| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Avira meldet JAVA/Lamar.teq.69 uvm.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.07.2013, 21:44
| #1 |
 |  Avira meldet JAVA/Lamar.teq.69 uvm. Hallo ! Seit heute Mittag habe ich bemerkt, dass meine Ping bei Online-Games extremst hoch ist. Dadurch habe ich auch bemerkt das meine Downloadrate bei ca. 30kb/s liegt, und das ist sehr langsam. ( normalerweise habe ich 300 ) Habe Avira mal laufen gelassen und es hat ganze 21 Meldungen und 21 Funde geleistet, was mich sehr wundert, denn ich habe den PC erst vor etwa 2Monaten neu gekauft. Hier die Logdaten : OTL Log : OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.07.2013 22:23:42 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Flo\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,94 Gb Total Physical Memory | 13,57 Gb Available Physical Memory | 85,12% Memory free 31,89 Gb Paging File | 29,50 Gb Available in Paging File | 92,51% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 840,23 Gb Free Space | 90,21% Space Free | Partition Type: NTFS Drive E: | 465,75 Gb Total Space | 213,68 Gb Free Space | 45,88% Space Free | Partition Type: NTFS Computer Name: FLO-PC | User Name: Flo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.03 22:21:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Flo\Downloads\OTL.exe PRC - [2013.06.27 13:51:29 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.06.27 13:50:16 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.06.27 13:50:15 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.06.03 13:06:20 | 003,999,512 | ---- | M] () -- E:\Tobit Radio.fx\Server\rfx-server.exe PRC - [2013.05.16 16:44:05 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe PRC - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.05.16 16:38:28 | 001,213,216 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe PRC - [2013.05.12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2005.06.06 22:47:22 | 000,036,864 | ---- | M] () -- C:\Windows\SysWOW64\acs.exe ========== Modules (No Company Name) ========== MOD - [2005.06.06 22:47:22 | 000,036,864 | ---- | M] () -- C:\Windows\SysWOW64\acs.exe ========== Services (SafeList) ========== SRV - [2013.07.03 21:39:14 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.06.28 14:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2013.06.27 13:51:29 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.06.27 13:50:16 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.06.12 15:34:11 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.06.03 13:06:20 | 003,999,512 | ---- | M] () [Auto | Running] -- E:\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx) SRV - [2013.05.29 20:53:02 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService) SRV - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.05.12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2005.06.06 22:47:22 | 000,036,864 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\acs.exe -- (ACS) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.06.23 18:17:18 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2013.05.10 20:30:44 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.05.10 20:30:44 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.05.10 20:30:44 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.02.25 07:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2013.02.05 22:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.05.20 18:25:32 | 000,789,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.05.20 18:25:32 | 000,357,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.05.20 18:25:32 | 000,019,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.09.29 11:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.07.23 11:55:39 | 001,261,056 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp) DRV:64bit: - [2009.11.24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.22 13:46:06 | 003,552,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2009.02.08 22:43:10 | 000,111,104 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hxctlflt.sys -- (hxctlflt) DRV:64bit: - [2008.07.29 04:47:00 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2003.07.03 17:53:26 | 000,028,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\usbccgp.sys -- (usbccgp) DRV - [2003.07.03 17:52:58 | 000,053,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\usbhub.sys -- (usbhub) DRV - [2003.07.03 17:51:46 | 000,019,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\usbuhci.sys -- (usbuhci) DRV - [2003.07.03 17:51:16 | 000,016,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\usbohci.sys -- (usbohci) DRV - [2003.07.03 17:50:46 | 000,025,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\usbehci.sys -- (usbehci) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=bb844c9c-37b9-4e25-9b8b-acd121026c5c&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=23/06/2013&type=hp1000 IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=bb844c9c-37b9-4e25-9b8b-acd121026c5c&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=23/06/2013&type=hp1000 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=bb844c9c-37b9-4e25-9b8b-acd121026c5c&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=23/06/2013&type=hp1000 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=bb844c9c-37b9-4e25-9b8b-acd121026c5c&searchtype=hp&fr=linkury-tb&installDate=23/06/2013&type=hp1000 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7C FA 73 A7 A8 4D CE 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=bb844c9c-37b9-4e25-9b8b-acd121026c5c&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=23/06/2013&type=hp1000 