2012.11.24 16:21:47 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012.11.24 16:21:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2012.11.24 16:21:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012.11.24 16:21:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012.11.24 16:21:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012.11.22 22:53:19 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.11.22 15:55:18 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012.11.22 15:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012.11.22 15:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2012.11.22 14:14:48 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.11.22 14:14:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.11.22 14:14:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.11.19 22:53:39 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\Documents\Assassin's Creed III
[2012.11.19 19:46:39 | 000,000,000 | -H-D | C] -- C:\Users\Ghislain\Documents\Freemake_do_not_remove_this_folder634889511993448593
[2012.11.16 21:41:37 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[2012.11.16 21:41:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner
[2012.11.15 19:54:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader 2
[2012.11.15 19:54:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\i4j_jres
[2012.11.15 18:56:18 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\AppData\Roaming\redsn0w
[2012.11.15 18:14:34 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.11.15 18:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.11.11 19:26:01 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\AppData\Roaming\vlc
[2012.11.11 19:25:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012.11.10 14:59:19 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVGA Precision X
[2012.11.10 14:59:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EVGA Precision X
[2012.11.07 20:17:34 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\AppData\Local\CrashRpt
[2012.11.07 20:17:34 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\Documents\Arktos
[2012.11.07 20:17:34 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\AppData\Local\Arktos
[2012.11.07 19:49:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012.11.07 19:49:45 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\Documents\The War Z
[2012.11.07 19:49:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The War Z
[2012.11.04 19:33:04 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\AppData\Roaming\.minecraft
[2012.11.02 16:16:08 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\Documents\Assassin's Creed Revelations
[2012.11.02 15:59:13 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\AppData\Roaming\PunkBuster
[2012.10.31 15:11:32 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\Documents\minecraft
[2012.10.31 15:10:03 | 000,000,000 | ---D | C] -- C:\Users\Ghislain\AppData\Roaming\FileZilla
[2012.10.31 15:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2012.10.31 15:10:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.29 17:09:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ghislain\Desktop\OTL.exe
[2012.11.29 17:08:03 | 000,000,000 | ---- | M] () -- C:\Users\Ghislain\defogger_reenable
[2012.11.29 17:06:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3763063188-2961027423-3504971412-1000UA.job
[2012.11.29 17:01:58 | 000,014,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.29 17:01:58 | 000,014,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.29 17:01:00 | 002,120,644 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.29 17:01:00 | 001,043,236 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.29 17:01:00 | 000,584,092 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.29 17:01:00 | 000,514,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.29 17:01:00 | 000,005,194 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.29 16:54:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.29 16:54:49 | 536,322,047 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.28 23:54:50 | 000,063,336 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx
[2012.11.28 23:54:50 | 000,063,336 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx
[2012.11.28 23:54:50 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000000-00001102-0000000B-00431102}.rfx
[2012.11.28 23:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.28 21:06:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3763063188-2961027423-3504971412-1000Core.job
[2012.11.28 20:50:10 | 000,007,640 | ---- | M] () -- C:\Users\Ghislain\AppData\Local\Resmon.ResmonCfg
[2012.11.28 20:18:12 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.11.28 20:05:20 | 001,701,614 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\Cat.DB
[2012.11.28 19:27:30 | 000,000,840 | ---- | M] () -- C:\Users\Ghislain\AppData\Roaming\EasyToolz.ini
[2012.11.28 18:27:20 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.11.28 18:27:19 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.11.28 18:21:18 | 000,000,982 | ---- | M] () -- C:\Users\Ghislain\Desktop\german.reg
[2012.11.28 18:08:49 | 000,002,505 | ---- | M] () -- C:\Users\Ghislain\Desktop\Google Chrome.lnk
[2012.11.28 17:58:43 | 000,001,205 | ---- | M] () -- C:\Users\Ghislain\Desktop\Uplay.lnk
[2012.11.26 19:37:27 | 000,000,282 | ---- | M] () -- C:\Users\Ghislain\AppData\Roaming\GPU MeterV2_Settings.ini
[2012.11.25 19:29:16 | 000,002,492 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012.11.24 18:17:22 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2012.11.24 18:14:21 | 000,000,543 | ---- | M] () -- C:\Users\Ghislain\AppData\Roaming\All CPU MeterV3_Settings.ini
[2012.11.24 16:26:36 | 000,013,946 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\VT20121114.016
[2012.11.24 16:22:00 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012.11.24 16:22:00 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012.11.24 16:22:00 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012.11.22 15:55:18 | 000,001,011 | ---- | M] () -- C:\Users\Ghislain\Desktop\SpeedFan.lnk
[2012.11.22 15:55:17 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2012.11.22 14:14:48 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.11.22 10:13:59 | 000,014,446 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.11.22 06:17:35 | 003,635,277 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.11.21 16:04:29 | 005,042,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.20 18:48:20 | 000,001,456 | ---- | M] () -- C:\Users\Ghislain\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2012.11.17 19:51:03 | 000,002,256 | ---- | M] () -- C:\Users\Ghislain\Desktop\Assassin's Creed Revelations.lnk
[2012.11.16 22:09:26 | 000,280,976 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.11.16 21:44:42 | 000,001,090 | ---- | M] () -- C:\Users\Ghislain\Desktop\MSI Afterburner.lnk
[2012.11.11 19:25:59 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.11.10 14:59:20 | 000,001,092 | ---- | M] () -- C:\Users\Ghislain\Desktop\EVGA Precision X.lnk
[2012.11.07 20:20:51 | 000,000,981 | ---- | M] () -- C:\Users\Ghislain\Desktop\The War Z.lnk
[2012.11.02 16:42:54 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2012.11.02 15:59:33 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.10.31 15:32:13 | 004,928,385 | ---- | M] () -- C:\Users\Ghislain\Desktop\minecraft.jar
[2012.10.31 15:02:51 | 023,291,037 | ---- | M] () -- C:\Users\Ghislain\Documents\FUN.7z
[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.29 17:08:03 | 000,000,000 | ---- | C] () -- C:\Users\Ghislain\defogger_reenable
[2012.11.28 20:50:10 | 000,007,640 | ---- | C] () -- C:\Users\Ghislain\AppData\Local\Resmon.ResmonCfg
[2012.11.28 19:23:30 | 000,000,840 | ---- | C] () -- C:\Users\Ghislain\AppData\Roaming\EasyToolz.ini
[2012.11.28 18:10:31 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.11.28 18:10:31 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.11.28 17:58:43 | 000,001,205 | ---- | C] () -- C:\Users\Ghislain\Desktop\Uplay.lnk
[2012.11.25 19:29:05 | 001,701,614 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\Cat.DB
[2012.11.24 19:46:16 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.24 18:19:42 | 000,000,282 | ---- | C] () -- C:\Users\Ghislain\AppData\Roaming\GPU MeterV2_Settings.ini
[2012.11.24 18:17:22 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2012.11.24 18:14:10 | 000,000,543 | ---- | C] () -- C:\Users\Ghislain\AppData\Roaming\All CPU MeterV3_Settings.ini
[2012.11.24 16:26:52 | 000,013,946 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\VT20121114.016
[2012.11.24 16:26:27 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symds64.cat
[2012.11.24 16:26:27 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symnet64.cat
[2012.11.24 16:26:27 | 000,007,450 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\iron.cat
[2012.11.24 16:26:27 | 000,007,446 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ccsetx64.cat
[2012.11.24 16:26:27 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtsp64.cat
[2012.11.24 16:26:27 | 000,003,435 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symefa.inf
[2012.11.24 16:26:27 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symds.inf