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=bb844c9c-37b9-4e25-9b8b-acd121026c5c&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=23/06/2013&type=hp1000 IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=bb844c9c-37b9-4e25-9b8b-acd121026c5c&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=23/06/2013&type=hp1000 IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{4190FC25-89AC-46AA-95B4-03C53FFE65FC}: "URL" = hxxp://searchou.com/?q={searchTerms}&id=3cee3b3500000000000094de80602626&r=624 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultenginename,S: S", "" FF - prefs.js..browser.search.defaultthis.engineName: "TheFreeGames Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3305104&CUI=UN18221831234481312&UM=2&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.order.1,S: S", "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.selectedEngine,S: S", "" FF - prefs.js..browser.search.useDBForOrder: "false" FF - prefs.js..browser.startup.homepage: "https://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.9 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF - prefs.js..keyword.URL: "" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.03 21:39:12 | 000,000,000 | ---D | M] [2013.05.10 20:08:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Flo\AppData\Roaming\mozilla\Extensions [2013.07.01 16:22:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\k0unnux0.default\extensions [2013.06.23 21:40:42 | 000,000,000 | ---D | M] (TheFreeGames) -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\k0unnux0.default\extensions\{af60a4bd-4236-4fcf-802a-d9115bc85e6a} [2013.07.01 16:21:56 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\k0unnux0.default\extensions\ich@maltegoetz.de [2013.07.01 16:22:20 | 000,010,592 | ---- | M] () (No name found) -- C:\Users\Flo\AppData\Roaming\mozilla\firefox\profiles\k0unnux0.default\extensions\YoutubeVideoDownloader@gefruckelt.de.xpi [2013.05.25 20:47:15 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\Flo\AppData\Roaming\mozilla\firefox\profiles\k0unnux0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013.06.23 21:40:43 | 000,001,001 | ---- | M] () -- C:\Users\Flo\AppData\Roaming\mozilla\firefox\profiles\k0unnux0.default\searchplugins\conduit.xml [2013.06.15 23:39:05 | 000,001,378 | ---- | M] () -- C:\Users\Flo\AppData\Roaming\mozilla\firefox\profiles\k0unnux0.default\searchplugins\privitize.xml [2013.06.23 18:18:29 | 000,002,507 | ---- | M] () -- C:\Users\Flo\AppData\Roaming\mozilla\firefox\profiles\k0unnux0.default\searchplugins\Web Search.xml [2013.07.03 21:39:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.07.03 21:39:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.06.20 18:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation) O4 - HKLM..\Run: [ACU] C:\Program Files (x86)\TP-LINK\TWCU\TWCU.exe (Atheros Communications, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [TP-LINK Configuration Service] C:\Windows\SysWow64\acs.exe () O4 - HKCU..\Run: [rfxsrvtray] E:\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C227630-0214-489D-9767-16C07AAE5BE5}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5779AA19-6EE9-44F8-A69F-EEC776301270}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - AppInit_DLLs: (c:\progra~2\magnipic\sprote~1.dll) - c:\progra~2\magnipic\sprote~1.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.03.01 15:08:22 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.03 21:39:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.07.02 13:57:03 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys [2013.07.02 13:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2013.07.02 13:56:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2013.07.01 16:14:46 | 000,000,000 | ---D | C] -- C:\Users\Flo\Desktop\Neuer Ordner [2013.07.01 15:30:48 | 000,000,000 | ---D | C] -- C:\Users\Flo\Documents\Fairground 2 [2013.07.01 14:09:50 | 000,289,312 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysWow64\drivers\ar55239x.sys [2013.07.01 14:09:49 | 000,000,000 | ---D | C] -- C:\Windows\Options [2013.07.01 14:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK [2013.07.01 14:01:18 | 000,409,600 | ---- | C] (Atheros) -- C:\Windows\SysWow64\athcfg11.dll [2013.07.01 14:01:18 | 000,077,824 | ---- | C] (Atheros) -- C:\Windows\SysWow64\athcfg11loc.dll [2013.07.01 14:01:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TP-LINK [2013.07.01 14:00:49 | 000,000,000 | ---D | C] -- C:\temp [2013.07.01 14:00:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2013.06.30 19:22:18 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.06.30 19:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.06.30 19:22:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.06.30 03:43:29 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\MinMaxGames [2013.06.27 18:18:51 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\Vidalia [2013.06.26 17:58:57 | 000,000,000 | ---D | C] -- C:\Users\Flo\Documents\Rockstar Games [2013.06.26 17:55:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2013.06.26 17:55:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [2013.06.26 17:55:18 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\Rockstar Games [2013.06.26 17:55:11 | 000,000,000 | RH-D | C] -- C:\Users\Flo\AppData\Roaming\SecuROM [2013.06.26 17:55:10 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2013.06.26 17:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE [2013.06.26 17:54:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2013.06.26 17:54:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2013.06.25 21:02:13 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\TS3Client [2013.06.25 21:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2013.06.25 20:49:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bridge Bundle [2013.06.25 20:49:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vidalia Bridge Bundle [2013.06.25 20:14:48 | 034,954,912 | ---- | C] (TeamSpeak Systems GmbH) -- C:\Users\Flo\Desktop\TeamSpeak3-Client-win64-3.0.10.1.exe [2013.06.23 21:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3 [2013.06.23 21:25:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.3 [2013.06.23 18:17:18 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2013.06.23 18:17:16 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\DAEMON Tools Lite [2013.06.23 18:17:15 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\OpenCandy [2013.06.23 18:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2013.06.23 18:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2013.06.15 23:51:01 | 000,000,000 | ---D | C] -- C:\Users\Flo\Documents\My Cheat Tables [2013.06.15 23:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp [2013.06.15 23:39:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagniPic [2013.06.15 23:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate [2013.06.11 17:57:17 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd [2013.06.11 17:57:16 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\Logitech [2013.06.11 17:57:16 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\Leadertech [2013.06.11 17:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2013.06.11 17:56:45 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software [2013.06.11 17:56:27 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\Logitech [2013.06.11 17:56:26 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\Logishrd [2013.06.11 17:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 [2013.06.11 17:11:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Euro Truck Simulator 2 [2013.06.10 22:46:14 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2013.06.10 19:50:18 | 000,000,000 | ---D | C] -- C:\Users\Flo\Documents\Euro Truck Simulator 2 [2013.06.09 06:35:44 | 000,000,000 | ---D | C] -- C:\Users\Flo\Documents\Music Maker 2013 [2013.06.09 06:35:44 | 000,000,000 | ---D | C] -- C:\Users\Flo\Documents\MAGIX Downloads [2013.06.09 06:35:44 | 000,000,000 | ---D | C] -- C:\Users\Flo\Documents\MAGIX [2013.06.09 06:35:44 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\MAGIX [2013.06.09 06:32:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2013.06.09 06:32:35 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX [2013.06.09 06:32:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Services [2013.06.06 22:19:15 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\ArmA 2 [2013.06.06 22:00:37 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [2013.06.04 17:07:24 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\thriXXX [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.03 22:21:50 | 000,000,000 | ---- | M] () -- C:\Users\Flo\defogger_reenable [2013.07.03 22:21:03 | 000,050,477 | ---- | M] () -- C:\Users\Flo\Desktop\Defogger.exe [2013.07.03 22:15:54 | 003,706,036 | ---- | M] () -- C:\Users\Flo\Desktop\Trojaner Board.png [2013.07.03 21:33:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.03 21:07:43 | 000,019,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.03 21:07:43 | 000,019,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.03 21:03:55 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.03 21:03:55 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.03 21:03:55 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.03 21:03:55 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.03 21:03:55 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.03 20:57:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.03 20:57:39 | 4250,103,806 | -HS- | M] () -- C:\hiberfil.sys [2013.07.02 13:57:00 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2013.07.01 17:17:09 | 043,746,197 | ---- | M] () -- C:\Users\Flo\Desktop\Rome und Julia Film.mp4 [2013.07.01 14:46:44 | 000,029,139 | ---- | M] () -- C:\Users\Flo\blond scene hair - 1.jpg [2013.07.01 14:09:44 | 000,014,750 | ---- | M] () -- C:\Windows\SysWow64\mdc8021x.vxd [2013.07.01 14:09:44 | 000,001,726 | ---- | M] () -- C:\Windows\ndinst.exe [2013.07.01 14:09:37 | 000,000,788 | ---- | M] () -- C:\Users\Flo\Desktop\TWCU.lnk [2013.06.30 19:22:18 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.06.30 03:43:11 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat [2013.06.28 21:13:17 | 023,416,832 | ---- | M] () -- C:\Users\Flo\Desktop\SkypeSetup_6.5.32.158.msi [2013.06.27 13:51:46 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.06.26 17:55:10 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2013.06.26 17:53:21 | 000,000,201 | ---- | M] () -- C:\Users\Flo\Desktop\Grand Theft Auto IV.url [2013.06.25 21:02:11 | 000,000,630 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2013.06.25 20:17:26 | 034,954,912 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Users\Flo\Desktop\TeamSpeak3-Client-win64-3.0.10.1.exe [2013.06.24 16:46:36 | 000,013,305 | ---- | M] () -- C:\Users\Flo\Desktop\Energieoptionen - Verknüpfung.lnk [2013.06.23 21:43:34 | 000,000,009 | ---- | M] () -- C:\END [2013.06.23 21:25:22 | 000,001,089 | ---- | M] () -- C:\Users\Flo\Desktop\Cheat Engine.lnk [2013.06.23 18:17:18 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2013.06.22 01:25:47 | 015,125,840 | ---- | M] () -- C:\Users\Flo\ts3_recording_13_06_22_1_24_26.wav [2013.06.17 15:41:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.06.11 17:11:56 | 000,001,336 | ---- | M] () -- C:\Users\Public\Desktop\Euro Truck Simulator 2.lnk [2013.06.09 06:37:12 | 000,349,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.06.09 06:33:11 | 000,120,200 | ---- | M] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2013.06.05 15:00:24 | 000,000,375 | ---- | M] () -- C:\Windows\SysWow64\checkFileList.lst [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.03 22:21:50 | 000,000,000 | ---- | C] () -- C:\Users\Flo\defogger_reenable [2013.07.03 22:21:01 | 000,050,477 | ---- | C] () -- C:\Users\Flo\Desktop\Defogger.exe [2013.07.03 22:15:54 | 003,706,036 | ---- | C] () -- C:\Users\Flo\Desktop\Trojaner Board.png [2013.07.01 17:15:18 | 043,746,197 | ---- | C] () -- C:\Users\Flo\Desktop\Rome und Julia Film.mp4 [2013.07.01 14:46:43 | 000,029,139 | ---- | C] () -- C:\Users\Flo\blond scene hair - 1.jpg [2013.07.01 14:09:50 | 000,145,744 | ---- | C] () -- C:\Windows\SysWow64\drivers\ar5523.bin [2013.07.01 14:09:49 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\acs.exe [2013.07.01 14:09:49 | 000,012,357 | ---- | C] () -- C:\Windows\SysWow64\net5523.inf [2013.07.01 14:09:49 | 000,001,622 | ---- | C] () -- C:\Windows\SysWow64\athfmwdl.inf [2013.07.01 14:09:49 | 000,000,026 | R--- | C] () -- C:\Windows\SysWow64\net5523.cat [2013.07.01 14:09:49 | 000,000,026 | R--- | C] () -- C:\Windows\SysWow64\athfmwdl.cat [2013.07.01 14:09:44 | 000,014,750 | ---- | C] () -- C:\Windows\SysWow64\mdc8021x.vxd [2013.07.01 14:09:44 | 000,001,726 | ---- | C] () -- C:\Windows\ndinst.exe [2013.07.01 14:09:41 | 000,114,688 | R--- | C] () -- C:\Windows\SysWow64\AegisI2.exe [2013.07.01 14:09:37 | 000,000,788 | ---- | C] () -- C:\Users\Flo\Desktop\TWCU.lnk [2013.06.30 19:22:18 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2013.06.30 03:43:11 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2013.06.28 21:11:22 | 023,416,832 | ---- | C] () -- C:\Users\Flo\Desktop\SkypeSetup_6.5.32.158.msi [2013.06.26 17:53:21 | 000,000,201 | ---- | C] () -- C:\Users\Flo\Desktop\Grand Theft Auto IV.url [2013.06.25 21:02:11 | 000,000,630 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2013.06.24 16:46:36 | 000,013,305 | ---- | C] () -- C:\Users\Flo\Desktop\Energieoptionen - Verknüpfung.lnk [2013.06.23 21:37:32 | 000,000,009 | ---- | C] () -- C:\END [2013.06.23 21:25:22 | 000,001,089 | ---- | C] () -- C:\Users\Flo\Desktop\Cheat Engine.lnk [2013.06.22 01:24:28 | 015,125,840 | ---- | C] () -- C:\Users\Flo\ts3_recording_13_06_22_1_24_26.wav [2013.06.17 15:41:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.06.14 19:49:59 | 000,008,704 | ---- | C] () -- C:\Users\Flo\Desktop\Aimbot GTA SA.exe [2013.06.11 17:11:56 | 000,001,336 | ---- | C] () -- C:\Users\Public\Desktop\Euro Truck Simulator 2.lnk [2013.06.05 15:00:24 | 000,000,375 | ---- | C] () -- C:\Windows\SysWow64\checkFileList.lst [2013.05.29 19:01:15 | 002,680,832 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll [2013.05.19 06:19:33 | 000,000,408 | ---- | C] () -- C:\Users\Flo\AppData\Roaming\CamShapes.ini [2013.05.19 06:19:33 | 000,000,408 | ---- | C] () -- C:\Users\Flo\AppData\Roaming\CamLayout.ini [2013.05.19 06:19:33 | 000,000,096 | ---- | C] () -- C:\Users\Flo\AppData\Roaming\Camdata.ini [2013.05.19 06:18:29 | 000,004,509 | ---- | C] () -- C:\Users\Flo\AppData\Roaming\CamStudio.cfg [2013.05.10 19:49:16 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.05.10 19:43:33 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2013.05.10 19:41:13 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe [2013.05.10 19:41:05 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll [2013.05.10 19:40:43 | 000,042,252 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl [2013.05.10 19:40:25 | 000,000,861 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi [2013.05.10 19:39:36 | 000,004,211 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.05.22 21:47:06 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\.Mafia Keybinder [2013.07.01 21:45:54 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\.minecraft [2013.05.10 19:41:29 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\ASUS [2013.05.20 17:36:04 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Awesomium [2013.06.23 18:17:16 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\DAEMON Tools Lite [2013.05.31 08:50:53 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Dual Monitor [2013.06.01 16:41:41 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Feuerwache [2013.06.11 17:57:16 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Leadertech [2013.06.09 06:35:45 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\MAGIX [2013.06.30 03:43:29 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\MinMaxGames [2013.06.23 21:25:21 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\OpenCandy [2013.05.29 19:33:54 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Play withSIX [2013.05.15 21:03:13 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\TeamViewer [2013.06.04 17:07:24 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\thriXXX [2013.05.29 19:01:32 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Tobit [2013.07.03 20:04:58 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\TS3Client ========== Purity Check ========== < End of report > [/Code] Extras Log : OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 03.07.2013 22:23:42 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Flo\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
15,94 Gb Total Physical Memory | 13,57 Gb Available Physical Memory | 85,12% Memory free
31,89 Gb Paging File | 29,50 Gb Available in Paging File | 92,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 840,23 Gb Free Space | 90,21% Space Free | Partition Type: NTFS