[2012.11.24 16:26:27 | 000,001,441 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symnet.inf
[2012.11.24 16:26:27 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtsp64.inf
[2012.11.24 16:26:27 | 000,001,419 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtspx64.inf
[2012.11.24 16:26:27 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ccsetx64.inf
[2012.11.24 16:26:27 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\iron.inf
[2012.11.24 16:26:24 | 000,007,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symefa64.cat
[2012.11.24 16:26:24 | 000,007,406 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtspx64.cat
[2012.11.24 16:26:24 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\isolate.ini
[2012.11.24 16:22:00 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012.11.24 16:22:00 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012.11.24 16:21:59 | 000,002,492 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012.11.22 15:55:18 | 000,001,011 | ---- | C] () -- C:\Users\Ghislain\Desktop\SpeedFan.lnk
[2012.11.22 15:55:17 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2012.11.20 17:32:53 | 000,000,982 | ---- | C] () -- C:\Users\Ghislain\Desktop\german.reg
[2012.11.17 19:51:03 | 000,002,256 | ---- | C] () -- C:\Users\Ghislain\Desktop\Assassin's Creed Revelations.lnk
[2012.11.16 21:41:37 | 000,001,090 | ---- | C] () -- C:\Users\Ghislain\Desktop\MSI Afterburner.lnk
[2012.11.15 19:55:09 | 000,002,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012.11.15 19:55:08 | 000,002,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.11.15 19:55:08 | 000,001,981 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader 2.lnk
[2012.11.15 18:19:43 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.15 18:14:29 | 003,635,277 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.11.10 14:59:20 | 000,001,092 | ---- | C] () -- C:\Users\Ghislain\Desktop\EVGA Precision X.lnk
[2012.11.07 20:20:51 | 000,000,981 | ---- | C] () -- C:\Users\Ghislain\Desktop\The War Z.lnk
[2012.11.03 16:29:36 | 004,928,385 | ---- | C] () -- C:\Users\Ghislain\Desktop\minecraft.jar
[2012.11.02 16:42:54 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2012.10.09 20:40:33 | 000,000,132 | ---- | C] () -- C:\Users\Ghislain\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
[2012.10.04 15:12:38 | 000,001,456 | ---- | C] () -- C:\Users\Ghislain\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2012.10.01 15:57:05 | 000,000,132 | ---- | C] () -- C:\Users\Ghislain\AppData\Roaming\Adobe CS6-BMP-Format - Voreinstellungen
[2012.09.18 21:13:26 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.09.18 21:13:26 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.09.18 21:13:12 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2012.06.19 13:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.09.19 14:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.11.04 20:33:51 | 000,000,000 | ---D | M] -- C:\Users\Ghislain\AppData\Roaming\.minecraft
[2012.11.05 21:46:32 | 000,000,000 | ---D | M] -- C:\Users\Ghislain\AppData\Roaming\Audacity
[2012.11.28 20:19:54 | 000,000,000 | ---D | M] -- C:\Users\Ghislain\AppData\Roaming\DAEMON Tools Lite
[2012.10.10 21:31:39 | 000,000,000 | ---D | M] -- C:\Users\Ghislain\AppData\Roaming\DVDVideoSoft
[2012.10.10 21:30:52 | 000,000,000 | ---D | M] -- C:\Users\Ghislain\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.11.28 20:19:54 | 000,000,000 | ---D | M] -- C:\Users\Ghislain\AppData\Roaming\FileZilla
[2012.09.18 16:43:52 | 000,000,000 | ---D | M] -- C:\Users\Ghislain\AppData\Roaming\Leadertech
[2012.11.27 18:15:08 | 000,000,000 | ---D | M] -- C:\Users\Ghislain\AppData\Roaming\MAXON
[2012.10.23 20:02:18 | 000,000,000 | ---D | M] -- C:\Users\Ghislain\AppData\Roaming\Notepad++
[2012.09.24 16:07:25 | 000,000,000 | ---D | M] -- C:\Users\Ghislain\AppData\Roaming\Origin
[2012.10.03 21:39:58 | 000,000,000 | ---D | M] -- C:\Users\Ghislain\AppData\Roaming\PACE Anti-Piracy
[2012.11.02 15:59:13 | 000,000,000 | ---D | M] -- C:\Users\Ghislain\AppData\Roaming\PunkBuster
[2012.11.15 18:56:18 | 000,000,000 | ---D | M] -- C:\Users\Ghislain\AppData\Roaming\redsn0w
[2012.11.28 18:53:27 | 000,000,000 | ---D | M] -- C:\Users\Ghislain\AppData\Roaming\Theta
[2012.09.22 19:54:14 | 000,000,000 | ---D | M] -- C:\Users\Ghislain\AppData\Roaming\TP-LINK
[2012.11.16 22:09:20 | 000,000,000 | ---D | M] -- C:\Users\Ghislain\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 987 bytes -> C:\Users\Ghislain\AppData\Local\Temp:QEl4spFOWrTKcivfob
@Alternate Data Stream - 1038 bytes -> C:\Users\Ghislain\AppData\Local\Aoo36ZmGW:4EJkD956Ipp7LudImNY7kTsCy