Drive E: | 465,75 Gb Total Space | 213,68 Gb Free Space | 45,88% Space Free | Partition Type: NTFS
Computer Name: FLO-PC | User Name: Flo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{046008A4-E7CF-4F7E-9080-1211BA331DBE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{06555D36-C653-4CB6-A29E-796666B91F80}" = rport=137 | protocol=17 | dir=out | app=system |
"{13F5AD3B-9181-4861-9DF7-DFB8FA628FC3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{222E8DDA-1E69-474E-BB7C-8D32EA7E2624}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{384B4B27-7306-4252-9799-807FF1F4D936}" = lport=138 | protocol=17 | dir=in | app=system |
"{486B26B8-57C5-4FAC-95DB-619180647D26}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4E52450A-AE6E-4AD1-8DDC-DE5B750F1959}" = lport=139 | protocol=6 | dir=in | app=system |
"{59A179F2-E5E7-4FA2-B5AF-7E5190A0A430}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5DB76A77-E33B-4F46-AC98-D944CCBBEFFA}" = rport=445 | protocol=6 | dir=out | app=system |
"{60ED2F19-1755-44BB-ABD8-8DA8E246174E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{724CF049-4552-4EFD-9B3F-ABECB53C7D1C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{82A75CCC-DA0B-42B3-A7BB-FB85E68E6CDF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{96B98E24-113C-4237-A4E2-A6F95492E134}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9BE9E594-ED1B-45B8-9C30-3430AC4A1069}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B444D855-FA55-4E49-900F-BDAC5BC025F7}" = rport=139 | protocol=6 | dir=out | app=system |
"{B4845240-87A7-4397-929C-3D506EBD1ABC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C629A553-867E-4195-8BEF-9B760A5AE4D2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CBA28528-88AA-4639-A2F9-08F98F04FFF5}" = lport=137 | protocol=17 | dir=in | app=system |
"{DAC4410E-E397-4801-AC2F-2407678AFA79}" = lport=445 | protocol=6 | dir=in | app=system |
"{E25236F5-D979-4E57-8EE8-1FA4FADFBCB1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E7A27C2C-870A-48E1-92F2-AA27A94BD69F}" = rport=138 | protocol=17 | dir=out | app=system |
"{F1BE7885-59D9-45AB-8F19-FFC29780ADE5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FC818A9F-49F8-4D07-BD49-6C025DD8FD54}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08080DA8-9BC2-46E4-9C7C-79E361C37441}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\metro last light\metroll.exe |
"{0CF5A351-0397-4901-9B8A-C1F13144F51D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{104C6D75-E4A7-4AA7-8F8F-65CCE2B7AB8E}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\team fortress 2\hl2.exe |
"{167D580C-5290-436B-B411-E212E595790E}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{1685D9E9-ACAD-4D49-B938-90B9A941350B}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{181A52E7-163F-446F-A59A-74BAE1C26C73}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{1A46F274-0BB9-4822-A964-FEC02C3169D8}" = protocol=17 | dir=in | app=c:\users\flo\documents\arma 2\expansion\beta\arma2oa.exe |
"{1BCFCEE5-6927-4884-B917-6D74F358299C}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe |
"{23429330-ACC0-431B-8737-3EAEE4CAF989}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{246AF1CC-E620-4EF1-82F0-792898A64AEA}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\team fortress 2\hl2.exe |
"{24870849-3A3A-497E-8529-894EC92AF1CB}" = protocol=6 | dir=out | app=system |
"{27FBDAB8-DA6D-4D27-86EE-BBE58D19AA07}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{295A8F50-CECB-47D5-93B0-BD4D583EA02B}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{29C91C0B-F938-4990-91D2-291C71309037}" = protocol=17 | dir=in | app=e:\tobit radio.fx\client\rfx-client.exe |
"{2FAF9691-26BE-4FBC-B3DD-530712A27AB7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{307357D4-8338-49ED-AFA0-3088D80E2866}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3C96EF28-6BDB-4393-8FB7-2177A888AADC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{47CAAFDE-C4D1-4F9D-B794-6761D7236130}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{482760AD-D883-4A87-AD8A-BB80D823DA54}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{49D3FE4D-1BBF-493E-B810-63549A734A1B}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"{4D8F3572-B3D0-4C2E-AD7C-C48D3E9F0003}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\team fortress 2\hl2.exe |
"{4DA4D615-BFF2-4978-AAF5-ECB849297FFA}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{4EE44C8A-EDBB-48BB-982E-36F71AF52775}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\metro last light\metroll.exe |
"{50D49448-F57E-4A03-BD86-4A936D109F44}" = protocol=17 | dir=in | app=c:\users\flo\appdata\local\play withsix\tools\mingw\bin\rsync.exe |
"{510CE35D-B185-4A0E-9369-8E3742B05C3F}" = protocol=6 | dir=in | app=e:\tobit radio.fx\server\rfx-server.exe |
"{52137FAE-8A52-4833-9939-E87AED5945B9}" = protocol=17 | dir=in | app=e:\tobit radio.fx\server\rfx-server.exe |
"{5570D459-4D56-487A-9566-BBDFD1FF2794}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\company of heroes 2\reliccoh2.exe |
"{56BED004-57CC-41EA-9002-38EEA230B09B}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{5DF85634-A049-4C33-B1BE-9E98321CDAF9}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\ava\nwzlauncher.exe |
"{5E61C014-151F-40E5-AE7E-B3EDD203D1DB}" = protocol=6 | dir=in | app=e:\steam\steam.exe |
"{5F9E009E-F014-4B67-8105-BFBFF77DBBF1}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013game.exe |
"{5FD4A9DD-4900-40CD-A123-8EFD60A5B6D3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{67566FF5-E402-4B64-8D9C-7196198A1634}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{68454C14-C597-4EEA-A34E-907A95BB0B81}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"{6B5CF052-3B9B-4661-B4CF-60ED3C2D2821}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{704B38CA-39D4-4EE3-B496-5570BE085BF4}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{717740F8-A200-4F70-B7E8-A6E9EFA1EB90}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{71A95089-4D49-4B7E-A1D6-C5A08A3DB960}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{721BCA40-07F2-4188-9352-F9E96F930BCE}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{732D90FA-3A1B-488A-BC23-1EA2B7F40CFF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7C6A6218-D0D7-4C13-BAB5-0113F896CC17}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\arma 2\arma2.exe |
"{81A00217-5586-4876-9617-9BF151A96CBE}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{833E1949-C695-402E-99D2-6FE388BDF218}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{852C7CC3-C1EB-438E-ABCE-4B76D5C0DF04}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{8BE03542-EF7E-4564-ACA9-44E295AFDE78}" = protocol=6 | dir=in | app=c:\users\flo\appdata\local\play withsix\tools\mingw\bin\rsync.exe |
"{8D8A6721-628E-4FD4-82A4-3DD5629F74DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8DE8300D-A22E-401C-ACCA-0A66EE200B3E}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013.exe |
"{9474DEA6-5BC3-4519-96CF-5CFF63471AA5}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{9B07A79E-6721-4F5F-A77A-7D4E5F33D71C}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\euro truck simulator 2 demo\bin\win_x86\eurotrucks2.exe |
"{9CDDFBE4-15B6-477C-9C1C-78C6A44AA70B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9EE5566A-6446-45B6-B5D0-C15C7ACAD5C4}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{A06426ED-8191-4B39-B809-96D68FDD9279}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A20BE0F6-F584-4287-B54E-0EACA2BC0776}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{A379A481-CD70-416C-A3A1-43F3E243678B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A3BDA910-8B3F-4E17-834E-5E1D2752788D}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{AD0E547E-A7B2-439F-A1C5-63B90C8BF272}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013.exe |
"{B1C068AF-4B88-4A69-8B3A-1AE0352C7B02}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B220EB8A-0C4B-4CF3-969C-ACE6FCF9E594}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B364B5C0-1A39-47A5-A3BA-06A1C1C4F7F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B37D22E2-B32C-4637-8131-7D255E8A1718}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\arma 2\arma2.exe |
"{B4C273AC-E577-452E-91A0-44B4EDAA45BB}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{B83FD219-599B-491C-BC06-D077054451C7}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{B876554A-D530-4A61-B8B2-32963DD4A64B}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\ava\nwzlauncher.exe |
"{BB4100BB-5C00-49F8-A550-6465309E1B6C}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\metro last light\metroll.exe |
"{BE577139-0222-4764-B2B6-9DB64C8EE370}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\euro truck simulator 2 demo\bin\win_x86\eurotrucks2.exe |
"{C1F4E17F-00FD-4563-8ABC-F666E86E22DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C23BDF0D-9F31-4FC3-9EDE-53F3F215FDF1}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\metro last light\metroll.exe |
"{C5AB9CC3-795C-4418-BF6E-0B0C8AA0BE6C}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{C5E08E0A-EF0A-498A-89D8-7FC7364C5E57}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe |
"{C8DE47E3-376B-4EE5-BC2E-EE24F896FB9D}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013game.exe |
"{CA725E9C-18F4-464D-9024-9E1E18B41871}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CB4F3966-2FEE-46FD-BF62-3D372E6C3982}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{CBF0F93D-C85A-41E3-9ECC-BFC48A2298B6}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\team fortress 2\hl2.exe |
"{CC62CF35-D4BC-40CB-BE1C-7C29835502D0}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\company of heroes 2\reliccoh2.exe |
"{D095DF82-EFBC-4081-94AE-1A49DA6B1261}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D564EC9D-EFE1-475D-9853-3E93E0351A0E}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"{D9F0DF4B-F97C-40EE-85E1-1ED35697AF4E}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{DA3BE1C3-3AB9-45C0-92FB-0548AC992D52}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{DDA6E667-DD7D-4004-98FF-89D9F8BF5856}" = protocol=6 | dir=in | app=c:\users\flo\documents\arma 2\expansion\beta\arma2oa.exe |
"{DEEA29BF-6A66-4B23-BA65-0A7EBD49EA7D}" = protocol=6 | dir=in | app=e:\tobit radio.fx\client\rfx-client.exe |
"{DF5E8771-0F8C-48A6-9141-D5323473B406}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"{E8C03332-BD15-473A-B5AD-151A8515D1A4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E9FD1638-6309-4020-8BBE-40BCC7206C5D}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{F3DF9F2D-5B4E-4211-88ED-4BE1230087E2}" = protocol=17 | dir=in | app=e:\steam\steam.exe |
"TCP Query User{0AB84CE6-0B16-4230-B244-024A9E8F53DC}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{12471E7A-B97B-4C09-BE59-B53113B75218}E:\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=e:\far cry 2\bin\farcry2.exe |
"TCP Query User{54102408-CAF7-4FCA-AB7E-B4DBF096AA1E}C:\users\flo\appdata\local\play withsix\tools\mingw\bin\rsync.exe" = protocol=6 | dir=in | app=c:\users\flo\appdata\local\play withsix\tools\mingw\bin\rsync.exe |
"TCP Query User{7BDA2765-A217-49F3-8D5A-39E8FBAE4E4B}C:\users\flo\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\users\flo\documents\arma 2\expansion\beta\arma2oa.exe |