< End of report >
         
--- --- ---


EXTRAS:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 29.11.2012 17:09:52 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ghislain\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,53 Gb Available Physical Memory | 75,58% Memory free
12,00 Gb Paging File | 10,46 Gb Available in Paging File | 87,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 9,91 Gb Free Space | 8,31% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 441,02 Gb Free Space | 94,69% Space Free | Partition Type: NTFS
Drive F: | 1863,01 Gb Total Space | 640,31 Gb Free Space | 34,37% Space Free | Partition Type: NTFS
 
Computer Name: GHISLAIN-PC | User Name: Ghislain | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09BAAE2F-BA41-46E3-8BD6-35CCA1C6BD48}" = lport=138 | protocol=17 | dir=in | app=system | 
"{0B1347F5-0906-42C1-A2D5-9305F3AA4AC6}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{1BDF8BBD-F4A1-4558-B5D6-707C2CD7AF78}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{215452EF-208F-46A2-8DAC-0347F7B6FFF4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{23E9AA83-F568-4356-BBDD-44170F2F12AE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{25455C12-DB31-4AA9-902D-8D46C389F2FC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{299FFC8A-6D92-4577-B85A-B51D9C9DFD46}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{29E3497A-BC71-41E1-B724-8E9DC88A45F1}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{2BF51FDE-5692-4788-9536-CB788A0BCDB7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{2D2D7852-546C-442E-9D9F-3D2660D90769}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{3451EB61-4EAD-44CB-86A2-A7C6C7899F18}" = rport=138 | protocol=17 | dir=out | app=system | 
"{36CD958A-E68B-4BDA-8280-B086DBA1D290}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{3946FBBF-B413-4A85-8DFE-5A7E5D9B6F48}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3A15BBA2-CC36-450A-8061-015CC0CAC4FB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4AB6D921-4DB1-48B9-B8A7-B8500ED5C46E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4C0B79C3-55DE-4CDB-8930-9032AFCC45A4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4C808F57-EFBB-434F-92DE-2AB71E1606C4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5362FAE9-E5DC-452D-B963-1481D7239E82}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{56E4CE4F-89BB-4B10-BE41-957140DD0E8F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{66D8237D-6EBD-4312-A580-78E5BD2693D1}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7AE8332B-3B88-4606-B28E-EDAF023832EE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{85003D4D-222C-478A-A2BB-3D657A04EC4D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8B009E8C-B292-48C6-90F0-81542F91DC6D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8C21766C-B503-446C-AF60-25ABAD5D7886}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9124AFD4-7B37-4146-A547-A33253BDB646}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9AA8435E-6BFE-483F-A966-2054574A706C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A2DCBAD7-733D-4BBF-AF57-6A0734986C1B}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{AC37ABCB-991C-4E17-B475-D382BD8F86A4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B11AA744-FAFC-4486-BF7E-DA054D89269B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B8EB1B33-99CD-4F7D-A280-3E07F88EE21F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BB79907C-D8BB-4738-B9E2-E2BC4035FC9C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C227444B-DE02-4B4C-971F-A515DCDA7219}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D2243EE1-BAB4-4921-BB6A-E9A56ECC7857}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D670CC48-A54E-4FE2-A4DF-5F48E102A73A}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{DB02DA76-DB26-4309-A502-E0EF334AA843}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DDF6F664-EDDD-4C64-9E16-CC899E2BAF69}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E50FC1D2-DB0F-4D65-A42D-0D192F313FE5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EADCE98C-8B9A-4647-BC68-F22F72A4356B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F46503D0-B8B1-48E1-9B45-A9D155B706B6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F76157DB-A227-4A8B-8558-2FFFFE7AFE16}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B6F2A2-E3B0-4BAF-AA3F-F3BEBD45066F}" = dir=in | app=%programfiles% (x86)\ubisoft\ubisoft game launcher\uplay.exe | 