"TCP Query User{82C1810E-1A09-4D90-A7E8-7C0CF00585D0}C:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013game.exe |
"TCP Query User{82F0502F-66E2-44EF-B821-22137A4A2D73}E:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=e:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{ABA6DF7A-A025-4A2F-88B6-70ACB6D9B7CF}E:\steam\steamapps\common\counter-strike global offensive\csgo.exe" = protocol=6 | dir=in | app=e:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"TCP Query User{C0F0C5E1-4E09-4110-A5C0-DD77399E381D}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{DBFA0EE7-01B2-4824-8E78-A56D11A9E190}C:\program files (x86)\paranormal\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\paranormal\binaries\win32\udk.exe |
"TCP Query User{E16240BD-EB48-4F83-9402-36025AB92930}E:\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=e:\far cry 2\bin\farcry2.exe |
"TCP Query User{E7532A53-534F-4B16-BEEC-ACF2F18A7714}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{1247594E-885B-4F92-BE11-BFD1013C2B7B}C:\program files (x86)\paranormal\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\paranormal\binaries\win32\udk.exe |
"UDP Query User{2D9A5941-A13D-4E9E-8B00-60934565D434}E:\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=e:\far cry 2\bin\farcry2.exe |
"UDP Query User{33F8D4D1-DC7B-4297-8549-C7F1B9AF66B2}C:\users\flo\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\users\flo\documents\arma 2\expansion\beta\arma2oa.exe |
"UDP Query User{4A0E8ACE-7A2D-42CA-AD07-8E4FF468B9B2}C:\users\flo\appdata\local\play withsix\tools\mingw\bin\rsync.exe" = protocol=17 | dir=in | app=c:\users\flo\appdata\local\play withsix\tools\mingw\bin\rsync.exe |
"UDP Query User{4D9B4BAD-E0B1-4E7A-945F-40CBE63B2475}E:\steam\steamapps\common\counter-strike global offensive\csgo.exe" = protocol=17 | dir=in | app=e:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"UDP Query User{54953C63-A2C7-43B3-8841-3A23F4466585}E:\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=e:\far cry 2\bin\farcry2.exe |
"UDP Query User{5D3C1B8C-EBB6-4268-9273-3B7F271C1E74}C:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013game.exe |
"UDP Query User{61517BDB-484B-4661-BC12-7A80A7DD816C}E:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=e:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{82E23AB6-25B2-44B1-ABBB-BBD3C6F06EEB}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{9129EB54-4F3E-4B52-9144-C2CB0540FB6A}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{E1F1254A-46D2-4FEC-ADEF-443C54A8952C}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2C973507-60CA-44D0-A63B-28E8F77417F1}" = MagniPic
"{2FD0FA0A-7A21-4C4A-B268-1142B54E035E}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EEC477F-8E9B-4420-8829-16E7426227DB}" = Windows Live MIME IFilter
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6F29F195-B11C-3EAD-B883-997BB29DFA17}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"C-Media Oxygen HD Audio Driver" = ASUS Xonar DG Audio Driver
"Logitech Gaming Software" = Logitech Gaming Software 8.46
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UDK-465701f6-1e9e-4115-ac28-2730315a16e5" = My Game Long Name
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0ACC2993-2058-4BE7-9A92-9DCDAA9B3412}" = LogMeIn Hamachi
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FD66C6F-4023-4C74-AF8E-9B8B2053868E}" = Fotogalerie
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 6.5
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1" = Euro Truck Simulator 2
"{1EFB835F-DD75-48EC-BB3D-1A71CF604457}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22C58DA3-FA02-4DD3-8C5B-23570411E95B}" = Windows Live Writer Resources
"{23B93929-FAD4-40E5-96C6-0E977BB87204}" = Windows Live Essentials
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = TP-LINK Wireless Client Installation Program
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{46BADE08-F9BE-4365-8B91-11FDCE73FF9D}" = Windows Live Family Safety
"{49DC9658-D26A-4AAB-A83A-2655B8033056}" = Photo Common
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{6066D3FE-3692-4449-A3C8-D1EAA2C0E9E7}" = Movie Maker
"{64AA3F94-ED4A-4A4B-B72C-B7A1481ED5D8}_is1" = Dual Monitor 1.22
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7ABA5F78-0EFE-4144-A918-1ACBC7552EC0}" = Citybus Simulator Munich
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}" = Windows Live Writer
"{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}" = Windows Live Messenger
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{CCC7C18E-1BEA-409F-B7A9-6C9740B99119}" = Windows Live UX Platform Language Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D29B0575-C3DE-4746-A893-4FDF0F7D68B2}" = Windows Live Mail
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{D7ECDD70-EBAB-42AD-8BE3-2F4D1CEC70A7}" = DayZ Commander
"{D7F3EEAD-183C-47DE-BDC5-593539573F97}" = Play withSIX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"{FC5F20C5-C44E-40DE-927C-4C7D7994912F}" = Windows Live Messenger
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Cheat Engine 6.3_is1" = Cheat Engine 6.3
"DAEMON Tools Lite" = DAEMON Tools Lite
"FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011
"FarmingSimulator2013DE_is1" = Landwirtschafts Simulator 2013
"FFsim" = Feuerwehr-Simulator 2010
"Fraps" = Fraps (remove only)
"LogMeIn Hamachi" = LogMeIn Hamachi
"MinecraftAlpha" = MinecraftAlpha
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"SP_008a99b9" =
"Steam App 12210" = Grand Theft Auto IV
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 219540" = Arma 2: Operation Arrowhead Beta
"Steam App 224580" = Arma 2: DayZ Mod
"Steam App 231120" = Euro Truck Simulator 2 Demo