"{015E0EA5-0461-4DBC-9080-645AC0372AB6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{023DBDD7-431A-482D-8434-B8526BC5168B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0498B043-5D56-4D58-A823-0E9F74BFECDE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{07B6F207-624D-4B31-8C3F-97BE1363E934}" = protocol=17 | dir=in | app=c:\users\ghislain\appdata\local\temp\7zs8162.tmp\symnrt.exe | 
"{0AB4277D-DB31-4CF1-97F7-EA1BD862C17F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0D9FA15A-6061-44DB-B067-234019B63F6F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe | 
"{12FC219B-FD66-439A-B7D5-5F605EFF1B3F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | 
"{169032A9-DA87-4451-837A-5E1E753C2A16}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{1794D873-9879-4C05-892E-36E6B5CDF0A6}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{17A82A84-CC95-4102-BF84-A62FADAD4DAE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{181CEF7B-40A1-438D-B632-EE58700B3DEE}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{1B1B189F-471C-4456-8DF3-8BDAF86C3070}" = dir=out | app=%programfiles% (x86)\euro truck simulator 2\bin\win_x86\eurotrucks2.exe | 
"{234A28F7-CC18-40B7-9274-86D2D6514FCC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | 
"{266A5B74-9873-4AE9-B734-3436166958A6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2A022FC9-455A-45E1-BE97-9179DFFEB13F}" = protocol=6 | dir=out | app=system | 
"{2A140FE6-6E00-44F0-9CEC-970D37D7864B}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{2AF7A3E6-AE12-4900-ABF2-51346C2D5B2B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{2B31D403-DF68-49FB-8604-40233BE64FD3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2B364891-7CDC-4E48-8BB7-85A3A891A8DC}" = dir=in | app=%programfiles% (x86)\euro truck simulator 2\bin\win_x86\eurotrucks2.exe | 
"{2CCB029E-A720-4F36-95F0-5CF9E69492AD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2E767059-157D-49C4-B279-FEAB928EB136}" = protocol=17 | dir=in | app=c:\users\ghislain\appdata\local\apps\2.0\tyvdyyy2.j5y\7nknkjtr.cg3\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{325A90F0-9DDF-4FEB-AB16-FA6B68D6C76C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{35EE9059-FAAB-4F89-AAFC-44AD637AE6C8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{362A339D-B013-4370-86AD-A0AFC9D1B814}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{37147741-4166-48BF-8A36-8ABB9A30F8AD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{3A70222D-865C-4A85-9041-7FC7F81A1E65}" = protocol=6 | dir=in | app=c:\users\ghislain\appdata\local\temp\7zs51d0.tmp\symnrt.exe | 
"{3D10625C-4369-456B-AAC7-DA3B2F492C0F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{407E0E7E-CDC4-47AF-96C3-EF5C0BDDE3CF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{48D93D06-53A6-494D-9F88-0B248A7BE1C3}" = dir=in | app=c:\users\ghislain\documents\the war z\warz.exe | 
"{4902F508-7451-4CF8-8640-630A148B03A7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{4ED5E9BF-7EB6-4A7F-96E1-B22D05B050C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{50129A3F-6B9B-4274-8852-6A0AFB5834D7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{50C55F1B-B51B-49BD-887D-66E155079D5B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{516965A7-BE40-470F-8C16-D15E7AF3602B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{54883680-11F4-4E30-A7FA-F7BC2C956059}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe | 
"{5B16B6B4-993F-49FF-B252-9F56420C9A68}" = protocol=6 | dir=in | app=c:\users\ghislain\appdata\local\temp\7zs78b1.tmp\symnrt.exe | 
"{5C4A4409-D074-4D0D-9F09-1AFC9DFC5D55}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5FE1E5CC-630B-4774-BDE1-567D03CD9FAB}" = protocol=17 | dir=in | app=c:\users\ghislain\appdata\local\temp\7zs91a.tmp\symnrt.exe | 
"{63D1EA9F-959A-49F8-8845-4842F690CDB5}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | 
"{65B6E582-7A9E-4990-ABAA-07D1463E2B93}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{664C5418-E6DF-4753-BE67-F05A0B5CE1CC}" = dir=out | app=e:\showdown.exe | 
"{66F2CF10-5687-4765-B498-A3C5D52A0196}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{678D6B89-4AE6-4E8D-97E9-C98C16ED9715}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6CD5BC11-7A2B-48DD-9542-F7701DD7AE2D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7706A959-FC00-4DD1-B8CD-9A6840860C7D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7D3D0AA6-E28D-4C50-95EC-BB935A1BF693}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{82BAEEEB-4151-419F-9FB1-434E4FE50271}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{894FB44C-FBD1-4D1B-8383-1F42DAD9346E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe | 
"{8C0499A1-B27D-425A-9B00-09E790BC6629}" = protocol=17 | dir=in | app=c:\users\ghislain\appdata\local\temp\7zs51d0.tmp\symnrt.exe | 
"{909E80E1-D439-42D3-9D8A-7FBCCE27885B}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{952FC044-8D93-4E83-9416-C9DF486D22CC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{98E3F3BB-B41B-4ED5-AF08-28B1E1C6AE45}" = dir=in | app=%programfiles% (x86)\ubisoft\assassin's creed iii\ac3sp.exe | 
"{9A17587C-7DBC-4B04-B7D5-4CDD0BC66D9C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9B2B8783-0F41-4C8D-B03B-DF3DAD6CF8AE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{9B2EC807-F572-405C-97CF-8169BE9941D9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A34D68E1-1455-40F5-B4C1-CEBF5C27FE34}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | 
"{A7E30E6D-773E-42D2-9AE9-9E2A98C33D90}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{AB4DC818-F9E1-4B8F-92C2-C1C49A6B04FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AC42E557-5AC2-4F66-81E5-E41AD9A497B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AC86CD74-F247-417F-8664-9A022DC2E1F5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{AD563666-9DC3-460B-B94F-A508D60267C5}" = protocol=17 | dir=in | app=c:\users\ghislain\appdata\local\temp\7zs78b1.tmp\symnrt.exe | 
"{AE8AC5CA-51D5-4D1A-BCD0-3FC61A23C4F7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AF041358-39FC-488A-8BEC-7AC0227FA309}" = protocol=6 | dir=in | app=c:\users\ghislain\appdata\local\temp\7zs91a.tmp\symnrt.exe | 
"{AF79930E-CB65-43B8-9A49-4B6C5AA25B14}" = protocol=6 | dir=in | app=c:\users\ghislain\appdata\local\apps\2.0\tyvdyyy2.j5y\7nknkjtr.cg3\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{AFEFB020-8432-4972-ABEF-3B2712F8EEF9}" = protocol=6 | dir=in | app=c:\users\ghislain\appdata\local\temp\7zs8162.tmp\symnrt.exe | 
"{B6DB395D-5A7B-47D8-A952-B070A87D269A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BE3EEA20-D49E-49D1-B847-6D3B975AC22C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe | 
"{C4E22007-FF5F-4045-9E39-5CCE9ECA93A9}" = protocol=6 | dir=in | app=c:\users\ghislain\appdata\local\apps\2.0\tyvdyyy2.j5y\7nknkjtr.cg3\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{C86626DE-DCA1-4A29-8638-379D31228F1F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe | 
"{CCCFE8AD-EF80-4D46-9A0E-51554CE3B422}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | 
"{CECF2BFF-1102-46E7-AFD9-E35BF9C95E36}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{CF067996-3010-4613-8C15-94F23643BDE6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{CFEDC432-8254-42F6-9965-F9D2C89B54FB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{D2A51813-3974-440E-B6FF-AC79E4CB0AB8}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{D36996EA-E950-4797-8636-0B26702B6D4A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{D962AE42-E892-41A8-A060-588924C76859}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | 
"{DD34AF4B-D6F1-448E-83D8-9B343161DBE7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | 
"{E65AF79B-7FE5-47E4-B297-FBAEEA5706B5}" = dir=out | app=%programfiles% (x86)\ubisoft\ubisoft game launcher\uplay.exe | 
"{E95F3B9F-EFA7-41E7-81E4-E4419B0B84A0}" = protocol=17 | dir=in | app=c:\users\ghislain\appdata\local\apps\2.0\tyvdyyy2.j5y\7nknkjtr.cg3\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{EBDE72E9-022F-40C2-BCCF-CA681C2503D7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{ED1C48B5-1CD7-4B58-8415-7C4EB7ED18A7}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | 