"Steam App 231430" = Company of Heroes 2 – OPEN BETA
"Steam App 33910" = Arma 2
"Steam App 33930" = Arma 2: Operation Arrowhead
"Steam App 43160" = Metro: Last Light
"Steam App 440" = Team Fortress 2
"Steam App 730" = Counter-Strike: Global Offensive
"Tobit Radio.fx Server" = Radio.fx
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Haunt 1.0 64bit" = Haunt 1.0 64bit
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.06.2013 16:35:17 | Computer Name = Flo-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: t6zm.exe, Version: 1.0.0.1, Zeitstempel:
0x519c011a Name des fehlerhaften Moduls: t6zm.exe, Version: 1.0.0.1, Zeitstempel:
0x519c011a Ausnahmecode: 0xc0000005 Fehleroffset: 0x003487dc ID des fehlerhaften Prozesses:
0xe8c Startzeit der fehlerhaften Anwendung: 0x01ce6d2c45f4e8af Pfad der fehlerhaften
Anwendung: E:\Steam\steamapps\common\Call of Duty Black Ops II\t6zm.exe Pfad des
fehlerhaften Moduls: E:\Steam\steamapps\common\Call of Duty Black Ops II\t6zm.exe
Berichtskennung:
c0167503-d91f-11e2-a6f4-94de80602626
Error - 21.06.2013 18:54:56 | Computer Name = Flo-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: rundll32.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc637 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000028 Fehleroffset: 0x770bd7d8 ID des fehlerhaften
Prozesses: 0x1178 Startzeit der fehlerhaften Anwendung: 0x01ce6ed2591a4c99 Pfad der
fehlerhaften Anwendung: C:\Windows\SysWOW64\rundll32.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 970e2a5d-dac5-11e2-871b-94de80602626
Error - 23.06.2013 09:48:17 | Computer Name = Flo-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 6.5.0.158, Zeitstempel:
0x51acb4b8 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x04f97100 ID des fehlerhaften Prozesses:
0xcc4 Startzeit der fehlerhaften Anwendung: 0x01ce7016c086306a Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 8e3b4c94-dc0b-11e2-bbea-94de80602626
Error - 24.06.2013 16:54:11 | Computer Name = Flo-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: t6zm.exe, Version: 1.0.0.1, Zeitstempel:
0x519c011a Name des fehlerhaften Moduls: t6zm.exe, Version: 1.0.0.1, Zeitstempel:
0x519c011a Ausnahmecode: 0xc0000005 Fehleroffset: 0x00395df0 ID des fehlerhaften Prozesses:
0x12ec Startzeit der fehlerhaften Anwendung: 0x01ce711af3e8e4b1 Pfad der fehlerhaften
Anwendung: E:\Steam\steamapps\common\Call of Duty Black Ops II\t6zm.exe Pfad des
fehlerhaften Moduls: E:\Steam\steamapps\common\Call of Duty Black Ops II\t6zm.exe
Berichtskennung:
37f9a4e7-dd10-11e2-b7e9-94de80602626
Error - 25.06.2013 12:37:14 | Computer Name = Flo-PC | Source = Application Error | ID = 1000
Error - 27.06.2013 16:05:52 | Computer Name = Flo-PC | Source = Application Error
| ID = 1000
Description = Name der fehlerhaften Anwendung: rundll32.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc637
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000028
Fehleroffset: 0x7788d7d8
ID des fehlerhaften Prozesses: 0x1230
Startzeit der fehlerhaften Anwendung: 0x01ce7371b942893d
Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\rundll32.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: f7488fb6-df64-11e2-a559-94de80602626
Error - 01.07.2013 16:06:22 | Computer Name = Flo-PC | Source = Application Error
| ID = 1000
Description = Name der fehlerhaften Anwendung: t6mp.exe, Version: 1.0.0.1, Zeitstempel: 0x51c8f37d
Name des fehlerhaften Moduls: XAudio2_7.dll, Version: 9.29.1962.0, Zeitstempel: 0x4c0641e5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002526c
ID des fehlerhaften Prozesses: 0xe50
Startzeit der fehlerhaften Anwendung: 0x01ce76962f1766d9
Pfad der fehlerhaften Anwendung: E:\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
Pfad des fehlerhaften Moduls: C:\Windows\SysWow64\XAudio2_7.dll
Berichtskennung: b2da02b9-e289-11e2-aa03-94de80602626
Error - 01.07.2013 16:06:23 | Computer Name = Flo-PC | Source = Application Error
| ID = 1000
Description = Name der fehlerhaften Anwendung: t6mp.exe, Version: 1.0.0.1, Zeitstempel: 0x51c8f37d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0x80000026
Fehleroffset: 0x74d4c9f1
ID des fehlerhaften Prozesses: 0xe50
Startzeit der fehlerhaften Anwendung: 0x01ce76962f1766d9
Pfad der fehlerhaften Anwendung: E:\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: b3a237a7-e289-11e2-aa03-94de80602626
Error - 01.07.2013 17:05:03 | Computer Name = Flo-PC | Source = Application Error
| ID = 1000
Description = Name der fehlerhaften Anwendung: t6mp.exe, Version: 1.0.0.1, Zeitstempel: 0x51c8f37d
Name des fehlerhaften Moduls: d3d11.dll, Version: 6.2.9200.16570, Zeitstempel: 0x5153774d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0008eae6
ID des fehlerhaften Prozesses: 0xcd0
Startzeit der fehlerhaften Anwendung: 0x01ce7696de9da3c1
Pfad der fehlerhaften Anwendung: E:\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
Pfad des fehlerhaften Moduls: C:\Windows\system32\d3d11.dll
Berichtskennung: e57ee786-e291-11e2-8f44-94de80602626
Error - 03.07.2013 14:00:28 | Computer Name = Flo-PC | Source = RasClient | ID =
20227
Description =
Error - 03.07.2013 14:02:42 | Computer Name = Flo-PC | Source = Application Hang
| ID = 1002
Description = Programm avscan.exe, Version 13.6.0.1722 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 10f4
Startzeit: 01ce78162a8839c5
Endzeit: 60000
Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
Berichts-ID: 930cafb1-e40a-11e2-ac53-94de80602626
Error encountered while reading event logs.
< End of report >
[/Code] Bei der gmer.exe hat was nicht funktioniert : gmer.exe ist keine zulässige Win32 Anwendung Geändert von Flo1461 (03.07.2013 um 21:49 Uhr) |
Baum-Darstellung