"{EF455E83-972B-4C56-B92D-A9FE4210E9F3}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | 
"{F0E50961-4221-4F6C-8E17-1E46B076F82B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{F1862384-A77D-4D63-83B2-B7CC127C7F8C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F39E4410-C80A-4D7E-9D88-00B11491B7C8}" = protocol=6 | dir=in | app=c:\users\ghislain\appdata\local\temp\7zse5a5.tmp\symnrt.exe | 
"{F7BAD85D-0B67-47C2-A760-36AEDBCCE34C}" = protocol=17 | dir=in | app=c:\users\ghislain\appdata\local\temp\7zse5a5.tmp\symnrt.exe | 
"{F8950105-0D05-43CE-BC55-6F54D12602A6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | 
"{FED8A6E6-EB0F-428F-B3BF-FC80EB9DD8BD}" = dir=out | app=%programfiles% (x86)\ubisoft\assassin's creed iii\ac3sp.exe | 
"{FFA69CC0-8AC7-4B7B-9B67-503F5A41B55D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe | 
"TCP Query User{87A4C00A-B119-446E-8765-FEC1AACC8967}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{F484DFAC-D283-48AA-9A3D-08C6DAB78DF9}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.62
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Pen Tablet Driver" = Bamboo
"sp6" = Logitech SetPoint 6.32
"VLC media player" = VLC media player 2.0.2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{319D91C6-3D44-436C-9F79-36C0D22372DC}" = TP-LINK Wireless Configuration Utility
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.03
"{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}" = TL-WN721N/TL-WN722N Driver
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed III 1.01
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1" = The War Z version alpha
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.11 Game
"{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"0630-0716-3135-7887" = JDownloader 2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Afterburner" = MSI Afterburner 2.2.5
"Audacity_is1" = Audacity 2.0.2
"AudioCS" = Creative Audio-Systemsteuerung
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"DTS Connect Pack" = DTS Connect Pack
"FileZilla Client" = FileZilla Client 3.5.3
"Fraps" = Fraps (remove only)
"Free YouTube Download_is1" = Free YouTube Download version 3.1.38.1005
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.1.2
"NIS" = Norton Internet Security
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Origin" = Origin
"PrecisionX" = EVGA Precision X 3.0.3
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.94
"SpeedFan" = SpeedFan (remove only)
"Steam App 113400" = APB Reloaded
"Uplay" = Uplay
"VLC media player" = VLC media player 1.1.1
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28.11.2012 15:57:59 | Computer Name = Ghislain-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 28.11.2012 16:11:08 | Computer Name = Ghislain-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 28.11.2012 16:11:08 | Computer Name = Ghislain-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 28.11.2012 16:11:08 | Computer Name = Ghislain-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 28.11.2012 16:20:17 | Computer Name = Ghislain-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 28.11.2012 16:20:17 | Computer Name = Ghislain-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 28.11.2012 16:20:17 | Computer Name = Ghislain-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 29.11.2012 12:00:56 | Computer Name = Ghislain-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 29.11.2012 12:00:56 | Computer Name = Ghislain-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 29.11.2012 12:00:56 | Computer Name = Ghislain-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
[ System Events ]
Error - 28.11.2012 15:23:23 | Computer Name = Ghislain-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 28.11.2012 15:51:52 | Computer Name = Ghislain-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 28.11.2012 16:04:34 | Computer Name = Ghislain-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?11.?2012 um 20:59:37 unerwartet heruntergefahren.
 
Error - 28.11.2012 16:04:42 | Computer Name = Ghislain-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 28.11.2012 16:13:34 | Computer Name = Ghislain-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 28.11.2012 16:13:35 | Computer Name = Ghislain-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 28.11.2012 16:13:48 | Computer Name = Ghislain-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 29.11.2012 11:55:00 | Computer Name = Ghislain-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 29.11.2012 12:08:07 | Computer Name = Ghislain-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 29.11.2012 12:08:44 | Computer Name = Ghislain-PC | Source = ipnathlp | ID = 31004
Description = 
 
 
< End of report >
         
--- --- ---


Alt 30.11.2012, 07:35   #6
Psychotic
/// Malwareteam
 
Verdächte Cpu Last nach Beendigung von Spiel - Standard

Verdächte Cpu Last nach Beendigung von Spiel



Zitat:
O1 - Hosts: 127.0.0.1 lmlicenses.wip4.adobe.com
O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com

Wer geklaute Software einsetzt, braucht sich über Ärger am Rechner nicht zu wundern...





Alleine der Besuch auf Seiten, welche diese Dateien zum Download anbieten, beinhaltet ein hohes Risiko sich zu infizieren.

Wenn Du den Crack startest, startest du eine ausführbare Datei aus einer sehr dubiosen Quelle. Im Quellcode der Datei kann alles mögliche stehen. ( z.B downloaden und ausführen von Malwaredateien )
Dies ist einer der Hauptursachen für Infektionen.

Ausserdem sind Cracks, Keygens, usw. illegal und das ist genauso Diebstahl wie in einem Laden.
Darum haben wir uns darauf geeinigt:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Deshalb beschränkt sich unsere Hilfe für dich auf eine Anleitung zur Neuinstallation und Absicherung des Systems
__________________
--> Verdächte Cpu Last nach Beendigung von Spiel

Alt 30.11.2012, 13:45   #7
MrSlainkoeni
 
Verdächte Cpu Last nach Beendigung von Spiel - Standard

Verdächte Cpu Last nach Beendigung von Spiel



Wie bitte? Ich hab AcIII ganz normal im Laden gekauft! Es ist auch bei Uplay eingetragen!

Antwort

Themen zu Verdächte Cpu Last nach Beendigung von Spiel
auslastung, cpu, cpu auslastung, fehler, fps, gefangen, geschieht, kurzem, neu, plötzlich, situation, spiel, spiele, starte, verabschiedet, wenige




Ähnliche Themen: Verdächte Cpu Last nach Beendigung von Spiel


  1. Win. 7: Webseiten werden auf Werbung umgeleitet, Spiel minimiert sich nach start
    Log-Analyse und Auswertung - 11.08.2015 (24)
  2. Spiel laggt
    Alles rund um Windows - 04.01.2014 (18)
  3. PC stürzt ab, keine Screenshots in einem Spiel bzw. kein Vollbild während das Spiel läuft möglich.
    Plagegeister aller Art und deren Bekämpfung - 12.02.2012 (1)
  4. Spiel mir das Lied vom Rootkit
    Nachrichten - 30.01.2012 (0)
  5. Nach Online Spiel plötzlich Computer Chaos: Sich öffnende Fenster, Buchstabenchaos etc.
    Plagegeister aller Art und deren Bekämpfung - 26.06.2011 (11)
  6. Nach PC-Spiel (SIMS2) blue screen auf Inspiron 6000
    Alles rund um Windows - 05.04.2010 (0)
  7. ie doppelt im TM und startet nach Beendigung von alleine neu
    Plagegeister aller Art und deren Bekämpfung - 24.02.2010 (15)
  8. PC Spiel Stürzt ab.. Hilfe!!!!
    Alles rund um Windows - 06.01.2009 (16)
  9. Nach dem start eines Spiel fährt mein rechner runter
    Plagegeister aller Art und deren Bekämpfung - 19.11.2008 (5)
  10. spiel entfernen
    Alles rund um Windows - 12.02.2008 (2)
  11. Reboot bei PC-Spiel
    Plagegeister aller Art und deren Bekämpfung - 03.02.2006 (5)
  12. Online Spiel
    Mülltonne - 02.03.2005 (0)
  13. Spiel installieren
    Alles rund um Windows - 01.08.2004 (1)
  14. Spiel von Usbflashstick?
    Alles rund um Windows - 11.05.2003 (0)

Zum Thema Verdächte Cpu Last nach Beendigung von Spiel - Hallo, folgende Situation: seit kurzem starte ich Assassins Creed III, spiele wenige Sekunden...Und plötzlich werden aus 40 fps nur 15 und die core 2+3 (angefangen bei core 0) schießen auf - Verdächte Cpu Last nach Beendigung von Spiel...
Archiv
Du betrachtest: Verdächte Cpu Last nach Beendigung von Spiel auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.